SlideShare a Scribd company logo

CIS13: Hope or Hype: A Look at the Next Generation of Identity Standards

CloudIDSummit
CloudIDSummit

Brian Campbell, Senior Researcher, Ping Identity OpenID Connect, OAuth, JOSE and JWT may be the new kids on the block, but many experts and visionaries have already anointed them to replace SAML. Is the wheel being needlessly reinvented or is genuine progress on the horizon?

TechnologyBusiness
1 of 22
Download to read offline
Brian Campbell CIS Napa July 2013 @__b_cbackground and layout of slides specially designed for @lpeterman & @NishantK
http://flic.kr/s/aHsjziVAwV
http://flic.kr/s/aHsjAP3nKo
SAML is DEAD! * http://www.linkedin.com/in/burtonian SAML @craigburton
WTF “SAML is dead”? I’ve got a mortgage to pay… *Disclaimer: I work with these guys at Ping But I just started this job! @paulmadsen @ian13550
*http://blogs.kuppingercole.com/kearns/2012/07/31/the-death-and-life-of-a-protocol/ * @dak3
•  OpenID Connect •  simple JSON/REST-based interoperable identity protocol built on top of the OAuth 2.0 family of specifications. •  design philosophy: “make simple things simple and make complicated things possible.” •  Wins 2012 European Identity and Cloud Award •  “OpenID Connect the award[ed] Best Innovation/New Standard this year. What’s most impressive is that this elegantly simple design resulted from the cooperation of such a diverse global set of contributors. I expect OpenID Connect to have a substantial positive impact on usable, secure identity solutions both for traditional computing platforms and mobile devices. My congratulations to the OpenID Foundation!” - Dave Kearns •  “spurs global economic growth by enabling simple and secure exchange of verified attributes from multiple sources at Internet scale.” http://openid.net/2012/04/18/openid-connect-wins-2012-european-identity-and-cloud-award/
May, 2010: Conceptual Debut of Connect time elapses February, 2012: 1st Implementer’s Drafts March 2012 time elapses May, 2013: 2nd Implementer’s Drafts …? https://twitter.com/__b_c/status/181884679513833473 three nerds holding a blurry piece of paper... *Disclaimer: this guy also ‘works’ for Ping And I know these guys reasonably well from various initiatives http://www.thread-safe.com/2012/04/openid-connect-wins-2012-european.html “The OpenID Connect specifications are expected to be completed in the second half of 2012.” @selfissued @_nat_en @ve7jtb
*I did actually receive permission to use this photo @JasonABonds
Client Resource Server Get an access token Authorization Server Authorization Endpoint Token Endpoint Important Stuff Where the magic happens
Discovery Client Relying Party Resource Server Get an access token & an ID Token (JWT) Use an access token Authorization Server Identity Provider or IDP or OpenID Provider or OP Authorization Endpoint Token Endpoint Important Stuff Userinfo Endpoint Registration Endpoint JWKS Endpoint JWKS Endpoint Validate (JWT) ID Token /.well-known /webfinger /openid-configuration Check Session IFrame End Session Endpoint
The  JWT   eyJraWQiOiI1IiwiYWxnIjoiRVMyNTYifQ.eyJpc3MiOiJodHRwczpcL1wvaWRwLmV4YW1wbGUuY29tIiwKImV 4cCI6MTM1NzI1NTc4OCwKImF1ZCI6Imh0dHBzOlwvXC9zcC5leGFtcGxlLm9yZyIsCiJqdGkiOiJ0bVl2WVZVM ng4THZONzJCNVFfRWFjSC5fNUEiLAoiYWNyIjoiMiIsCiJzdWIiOiJCcmlhbiJ9.SbPJIx_JSRM1wluioY0Svf ykKWK_yK4LO0BKBiESHu0GUGwikgC8iPrv8qnVkIK1aljVMXcbgYnZixZJ5UOArg   The  Header   {"kid":"5","alg":"ES256"}   The  Payload   {"iss":"https://idp.example.com",   "exp":1357255788,   "aud":"https://sp.example.org",   "jti":"tmYvYVU2x8LvN72B5Q_EacH._5A",   "acr":"2",   "sub":"Brian"}   The  Signature   [computery  junk]  
