Trust elevation allows increasing authentication strength to enable higher-risk transactions. It involves tradeoffs between security and usability. OAuth2 and OpenID Connect provide standard authentication frameworks for apps and APIs, supporting a range of authentication methods from passwords to biometrics. User managed access (UMA) further extends OAuth2 to implement policy-based access control. To enable cross-domain trust elevation, organizations can participate in federated identity systems like SAML and OAuth2 federations, which standardize technical and legal integration between identity providers. Emerging areas involve authentication for IoT devices and fine-grained access control over distributed data.
08448380779 Call Girls In Friends Colony Women Seeking Men
Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect & UMA
1. Trust Elevation
Implementing an OAuth 2.0 Infrastructure
using the OpenID Connect & UMA profiles
sales@gluu.org@GluuFederation
By: Michael Schwartz
2. What is trust elevation?
“Trust Elevation methods increase the
mitigation of risk of false assertion of identity in
order to allow the subject to engage in a
transaction.”
OASIS Trust-EL TC
Authentication Step-Up Protocol and Metadata
Version 1.0-Draft 3
3. Don’t use 2FA, unless you have to...
“Civilization advances by extending the number
of important operations which we can perform
without thinking about them.”
Albert North Whitehead
English Mathematician and Philosopher
(1861 - 1947)
18. Contextual Combinations Complicate
Relative Scale
● Is the IP address a known hacker?
● Was the device rooted?
● Is a browser cookie present?
● Is the device running virus
protection?
● Is the location recognized?
● When was credential issued?
● What is the time of day?
19. According to Microsoft
research (page 11), every
authentication scheme does
worse than passwords on
deployability.
Pick your poison:
20. Part II: OAuth2
How do apps use all these crazy authentication methods?
● Deployability = cost
● Less Cost = consolidation
● No “one-offs”!