Just for you: FREE 60-day trial to the world’s largest digital library.
The SlideShare family just got bigger. Enjoy access to millions of ebooks, audiobooks, magazines, and more from Scribd.
Cancel anytime.More Related Content
Related Books
Free with a 14 day trial from Scribd
Open id connect claims idcon mini vol1
- 1. OpenID Connect Aggregated and Distributed Claims @ritou 2012/11/29 idcon mini Vol.1
- 2. 内容 仕様 ユースケース 意見交換 idcon mini Vol.1 - OpenID Connect Aggregated and Distributed Claims 2
- 3. 仕様 Normal Claims Claims that are directly asserted by the OpenID Provider. Aggregated Claims Claims that are asserted by a Claims Provider other than the OpenID Provider but are returned by OpenID Provider. Distributed Claims Claims that are asserted by a Claims Provider other than the OpenID Provider but are returned as references by the OpenID Provider. idcon mini Vol.1 - OpenID Connect Aggregated and Distributed Claims 3
- 4. idcon mini Vol.1 - OpenID Connect Aggregated and Distributed Claims 4
- 5. Aggregated Claims idcon mini Vol.1 - OpenID Connect Aggregated and Distributed Claims 5
- 6. Distributed Claims idcon mini Vol.1 - OpenID Connect Aggregated and Distributed Claims 6
- 7. Aggregated Claims OPが別のClaims Providerから受け取ってい OPはJWT形式でUserInfoレスポンスに含む たClaims { { "name": "Jane Doe", "address": { … "street_address": "1234 Hollywood Blvd.", "_claim_names": { "locality": "Los Angeles", "address": "src1", "region": "CA", "phone_number": "src1“ "postal_code": "90210", }, "country": “US"}, "_claim_sources": { "phone_number": "+1 (310) 123-4567" "src1": {"JWT": } "jwt_header.jwt_part2.jwt_part3"} } } idcon mini Vol.1 - OpenID Connect Aggregated and Distributed Claims 7
- 8. Distributed Claims OPが別のClaims Providerから受け取ってい OPはEndpoint, AccessTokenをUserInfoレスポ たClaims ンスに含む 例:公開情報 {… { "_claim_names": { "address": { "address": "src1", "street_address": "1234 Hollywood Blvd.", “credit_score": "src2“ "locality": "Los Angeles", }, "region": "CA", "_claim_sources": { "postal_code": "90210", "src1": {"endpoint": "https://addressbook.example.com/claims"}, "country": “US"}, } "src2": {"endpoint": "https://credit.example.com/claims", 例:非公開情報 "access_token": "ksj3n283dke"} {"credit_score": "650"} } } idcon mini Vol.1 - OpenID Connect Aggregated and Distributed Claims 8
- 9. 特徴 Aggregated Claims OPが動的に取得もしくはキャッシュしておく RPは一度のリソースアクセスで取得可能 Distributed Claims OPはクレームの値を直接扱わない OPはアクセスしようとおもえばできる センシティブな情報を扱うのに適している? RPは複数のリソースアクセスが必要 idcon mini Vol.1 - OpenID Connect Aggregated and Distributed Claims 9
- 10. ユースケース : 多段 OpenID Connect idcon mini Vol.1 - OpenID Connect Aggregated and Distributed Claims 10
- 11. ユースケースは他にもありそう 企業内のシステム連携? 人事データ、外部ASPサービス、個人のスケジュールやタスクとの連携 idcon mini Vol.1 - OpenID Connect Aggregated and Distributed Claims 11
- 12. 意見交換タイム idcon mini Vol.1 - OpenID Connect Aggregated and Distributed Claims 12