eyJraWQiOiI1IiwiYWxnIjoiRVMyNTYifQ.eyJpc3MiOiJodHRwczpcL1wvaWRwLmV4YW1wbGUuY29tIiwKImV4cCI6MTM1NzI1NTc4OCwKImF1ZCI6Imh0dHBzOlwvXC9zcC5 leGFtcGxlLm9yZyIsCiJqdGkiOiJ0bVl2WVZVMng4THZONzJCNVFfRWFjSC5fNUEiLAoiYWNyIjoiMiIsCiJzdWIiOiJCcmlhbiJ9.SbPJIx_JSRM1wluioY0SvfykKWK_yK4L O0BKBiESHu0GUGwikgC8iPrv8qnVkIK1aljVMXcbgYnZixZJ5UOArg       <Assertion  Version="2.0"  IssueInstant="2013-­‐01-­‐03T23:34:38.546Z”  ID="oPm.DxOqT3ZZi83IwuVr3x83xlr"      xmlns="urn:oasis:names:tc:SAML:2.0:assertion”  xmlns:ds="http://www.w3.org/2000/09/xmldsig#">      <Issuer>https://idp.example.com</Issuer>      <ds:Signature>          <ds:SignedInfo>              <ds:CanonicalizationMethod  Algorithm="http://www.w3.org/2001/10/xml-­‐exc-­‐c14n#"/>              <ds:SignatureMethod  Algorithm="http://www.w3.org/2001/04/xmldsig-­‐more#ecdsa-­‐sha256"/>              <ds:Reference  URI="#oPm.DxOqT3ZZi83IwuVr3x83xlr">                  <ds:Transforms>                      <ds:Transform  Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-­‐signature"/>                      <ds:Transform  Algorithm="http://www.w3.org/2001/10/xml-­‐exc-­‐c14n#"/>                  </ds:Transforms>                  <ds:DigestMethod  Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>                  <ds:DigestValue>8JT03jjlsqBgXhStxmDhs2zlCPsgMkMTC1lIK9g7e0o=</ds:DigestValue>              </ds:Reference>          </ds:SignedInfo>          <ds:SignatureValue>SAXf8eCmTjuhV742blyvLvVumZJ+TqiG3eMsRDUQU8RnNSspZzNJ8MOUwffkT6kvAR3BXeVzob5p08jsb99UJQ==</ds:SignatureValue>      </ds:Signature>      <Subject>          <NameID  Format="urn:oasis:names:tc:SAML:1.1:nameid-­‐format:unspecified">Brian</NameID>          <SubjectConfirmation  Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">              <SubjectConfirmationData  NotOnOrAfter="2013-­‐01-­‐03T23:39:38.552Z"  Recipient="https://sp.example.org"/>          </SubjectConfirmation>      </Subject>      <Conditions  NotOnOrAfter="2013-­‐01-­‐03T23:39:38.552Z"  NotBefore="2013-­‐01-­‐03T23:29:38.552Z">          <AudienceRestriction>              <Audience>https://sp.example.org</Audience>          </AudienceRestriction>      </Conditions>      <AuthnStatement  AuthnInstant="2013-­‐01-­‐03T23:34:38.483Z"  SessionIndex="oPm.DxOqT3ZZi83IwuVr3x83xlr">          <AuthnContext>              <AuthnContextClassRef>2</AuthnContextClassRef>          </AuthnContext>      </AuthnStatement>   </Assertion>  
* http://www.google.com/about/appsecurity/hall-of-fame/reward/
JWT/JWS  Header   {"kid":"5",   "alg":"ES256"}   {"keys":[ {"kty":"EC", "kid":"4", "x":"LX-7aQn7RAx3jDDTioNssbODUfED_6XvZP8NsGzMlRo", "y":"dJbHEoeWzezPYuz6qjKJoRVLks7X8-BJXbewfyoJQ-A", "crv":"P-256"}, {"kty":"EC", "kid":"5", "x":"f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU", "y":"x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0", "crv":"P-256"}, {"kty":"EC", "kid":"6", "x":"J8z237wci2YJAzArSdWIj4OgrOCCfuZ18WI77jsiS00", "y":"5tTxvax8aRMMJ4unKdKsV0wcf3pOI3OG771gOa45wBU", "crv":"P-256"} ]}
Brian Campbell CIS Napa July 2013 @__b_c
SAML Any Questions? Brian Campbell CIS Napa July 2013 @__b_c

