Open id connect claims idcon mini vol1
Report
Ryo ItoFollow
Nov. 21, 2012•0 likes•2,370 views
1 likes
Be the first to like this
Show More
views
Total views
0
On Slideshare
0
From embeds
0
Number of embeds
0
Check these out next
Open id connect claims idcon mini vol1
Nov. 21, 2012•0 likes•2,370 views
1 likes
Be the first to like this
Show More
views
Total views
0
On Slideshare
0
From embeds
0
Number of embeds
0
Report
Technology
idcom mini Vol.1で頭だしをするための資料
Ryo ItoFollow
Recommended
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tkNov Matake
OAuth 2.0 Updates #technightNov Matake
OpenID Connect 1.0 ExplainedEugene Siow
Mit 2014 introduction to open id connect and o-auth 2Justin Richer
Sign in with Apple Nov Matake
OpenID Connect ExplainedVladimir Dzhuvinov
Open id connect claims idcon mini vol1
- OpenID Connect Aggregated and Distributed Claims @ritou 2012/11/29 idcon mini Vol.1
- 内容 仕様 ユースケース 意見交換 idcon mini Vol.1 - OpenID Connect Aggregated and Distributed Claims 2
- 仕様 Normal Claims Claims that are directly asserted by the OpenID Provider. Aggregated Claims Claims that are asserted by a Claims Provider other than the OpenID Provider but are returned by OpenID Provider. Distributed Claims Claims that are asserted by a Claims Provider other than the OpenID Provider but are returned as references by the OpenID Provider. idcon mini Vol.1 - OpenID Connect Aggregated and Distributed Claims 3
- idcon mini Vol.1 - OpenID Connect Aggregated and Distributed Claims 4
- Aggregated Claims idcon mini Vol.1 - OpenID Connect Aggregated and Distributed Claims 5
- Distributed Claims idcon mini Vol.1 - OpenID Connect Aggregated and Distributed Claims 6
- Aggregated Claims OPが別のClaims Providerから受け取ってい OPはJWT形式でUserInfoレスポンスに含む たClaims { { "name": "Jane Doe", "address": { … "street_address": "1234 Hollywood Blvd.", "_claim_names": { "locality": "Los Angeles", "address": "src1", "region": "CA", "phone_number": "src1“ "postal_code": "90210", }, "country": “US"}, "_claim_sources": { "phone_number": "+1 (310) 123-4567" "src1": {"JWT": } "jwt_header.jwt_part2.jwt_part3"} } } idcon mini Vol.1 - OpenID Connect Aggregated and Distributed Claims 7
- Distributed Claims OPが別のClaims Providerから受け取ってい OPはEndpoint, AccessTokenをUserInfoレスポ たClaims ンスに含む 例:公開情報 {… { "_claim_names": { "address": { "address": "src1", "street_address": "1234 Hollywood Blvd.", “credit_score": "src2“ "locality": "Los Angeles", }, "region": "CA", "_claim_sources": { "postal_code": "90210", "src1": {"endpoint": "https://addressbook.example.com/claims"}, "country": “US"}, } "src2": {"endpoint": "https://credit.example.com/claims", 例:非公開情報 "access_token": "ksj3n283dke"} {"credit_score": "650"} } } idcon mini Vol.1 - OpenID Connect Aggregated and Distributed Claims 8
- 特徴 Aggregated Claims OPが動的に取得もしくはキャッシュしておく RPは一度のリソースアクセスで取得可能 Distributed Claims OPはクレームの値を直接扱わない OPはアクセスしようとおもえばできる センシティブな情報を扱うのに適している? RPは複数のリソースアクセスが必要 idcon mini Vol.1 - OpenID Connect Aggregated and Distributed Claims 9
- ユースケース : 多段 OpenID Connect idcon mini Vol.1 - OpenID Connect Aggregated and Distributed Claims 10
- ユースケースは他にもありそう 企業内のシステム連携? 人事データ、外部ASPサービス、個人のスケジュールやタスクとの連携 idcon mini Vol.1 - OpenID Connect Aggregated and Distributed Claims 11
- 意見交換タイム idcon mini Vol.1 - OpenID Connect Aggregated and Distributed Claims 12