Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

edu-ID Mobile App for Smart Environments

511 views

Published on

This presentation provides a brief community update on the status of the Swiss edu-ID Mobile App project at the 2017 SWITCH edu-ID information workshop on 29. June 2017 at University of Berne.
It presents the use cases directly covered by the project as well as the reference architecture. It provides a bunch of links to the different resources related to the project.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

edu-ID Mobile App for Smart Environments

  1. 1. FHO Fachhochschule Ostschweiz edu-ID Mobile App for Smart Environments @phish108 @htwblc!
  2. 2. What happened so far … @phish108 @htwblc
  3. 3. Authorization is about Trust Organization Trusted User & App Store Trusted Mobile DeviceService Federation Untrusted Personal Data Internet @phish108 @htwblc
  4. 4. Use-case 1: Responsive Web-Apps (OpenID Connect / OAuth2 or SAML) @phish108 @htwblc Swiss Academic Domain (Organisation Trusted) University Server SWITCH Server Internet Mobile Device (User and App Store Trusted) EDUID Service Academic Service Web-App
  5. 5. @phish108 @htwblc Use-case 2: Integrated Service (AppAuth) Swiss Academic Domain (Organisation Trusted) Mobile Device (User and App Store Trusted) University Server SWITCH Server Internet EDUID Service Academic Service Web-Browser Third Party App IntegratedService
  6. 6. @phish108 @htwblc Use-case 3: EduID Mobile App (Token-agent assertions) Swiss Academic Domain (Organisation Trusted) University Server SWITCH Server Internet Mobile Device (User and App Store Trusted) EDUID Service (OIDC AP) Academic Service EDUID Mobile App (Trust & Token Agent) Third Party App ExtendedTrustDomain
  7. 7. @phish108 @htwblc EduID Mobile App Reference Architecture Swiss Academic Domain (Organisation Trusted) University Server SWITCH Server Internet Mobile Device (User and App Store Trusted) EDUID Service (OIDC AP) Academic Service EDUID Mobile App (Trust & Token Agent) Third Party App OAuth2 Access Token OAuth2 Access Token Authorization Request RFC 7521/7523 + RFC 7800 or App Auth RFC 7521/7523 + RFC 7800 via RedirectURL OIDC ID + OAuth2 Access Token RFC 7521/7523 + RFC 7800 + OIDC Scope OIDC ID + OAuth2 Access Token OAuth2 Access Token ACL Handling 1 234 5
  8. 8. @phish108 @htwblc EduID Mobile App Implementation Status Swiss Academic Domain (Organisation Trusted) University Server SWITCH Server Internet Mobile Device (User and App Store Trusted) EDUID Service (OIDC AP) Academic Service EDUID Mobile App (Trust & Token Agent) Third Party App OAuth2 Access Token OAuth2 Access Token Authorization Request RFC 7521/7523 + RFC 7800 or App Auth RFC 7521/7523 + RFC 7800 via RedirectURL OIDC ID + OAuth2 Access Token RFC 7521/7523 + RFC 7800 + OIDC Scope OIDC ID + OAuth2 Access Token OAuth2 Access Token ACL Handling 1 234 5 NAIL Integration iOS + Android Cordova Plugin Moodle OAuth2 + JWE Support OAuth2 & OIDC Full-Stack Service
  9. 9. Node-OIDC-Provider Integration with LDAP Backend Support • ES2017 + NodeJS 8 • LDAP-based User Management • LDAP-based Service/Federation Management • Separate Directory Organisation • Configurable Attribute Mapping • Full JOSE Support (strong JWE encryption covered) • OIDC certified - details at: github.com/panva/node-oidc-provider • OSS under MIT License @phish108 @htwblc OIDC Full Stack Implementation For all 3 Use-cases + Web-Service Integration
  10. 10. Further reading http://htw.ac/eduid-mobile @htwblc http://htw.ac/blc-blog FHO Fachhochschule Ostschweiz

×