Recommended

CIS13: Identity at Scale
CIS13: Identity at ScaleCIS13: Identity at Scale
CIS13: Identity at ScaleCloudIDSummit
 
2016 04-26 webinar - consumer-focused identity management
2016 04-26 webinar - consumer-focused identity management2016 04-26 webinar - consumer-focused identity management
2016 04-26 webinar - consumer-focused identity managementshivan82
 
CIS13: Identity Trends and Transients
CIS13: Identity Trends and TransientsCIS13: Identity Trends and Transients
CIS13: Identity Trends and TransientsCloudIDSummit
 
Consumer Identity Management
Consumer Identity ManagementConsumer Identity Management
Consumer Identity Managementwebhostingguy
 
CIS13: OpenID Connect: How it Solves your Problems
CIS13: OpenID Connect: How it Solves your ProblemsCIS13: OpenID Connect: How it Solves your Problems
CIS13: OpenID Connect: How it Solves your ProblemsCloudIDSummit
 
Push, Pull, or Punt - Identity management tug-of-war: Then, Now, and Beyond
Push, Pull, or Punt - Identity management tug-of-war: Then, Now, and BeyondPush, Pull, or Punt - Identity management tug-of-war: Then, Now, and Beyond
Push, Pull, or Punt - Identity management tug-of-war: Then, Now, and BeyondIan Glazer
 
Hope or Hype: A Look at the Next Generation of Identity Standards
Hope or Hype: A Look at the Next Generation of Identity StandardsHope or Hype: A Look at the Next Generation of Identity Standards
Hope or Hype: A Look at the Next Generation of Identity StandardsBrian Campbell
 
2019 GDRR: Blockchain Data Analytics - Machine Learning in/for Blockchain: Fu...
2019 GDRR: Blockchain Data Analytics - Machine Learning in/for Blockchain: Fu...2019 GDRR: Blockchain Data Analytics - Machine Learning in/for Blockchain: Fu...
2019 GDRR: Blockchain Data Analytics - Machine Learning in/for Blockchain: Fu...The Statistical and Applied Mathematical Sciences Institute
 

Recommended

CIS13: Identity at Scale
CIS13: Identity at ScaleCIS13: Identity at Scale
CIS13: Identity at ScaleCloudIDSummit
 
2016 04-26 webinar - consumer-focused identity management
2016 04-26 webinar - consumer-focused identity management2016 04-26 webinar - consumer-focused identity management
2016 04-26 webinar - consumer-focused identity managementshivan82
 
CIS13: Identity Trends and Transients
CIS13: Identity Trends and TransientsCIS13: Identity Trends and Transients
CIS13: Identity Trends and TransientsCloudIDSummit
 
Consumer Identity Management
Consumer Identity ManagementConsumer Identity Management
Consumer Identity Managementwebhostingguy
 
CIS13: OpenID Connect: How it Solves your Problems
CIS13: OpenID Connect: How it Solves your ProblemsCIS13: OpenID Connect: How it Solves your Problems
CIS13: OpenID Connect: How it Solves your ProblemsCloudIDSummit
 
