Upcoming SlideShare
Open id connect claims idcon mini vol1
- 1. OpenID ConnectAggregated and Distributed Claims @ritou 2012/11/29 idcon mini Vol.1
- 2. 内容 仕様 ユースケース 意見交換 idcon mini Vol.1 - OpenID Connect Aggregated and Distributed Claims 2
- 3. 仕様 Normal Claims Claims that are directly asserted by the OpenID Provider. Aggregated Claims Claims that are asserted by a Claims Provider other than the OpenID Provider but are returned by OpenID Provider. Distributed Claims Claims that are asserted by a Claims Provider other than the OpenID Provider but are returned as references by the OpenID Provider. idcon mini Vol.1 - OpenID Connect Aggregated and Distributed Claims 3
- 4. idcon mini Vol.1 - OpenID Connect Aggregated and Distributed Claims 4
- 5. Aggregated Claimsidcon mini Vol.1 - OpenID Connect Aggregated and Distributed Claims 5
- 6. Distributed Claimsidcon mini Vol.1 - OpenID Connect Aggregated and Distributed Claims 6
- 7. Aggregated Claims OPが別のClaims Providerから受け取ってい OPはJWT形式でUserInfoレスポンスに含む たClaims {{ "name": "Jane Doe", "address": { … "street_address": "1234 Hollywood Blvd.", "_claim_names": { "locality": "Los Angeles", "address": "src1", "region": "CA", "phone_number": "src1“ "postal_code": "90210", }, "country": “US"}, "_claim_sources": { "phone_number": "+1 (310) 123-4567" "src1": {"JWT":} "jwt_header.jwt_part2.jwt_part3"} } } idcon mini Vol.1 - OpenID Connect Aggregated and Distributed Claims 7
- 8. Distributed Claims OPが別のClaims Providerから受け取ってい OPはEndpoint, AccessTokenをUserInfoレスポ たClaims ンスに含む例:公開情報 {…{ "_claim_names": { "address": { "address": "src1", "street_address": "1234 Hollywood Blvd.", “credit_score": "src2“ "locality": "Los Angeles", }, "region": "CA", "_claim_sources": { "postal_code": "90210", "src1": {"endpoint": "https://addressbook.example.com/claims"}, "country": “US"},} "src2": {"endpoint": "https://credit.example.com/claims",例:非公開情報 "access_token": "ksj3n283dke"}{"credit_score": "650"} } } idcon mini Vol.1 - OpenID Connect Aggregated and Distributed Claims 8
- 9. 特徴 Aggregated Claims OPが動的に取得もしくはキャッシュしておく RPは一度のリソースアクセスで取得可能 Distributed Claims OPはクレームの値を直接扱わない OPはアクセスしようとおもえばできる センシティブな情報を扱うのに適している? RPは複数のリソースアクセスが必要 idcon mini Vol.1 - OpenID Connect Aggregated and Distributed Claims 9
- 10. ユースケース : 多段 OpenID Connect idcon mini Vol.1 - OpenID Connect Aggregated and Distributed Claims 10
- 11. ユースケースは他にもありそう 企業内のシステム連携? 人事データ、外部ASPサービス、個人のスケジュールやタスクとの連携 idcon mini Vol.1 - OpenID Connect Aggregated and Distributed Claims 11
- 12. 意見交換タイム idcon mini Vol.1 - OpenID Connect Aggregated and Distributed Claims 12
Be the first to comment