Download to read offline
Authentication
- 1. Authentication(認証) Who uses OAuthAuthentication?
- 2. Type of Authentication Authentication≒ Login ● Username / Password ● Claim-Based Authentication ○ OpenID Connect, SAML, WS-Fed, OAuth 2.0
- 3. Claim Based Authentication Database Mr.Yamada (User) Web Service(RP/SP) ID Management Service (OP/IdP) Players
- 4. Claim Based Authentication Database Mr.Yamada (User) Web Service(RP/SP) ID Management Service (OP/IdP) Name:Taro Yamada Mail:yam@hde.com Age: 19 Yamada’s claim Hello Mr. Yamada!! ① ②
- 5. Claim Based Authentication Database Mr.Yamada (User) Web Service(RP/SP) ID Management Service (OP/IdP) Access Control Beer Please! No. You are 19. Too young!
- 6. Claim Based Authentication Climsshould be: ● Reliable ○ Not been modified ● Passed securely ○ From ID Management Server to Web Service ○ via User maybe.
- 7.
- 8. API Server OAuth Authentication Database Mr.Arakaki Bank of Samura ID Management Service Access token Who is it? It’s ArakakiHello Arakaki! ① ② ③④
- 9.
- 10. API Server OAuth Authentication Database Mr.Samura Music Store ID Management Service Modify! Arakaki’s Access token Who is it? It’s ArakakiHello Arakaki! ① ② ③④
- 11. Use OpenID Connect Webservice can verify access token(or code).
- 12. API Server OAuth →OpenID Connect Database Mr. Samura Music Store ID Management Service Access token ID token(JWT) Verification Failed! It’s a fake! Modify! Arakaki’s ID token ①
- 13. Use OpenID Connect OAuth2.0 is not an Authentication protocol. Use OpenID Connect for Authentication. It’s not a big change but pretty safe.