Push, Pull, or Punt - Identity management tug-of-war: Then, Now, and Beyond
Push, Pull, or Punt - Identity management tug-of-war: Then, Now, and BeyondPush, Pull, or Punt - Identity management tug-of-war: Then, Now, and Beyond
Push, Pull, or Punt - Identity management tug-of-war: Then, Now, and BeyondIan Glazer
 
Hope or Hype: A Look at the Next Generation of Identity Standards
Hope or Hype: A Look at the Next Generation of Identity StandardsHope or Hype: A Look at the Next Generation of Identity Standards
Hope or Hype: A Look at the Next Generation of Identity StandardsBrian Campbell
 
2019 GDRR: Blockchain Data Analytics - Machine Learning in/for Blockchain: Fu...
2019 GDRR: Blockchain Data Analytics - Machine Learning in/for Blockchain: Fu...2019 GDRR: Blockchain Data Analytics - Machine Learning in/for Blockchain: Fu...
2019 GDRR: Blockchain Data Analytics - Machine Learning in/for Blockchain: Fu...The Statistical and Applied Mathematical Sciences Institute
 
Hacking BLE Bicycle Locks for Fun and a Small Profit
Hacking BLE Bicycle Locks for Fun and a Small ProfitHacking BLE Bicycle Locks for Fun and a Small Profit
Hacking BLE Bicycle Locks for Fun and a Small ProfitPriyanka Aash
 
Avinash Kuma1
Avinash Kuma1Avinash Kuma1
Avinash Kuma1avinash1307
 
Edge trends mizuno-template
Edge trends mizuno-templateEdge trends mizuno-template
Edge trends mizuno-templateshintaro mizuno
 
Foreman Single Sign-On Made Easy with Keycloak
Foreman Single Sign-On Made Easy with KeycloakForeman Single Sign-On Made Easy with Keycloak
Foreman Single Sign-On Made Easy with KeycloakNikhil Kathole
 
Introductions of Messaging bot 做聊天機器人
Introductions of Messaging bot 做聊天機器人Introductions of Messaging bot 做聊天機器人
Introductions of Messaging bot 做聊天機器人Johnny Sung
 
zqtn req 16 Spet 2012
zqtn req 16 Spet 2012zqtn req 16 Spet 2012
zqtn req 16 Spet 2012Bhanu Srivastava
 
Speed Matters!
Speed Matters!Speed Matters!
Speed Matters!Andy Davies
 
Experiences in ELK with D3.js for Large Log Analysis and Visualization
Experiences in ELK with D3.js for Large Log Analysis and VisualizationExperiences in ELK with D3.js for Large Log Analysis and Visualization
Experiences in ELK with D3.js for Large Log Analysis and VisualizationSurasak Sanguanpong
 
What’s New With 3D Design and Printing?
What’s New With 3D Design and Printing?What’s New With 3D Design and Printing?
What’s New With 3D Design and Printing?St. Petersburg College
 
The Devil and HTML5
The Devil and HTML5The Devil and HTML5
The Devil and HTML5Myles Braithwaite
 
I Am DevOps (And So Can You)
I Am DevOps (And So Can You)I Am DevOps (And So Can You)
I Am DevOps (And So Can You)bridgetkromhout
 
Xircd Yapcasia2008
Xircd Yapcasia2008Xircd Yapcasia2008
Xircd Yapcasia2008kan
 
CEI Email 3.14.03
CEI Email 3.14.03CEI Email 3.14.03
CEI Email 3.14.03Obama White House
 
Conexión Persuasiva (persuasión)
Conexión Persuasiva (persuasión)Conexión Persuasiva (persuasión)
Conexión Persuasiva (persuasión)Gemma Casals
 
Introducing Intelligence Into Your Malware Analysis
Introducing Intelligence Into Your Malware AnalysisIntroducing Intelligence Into Your Malware Analysis
Introducing Intelligence Into Your Malware AnalysisBrian Baskin
 
