Download as PDF, PPTX
Uploaded byChristian Glahn
edu-ID Mobile App for Smart Environments
The document outlines the implementation and architecture of the eduid mobile app designed for smart environments in the Swiss academic domain, detailing three main use cases involving responsive web apps, integrated services, and a token-agent for enhanced security. It emphasizes the importance of trust among users, mobile devices, and app stores within a federated service structure utilizing open standards like OpenID Connect and OAuth2. Additionally, it highlights the full-stack integration of the app with various technologies, ensuring robust user management and strong encryption.
More Related Content
![[WSO2Con USA 2018] Design and Implementation of the Veridium Authenticator: A...](https://cdn.slidesharecdn.com/ss_thumbnails/1330callahanjohn-180717163353-thumbnail.jpg?width=640&height=640&fit=bounds)
Similar to edu-ID Mobile App for Smart Environments
edu-ID Mobile App for Smart Environments
- 1. FHO Fachhochschule Ostschweiz edu-IDMobile App for Smart Environments @phish108 @htwblc!
- 2. What happened sofar … @phish108 @htwblc
- 3. Authorization is aboutTrust Organization Trusted User & App Store Trusted Mobile DeviceService Federation Untrusted Personal Data Internet @phish108 @htwblc
- 4. Use-case 1: ResponsiveWeb-Apps (OpenID Connect / OAuth2 or SAML) @phish108 @htwblc Swiss Academic Domain (Organisation Trusted) University Server SWITCH Server Internet Mobile Device (User and App Store Trusted) EDUID Service Academic Service Web-App
- 5. @phish108 @htwblc Use-case 2:Integrated Service (AppAuth) Swiss Academic Domain (Organisation Trusted) Mobile Device (User and App Store Trusted) University Server SWITCH Server Internet EDUID Service Academic Service Web-Browser Third Party App IntegratedService
- 6. @phish108 @htwblc Use-case 3:EduID Mobile App (Token-agent assertions) Swiss Academic Domain (Organisation Trusted) University Server SWITCH Server Internet Mobile Device (User and App Store Trusted) EDUID Service (OIDC AP) Academic Service EDUID Mobile App (Trust & Token Agent) Third Party App ExtendedTrustDomain
- 7. @phish108 @htwblc EduID MobileApp Reference Architecture Swiss Academic Domain (Organisation Trusted) University Server SWITCH Server Internet Mobile Device (User and App Store Trusted) EDUID Service (OIDC AP) Academic Service EDUID Mobile App (Trust & Token Agent) Third Party App OAuth2 Access Token OAuth2 Access Token Authorization Request RFC 7521/7523 + RFC 7800 or App Auth RFC 7521/7523 + RFC 7800 via RedirectURL OIDC ID + OAuth2 Access Token RFC 7521/7523 + RFC 7800 + OIDC Scope OIDC ID + OAuth2 Access Token OAuth2 Access Token ACL Handling 1 234 5
- 8. @phish108 @htwblc EduID MobileApp Implementation Status Swiss Academic Domain (Organisation Trusted) University Server SWITCH Server Internet Mobile Device (User and App Store Trusted) EDUID Service (OIDC AP) Academic Service EDUID Mobile App (Trust & Token Agent) Third Party App OAuth2 Access Token OAuth2 Access Token Authorization Request RFC 7521/7523 + RFC 7800 or App Auth RFC 7521/7523 + RFC 7800 via RedirectURL OIDC ID + OAuth2 Access Token RFC 7521/7523 + RFC 7800 + OIDC Scope OIDC ID + OAuth2 Access Token OAuth2 Access Token ACL Handling 1 234 5 NAIL Integration iOS + Android Cordova Plugin Moodle OAuth2 + JWE Support OAuth2 & OIDC Full-Stack Service
- 9. Node-OIDC-Provider Integration withLDAP Backend Support • ES2017 + NodeJS 8 • LDAP-based User Management • LDAP-based Service/Federation Management • Separate Directory Organisation • Configurable Attribute Mapping • Full JOSE Support (strong JWE encryption covered) • OIDC certified - details at: github.com/panva/node-oidc-provider • OSS under MIT License @phish108 @htwblc OIDC Full Stack Implementation For all 3 Use-cases + Web-Service Integration
- 10. Further reading http://htw.ac/eduid-mobile @htwblc http://htw.ac/blc-blog FHOFachhochschule Ostschweiz