OpenID Connect Working Group

Slides:



Advertisements
Similar presentations
Suchin Rengan Principal Technical Architect Salesforce.com
Advertisements

Oracle IDM at First National Bank
Windows Azure AppFabric Caching Service Bus Access Control Integration Composite App (WF, WCF)
OpenID Connect Update May 14, 2013 Dr. Michael B. Jones Identity Standards Architect – Microsoft.
FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.
WSO2 Identity Server Road Map
OpenID Connect Update and Discussion Mountain View Summit – September 12, 2011 Mike Jones – Microsoft John Bradley – Independent Nat Sakimura – Nomura.
OpenID Connect Working Group April 6, 2015 Mike Jones Identity Standards Architect – Microsoft.
IDENTITY MANAGEMENT Hoang Huu Hanh (PhD), OST – Hue University hanh-at-hueuni.edu.vn.
IIW 2008b Report November , Mountain View Abbie Barbir Nortel OASIS IDtrust Steering.
FIspace SPT Seyhun Futaci. Technology behind FIspace Authentication and Authorization IDM service of Fispace provides SSO solution for web apps, mobile.
The Internet Identity Layer OpenID Connect Update for HIT Standards Committee’s Privacy and Security Workgroup Wednesday, March 12th from 10:00-2:45 PM.
Chad La Joie Shibboleth’s Future.
Openid Connect
Identity Management Hannes Tschofenig. Motivation OAuth was created to allow secure and privacy friendly sharing of data. OAuth is not an authentication.
101 ways to authenticate with Azure Active Directory
Observations from the OAuth Feature Survey Mike Jones March 14, 2013 IETF 86.
All Rights Reserved 2014 © CMG Consulting LLC Federated Identity Management and Access Andres Carvallo Dwight Moore CMG Consulting, LLC October
Adxstudio Portals Training
Secure Mobile Development with NetIQ Access Manager
OpenID Connect Working Group May 10, 2016 Mike Jones Identity Standards Architect – Microsoft.
OpenID Certification June 7, 2016 Michael B. Jones Identity Standards Architect – Microsoft.
OpenID Connect: An Overview Pat Patterson Developer Evangelist Architect
Web Authorization Protocol WG Hannes Tschofenig, Derek Atkins.
11 | Managing User Info Jeremy Foster Michael Palermo
Access Policy - Federation March 23, 2016
Dr. Michael B. Jones Identity Standards Architect at Microsoft
Azure Active Directory - Business 2 Consumer
Experiences to Date Faculty of Engineering April 2017
Introduction to Windows Azure AppFabric
Federation made simple
Shibboleth Roadmap
Identity Federations - Overview
Identity Standards Architect – Microsoft
Introduction to OpenID Connect
OAuth Assertion Documents
Exam in just 24 hours!!! Pass your exam in first attempt by the help of our latest braindumps
Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)
Windows Azure AppFabric
Exam : Implementing Microsoft Azure Infrastructure Solutions
OpenID Connect Working Group
OpenID Enhanced Authentication Profile (EAP) Working Group
OpenID Connect: News, Overview, Certification, and Action Items
Identity Standards Architect – Microsoft
Integrating Microsoft SharePoint 2010 with Windows Azure
OpenID Enhanced Authentication Profile (EAP) Working Group
OpenID Certification Program Award Presentation for IDnext 2018
Introduction to OpenID Connect
OpenID Connect Working Group
Identity Standards Architect – Microsoft
What Does Logout Mean? Michael B. Jones, Identity Standards Architect, Microsoft Brock Allen, Software Security Consultant, Solliance OAuth Security Workshop,
Office 365 Identity Management
Introduction to OpenID Connect
Mechanisms for Distributed Global Authentication David R Newman.
Mary Montoya, CIO Bogi Malecki, Project Manager
Token-based Authentication
Introduction to OpenID Connect
Microsoft Ignite NZ October 2016 SKYCITY, Auckland.
OpenID Connect Working Group
Identity Standards Architect – Microsoft
OpenID Enhanced Authentication Profile (EAP) Working Group
Introduction to OpenID Connect
OpenID Connect Working Group
OpenID Enhanced Authentication Profile (EAP) Working Group
Identity Standards Architect – Microsoft
Introduction to OpenID Connect
Identity Standards Architect – Microsoft
OpenID Connect Working Group
OpenID Enhanced Authentication Profile (EAP) Working Group
Presentation transcript:

OpenID Connect Working Group April 2, 2018 Michael B. Jones Identity Standards Architect – Microsoft

Working Together OpenID Connect

You’re Probably Already Using OpenID Connect! If you have an Android phone or log in at AOL, Deutsche Telekom, Google, Microsoft, NEC, NTT, Salesforce, Softbank, Symantec, Verizon, or Yahoo! Japan, you’re already using OpenID Connect Many other sites and apps large and small also use OpenID Connect

OpenID Connect

Numerous Awards OpenID Connect won 2012 European Identity Award for Best Innovation/New Standard http://openid.net/2012/04/18/openid-connect-wins-2012-european-identity-and-cloud-award/ OAuth 2.0 won in 2013 JWT/JOSE won in 2014 OpenID Certification program won 2018 Identity Innovation Award

Topics Federation Specification Session Management / Logout Second Errata Set Current Related Work OpenID Connect Certification

Federation Specification Roland Hedberg created OpenID Connect Federation specification http://openid.net/specs/openid-connect-federation-1_0.html Enables establishment and maintenance of multi-party federations using OpenID Connect Defines hierarchical JSON-based metadata structures for federation participants Prototype implementations being tested

Session Management / Logout Three approaches being pursued by the working group: Session Management http://openid.net/specs/openid-connect-session-1_0.html Uses HTML5 postMessage to communicate state change messages between OP and RP iframes Front-Channel Logout http://openid.net/specs/openid-connect-frontchannel-1_0.html Uses HTTP GET to load image or iframe, triggering logout Similar to options in SAML, WS-Federation Back-Channel Logout http://openid.net/specs/openid-connect-backchannel-1_0.html Server-to-communication not using the browser Can be used by native applications, which have no active browser All support multiple logged in sessions from OP at RP Unfortunately, no one approach best for all use cases Is it time to move to Final Specifications?

Second Errata Set Errata process corrects typos, etc. discovered Makes no normative changes Edits under way for second errata set See http://openid.net/specs/openid-connect-core-1_0-23.html for current Core errata draft Waiting for OAuth AS metadata spec draft-ietf-oauth-discovery to finish So we can register OpenID Discovery metadata values Spec just progressed to the RFC Editor I plan to do the remaining edits during IIW

Current Related Work International Government Profile (iGov) Working Group Developing OpenID Connect profile for government & high-value commercial applications Enhanced Authentication Profile (EAP) Working Group Enables Token Bound ID Tokens Enables integration with FIDO and other phishing-resistant authentication solutions

OpenID Certification OpenID Certification enables OpenID Connect implementations to be certified as meeting requirements of defined conformance profiles Now OP and RP certification profiles for: Basic OP and Basic RP Implicit OP and Implicit RP Hybrid OP and Hybrid RP OP Publishing and RP Using Configuration Information Dynamic OP and Dynamic RP See http://openid.net/certification/ and http://openid.net/certification/faq/ And accompanying certification presentation!

Open Conversation How are you using OpenID Connect? What would you like the working group to know and do?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.