Semiconductores
SemiconductoresSemiconductores
Semiconductores미구 천사
 
A look inside the European Covid Green Certificate - Rust Dublin
A look inside the European Covid Green Certificate - Rust DublinA look inside the European Covid Green Certificate - Rust Dublin
A look inside the European Covid Green Certificate - Rust DublinLuciano Mammino
 
Ruby Robots
Ruby RobotsRuby Robots
Ruby RobotsDaniel Cukier
 
La computadoras
La computadorasLa computadoras
La computadorasAngelGabriel03
 
Jose A. Briones Tweets Archive 3-29-2009 to 2-19-2013
Jose A. Briones Tweets Archive 3-29-2009 to 2-19-2013Jose A. Briones Tweets Archive 3-29-2009 to 2-19-2013
Jose A. Briones Tweets Archive 3-29-2009 to 2-19-2013Jose Briones
 
CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content HighlightsCloudIDSummit
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016CloudIDSummit
 

More Related Content

Similar to CIS13: Hope or Hype: A Look at the Next Generation of Identity Standards

Hacking BLE Bicycle Locks for Fun and a Small Profit
Hacking BLE Bicycle Locks for Fun and a Small ProfitHacking BLE Bicycle Locks for Fun and a Small Profit
Hacking BLE Bicycle Locks for Fun and a Small ProfitPriyanka Aash
 
Edge trends mizuno-template
Edge trends mizuno-templateEdge trends mizuno-template
Edge trends mizuno-templateshintaro mizuno
 
Foreman Single Sign-On Made Easy with Keycloak
Foreman Single Sign-On Made Easy with KeycloakForeman Single Sign-On Made Easy with Keycloak
Foreman Single Sign-On Made Easy with KeycloakNikhil Kathole
 
Introductions of Messaging bot 做聊天機器人
Introductions of Messaging bot 做聊天機器人Introductions of Messaging bot 做聊天機器人
Introductions of Messaging bot 做聊天機器人Johnny Sung
 
Experiences in ELK with D3.js for Large Log Analysis and Visualization
Experiences in ELK with D3.js for Large Log Analysis and VisualizationExperiences in ELK with D3.js for Large Log Analysis and Visualization
Experiences in ELK with D3.js for Large Log Analysis and VisualizationSurasak Sanguanpong
 
What’s New With 3D Design and Printing?
What’s New With 3D Design and Printing?What’s New With 3D Design and Printing?
What’s New With 3D Design and Printing?St. Petersburg College
 
I Am DevOps (And So Can You)
I Am DevOps (And So Can You)I Am DevOps (And So Can You)
I Am DevOps (And So Can You)bridgetkromhout
 
Xircd Yapcasia2008
Xircd Yapcasia2008Xircd Yapcasia2008
Xircd Yapcasia2008kan
 
Conexión Persuasiva (persuasión)
Conexión Persuasiva (persuasión)Conexión Persuasiva (persuasión)
Conexión Persuasiva (persuasión)Gemma Casals
 
Introducing Intelligence Into Your Malware Analysis
Introducing Intelligence Into Your Malware AnalysisIntroducing Intelligence Into Your Malware Analysis
Introducing Intelligence Into Your Malware AnalysisBrian Baskin
 
A look inside the European Covid Green Certificate - Rust Dublin
A look inside the European Covid Green Certificate - Rust DublinA look inside the European Covid Green Certificate - Rust Dublin
A look inside the European Covid Green Certificate - Rust DublinLuciano Mammino
 
Jose A. Briones Tweets Archive 3-29-2009 to 2-19-2013
Jose A. Briones Tweets Archive 3-29-2009 to 2-19-2013Jose A. Briones Tweets Archive 3-29-2009 to 2-19-2013
Jose A. Briones Tweets Archive 3-29-2009 to 2-19-2013Jose Briones
 

Similar to CIS13: Hope or Hype: A Look at the Next Generation of Identity Standards (20)

Hacking BLE Bicycle Locks for Fun and a Small Profit
Hacking BLE Bicycle Locks for Fun and a Small ProfitHacking BLE Bicycle Locks for Fun and a Small Profit
Hacking BLE Bicycle Locks for Fun and a Small Profit
 
