@novIdentity in Your Device
OS, Browser, Mobile Apps
Self-Issued OpenID ProviderPersonal OP that issues self-signed ID TokensNo central IdP serversDefined in OpenID Connect Mes...
1) Launches “openid://?client_id=client://callback&..”No discovery (static OP config)No client registration (client_id = re...
Static OP Config
The sub (subject) Claim value isthe base64url encoded SHA-256 hash ofthe concatenation of the bytes ofthe UTF-8 representa...
JWK - JSON Web Key
“sub” calculated from JWKHash of them
Self-Issued ID Token
Device specific key pair↓Device specific ID Token
No verified emailsNo verified profile
Holder of Key
twitter.com/novslideshare.net/matakegithub.com/nov
Self isssued-idp
Upcoming SlideShare
Loading in …5
×

Self isssued-idp

1,479 views

Published on

0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,479
On SlideShare
0
From Embeds
0
Number of Embeds
10
Actions
Shares
0
Downloads
4
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

Self isssued-idp

  1. 1. @novIdentity in Your Device
  2. 2. OS, Browser, Mobile Apps
  3. 3. Self-Issued OpenID ProviderPersonal OP that issues self-signed ID TokensNo central IdP serversDefined in OpenID Connect Messageshttp://j.mp/self-issuedAvailable any apps / devices with secure stragee.g. iOS app with Keychain
  4. 4. 1) Launches “openid://?client_id=client://callback&..”No discovery (static OP config)No client registration (client_id = redirect_uri)2) End-user approval3) Self-issued ID Token generationGenerate RSA key pair on the device (only once)“sub” is automatically calculated by the public key4) Back to “client://callback#id_token=...”No API available, thus No Access Token5) ID Token Verification
  5. 5. Static OP Config
  6. 6. The sub (subject) Claim value isthe base64url encoded SHA-256 hash ofthe concatenation of the bytes ofthe UTF-8 representations ofthe base64url encoded key valuesin the sub_jwk Claim.OpenID Connect Messagesdra,18 Section 6.5
  7. 7. JWK - JSON Web Key
  8. 8. “sub” calculated from JWKHash of them
  9. 9. Self-Issued ID Token
  10. 10. Device specific key pair↓Device specific ID Token
  11. 11. No verified emailsNo verified profile
  12. 12. Holder of Key
  13. 13. twitter.com/novslideshare.net/matakegithub.com/nov

×