Avinash Kuma1
Avinash Kuma1Avinash Kuma1
Avinash Kuma1
 
Edge trends mizuno-template
Edge trends mizuno-templateEdge trends mizuno-template
Edge trends mizuno-template
 
Foreman Single Sign-On Made Easy with Keycloak
Foreman Single Sign-On Made Easy with KeycloakForeman Single Sign-On Made Easy with Keycloak
Foreman Single Sign-On Made Easy with Keycloak
 
Introductions of Messaging bot 做聊天機器人
Introductions of Messaging bot 做聊天機器人Introductions of Messaging bot 做聊天機器人
Introductions of Messaging bot 做聊天機器人
 
zqtn req 16 Spet 2012
zqtn req 16 Spet 2012zqtn req 16 Spet 2012
zqtn req 16 Spet 2012
 
Speed Matters!
Speed Matters!Speed Matters!
Speed Matters!
 
Experiences in ELK with D3.js for Large Log Analysis and Visualization
Experiences in ELK with D3.js for Large Log Analysis and VisualizationExperiences in ELK with D3.js for Large Log Analysis and Visualization
Experiences in ELK with D3.js for Large Log Analysis and Visualization
 
What’s New With 3D Design and Printing?
What’s New With 3D Design and Printing?What’s New With 3D Design and Printing?
What’s New With 3D Design and Printing?
 
The Devil and HTML5
The Devil and HTML5The Devil and HTML5
The Devil and HTML5
 
I Am DevOps (And So Can You)
I Am DevOps (And So Can You)I Am DevOps (And So Can You)
I Am DevOps (And So Can You)
 
Xircd Yapcasia2008
Xircd Yapcasia2008Xircd Yapcasia2008
Xircd Yapcasia2008
 
CEI Email 3.14.03
CEI Email 3.14.03CEI Email 3.14.03
CEI Email 3.14.03
 
Conexión Persuasiva (persuasión)
Conexión Persuasiva (persuasión)Conexión Persuasiva (persuasión)
Conexión Persuasiva (persuasión)
 
Introducing Intelligence Into Your Malware Analysis
Introducing Intelligence Into Your Malware AnalysisIntroducing Intelligence Into Your Malware Analysis
Introducing Intelligence Into Your Malware Analysis
 
Semiconductores
SemiconductoresSemiconductores
Semiconductores
 
A look inside the European Covid Green Certificate - Rust Dublin
A look inside the European Covid Green Certificate - Rust DublinA look inside the European Covid Green Certificate - Rust Dublin
A look inside the European Covid Green Certificate - Rust Dublin
 
Ruby Robots
Ruby RobotsRuby Robots
Ruby Robots
 
La computadoras
La computadorasLa computadoras
La computadoras
 
Jose A. Briones Tweets Archive 3-29-2009 to 2-19-2013
Jose A. Briones Tweets Archive 3-29-2009 to 2-19-2013Jose A. Briones Tweets Archive 3-29-2009 to 2-19-2013
Jose A. Briones Tweets Archive 3-29-2009 to 2-19-2013
 

More from CloudIDSummit

CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content HighlightsCloudIDSummit
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016CloudIDSummit
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CloudIDSummit
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2CloudIDSummit
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CloudIDSummit
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CloudIDSummit
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CloudIDSummit
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CloudIDSummit
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCloudIDSummit
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCloudIDSummit
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CloudIDSummit
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCloudIDSummit
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCloudIDSummit
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCloudIDSummit
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCloudIDSummit
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...CloudIDSummit
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCloudIDSummit
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCloudIDSummit
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCloudIDSummit
 
CIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCloudIDSummit
 

More from CloudIDSummit (20)

CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content Highlights
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean Deuby
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
 
CIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of Things
 

Recently uploaded

SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 

Recently uploaded (20)

SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 

CIS13: Hope or Hype: A Look at the Next Generation of Identity Standards

  • 1. Brian Campbell CIS Napa July 2013 @__b_cbackground and layout of slides specially designed for @lpeterman & @NishantK
  • 5. WTF “SAML is dead”? I’ve got a mortgage to pay… *Disclaimer: I work with these guys at Ping But I just started this job! @paulmadsen @ian13550
  • 7. •  OpenID Connect •  simple JSON/REST-based interoperable identity protocol built on top of the OAuth 2.0 family of specifications. •  design philosophy: “make simple things simple and make complicated things possible.” •  Wins 2012 European Identity and Cloud Award •  “OpenID Connect the award[ed] Best Innovation/New Standard this year. What’s most impressive is that this elegantly simple design resulted from the cooperation of such a diverse global set of contributors. I expect OpenID Connect to have a substantial positive impact on usable, secure identity solutions both for traditional computing platforms and mobile devices. My congratulations to the OpenID Foundation!” - Dave Kearns •  “spurs global economic growth by enabling simple and secure exchange of verified attributes from multiple sources at Internet scale.” http://openid.net/2012/04/18/openid-connect-wins-2012-european-identity-and-cloud-award/
  • 8. May, 2010: Conceptual Debut of Connect time elapses February, 2012: 1st Implementer’s Drafts March 2012 time elapses May, 2013: 2nd Implementer’s Drafts …? https://twitter.com/__b_c/status/181884679513833473 three nerds holding a blurry piece of paper... *Disclaimer: this guy also ‘works’ for Ping And I know these guys reasonably well from various initiatives http://www.thread-safe.com/2012/04/openid-connect-wins-2012-european.html “The OpenID Connect specifications are expected to be completed in the second half of 2012.” @selfissued @_nat_en @ve7jtb
  • 9.
  • 10. *I did actually receive permission to use this photo @JasonABonds
  • 11.
  • 12.
  • 13. Client Resource Server Get an access token Authorization Server Authorization Endpoint Token Endpoint Important Stuff Where the magic happens
  • 14. Discovery Client Relying Party Resource Server Get an access token & an ID Token (JWT) Use an access token Authorization Server Identity Provider or IDP or OpenID Provider or OP Authorization Endpoint Token Endpoint Important Stuff Userinfo Endpoint Registration Endpoint JWKS Endpoint JWKS Endpoint Validate (JWT) ID Token /.well-known /webfinger /openid-configuration Check Session IFrame End Session Endpoint
  • 15. The  JWT   eyJraWQiOiI1IiwiYWxnIjoiRVMyNTYifQ.eyJpc3MiOiJodHRwczpcL1wvaWRwLmV4YW1wbGUuY29tIiwKImV 4cCI6MTM1NzI1NTc4OCwKImF1ZCI6Imh0dHBzOlwvXC9zcC5leGFtcGxlLm9yZyIsCiJqdGkiOiJ0bVl2WVZVM ng4THZONzJCNVFfRWFjSC5fNUEiLAoiYWNyIjoiMiIsCiJzdWIiOiJCcmlhbiJ9.SbPJIx_JSRM1wluioY0Svf ykKWK_yK4LO0BKBiESHu0GUGwikgC8iPrv8qnVkIK1aljVMXcbgYnZixZJ5UOArg   The  Header   {"kid":"5","alg":"ES256"}   The  Payload   {"iss":"https://idp.example.com",   "exp":1357255788,   "aud":"https://sp.example.org",   "jti":"tmYvYVU2x8LvN72B5Q_EacH._5A",   "acr":"2",   "sub":"Brian"}   The  Signature   [computery  junk]  
  • 16. eyJraWQiOiI1IiwiYWxnIjoiRVMyNTYifQ.eyJpc3MiOiJodHRwczpcL1wvaWRwLmV4YW1wbGUuY29tIiwKImV4cCI6MTM1NzI1NTc4OCwKImF1ZCI6Imh0dHBzOlwvXC9zcC5 leGFtcGxlLm9yZyIsCiJqdGkiOiJ0bVl2WVZVMng4THZONzJCNVFfRWFjSC5fNUEiLAoiYWNyIjoiMiIsCiJzdWIiOiJCcmlhbiJ9.SbPJIx_JSRM1wluioY0SvfykKWK_yK4L O0BKBiESHu0GUGwikgC8iPrv8qnVkIK1aljVMXcbgYnZixZJ5UOArg       <Assertion  Version="2.0"  IssueInstant="2013-­‐01-­‐03T23:34:38.546Z”  ID="oPm.DxOqT3ZZi83IwuVr3x83xlr"      xmlns="urn:oasis:names:tc:SAML:2.0:assertion”  xmlns:ds="http://www.w3.org/2000/09/xmldsig#">      <Issuer>https://idp.example.com</Issuer>      <ds:Signature>          <ds:SignedInfo>              <ds:CanonicalizationMethod  Algorithm="http://www.w3.org/2001/10/xml-­‐exc-­‐c14n#"/>              <ds:SignatureMethod  Algorithm="http://www.w3.org/2001/04/xmldsig-­‐more#ecdsa-­‐sha256"/>              <ds:Reference  URI="#oPm.DxOqT3ZZi83IwuVr3x83xlr">                  <ds:Transforms>                      <ds:Transform  Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-­‐signature"/>                      <ds:Transform  Algorithm="http://www.w3.org/2001/10/xml-­‐exc-­‐c14n#"/>                  </ds:Transforms>                  <ds:DigestMethod  Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>                  <ds:DigestValue>8JT03jjlsqBgXhStxmDhs2zlCPsgMkMTC1lIK9g7e0o=</ds:DigestValue>              </ds:Reference>          </ds:SignedInfo>          <ds:SignatureValue>SAXf8eCmTjuhV742blyvLvVumZJ+TqiG3eMsRDUQU8RnNSspZzNJ8MOUwffkT6kvAR3BXeVzob5p08jsb99UJQ==</ds:SignatureValue>      </ds:Signature>      <Subject>          <NameID  Format="urn:oasis:names:tc:SAML:1.1:nameid-­‐format:unspecified">Brian</NameID>          <SubjectConfirmation  Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">              <SubjectConfirmationData  NotOnOrAfter="2013-­‐01-­‐03T23:39:38.552Z"  Recipient="https://sp.example.org"/>          </SubjectConfirmation>      </Subject>      <Conditions  NotOnOrAfter="2013-­‐01-­‐03T23:39:38.552Z"  NotBefore="2013-­‐01-­‐03T23:29:38.552Z">          <AudienceRestriction>              <Audience>https://sp.example.org</Audience>          </AudienceRestriction>      </Conditions>      <AuthnStatement  AuthnInstant="2013-­‐01-­‐03T23:34:38.483Z"  SessionIndex="oPm.DxOqT3ZZi83IwuVr3x83xlr">          <AuthnContext>              <AuthnContextClassRef>2</AuthnContextClassRef>          </AuthnContext>      </AuthnStatement>   </Assertion>  
  • 18. JWT/JWS  Header   {"kid":"5",   "alg":"ES256"}   {"keys":[ {"kty":"EC", "kid":"4", "x":"LX-7aQn7RAx3jDDTioNssbODUfED_6XvZP8NsGzMlRo", "y":"dJbHEoeWzezPYuz6qjKJoRVLks7X8-BJXbewfyoJQ-A", "crv":"P-256"}, {"kty":"EC", "kid":"5", "x":"f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU", "y":"x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0", "crv":"P-256"}, {"kty":"EC", "kid":"6", "x":"J8z237wci2YJAzArSdWIj4OgrOCCfuZ18WI77jsiS00", "y":"5tTxvax8aRMMJ4unKdKsV0wcf3pOI3OG771gOa45wBU", "crv":"P-256"} ]}
  • 19.
  • 20.
  • 22. SAML Any Questions? Brian Campbell CIS Napa July 2013 @__b_c