OAuth Design Team Call 11th February 2013.

Slides:



Advertisements
Similar presentations
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Advertisements

PIS: Unit III Digital Signature & Authentication Sanjay Rawat PIS Unit 3 Digital Sign Auth Sanjay Rawat1 Based on the slides of Lawrie.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
IETF OAuth Proof-of-Possession
1 IETF OAuth Proof-of-Possession Hannes Tschofenig.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
Cryptography and Network Security Chapter 17
OAuth 2.0 Security IETF OAuth WG Conference Call, 14th December 2012.
OAuth Security Hannes Tschofenig Derek Atkins. State-of-the-Art Design Team work late 2012/early 2013 Results documented in Appendix 3 (Requirements)
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.
Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.
WS-Security: SOAP Message Security Web-enhanced Information Management (WHIM) Justin R. Wang Professor Kaiser.
ECE509 Cyber Security : Concept, Theory, and Practice Cryptography Spring 2014.
Practices in Security Bruhadeshwar Bezawada. Key Management Set of techniques and procedures supporting the establishment and maintenance of keying relationships.
©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
CS 4244: Internet Programming Security 1.0. Introduction Client identification and cookies Basic Authentication Digest Authentication Secure HTTP.
Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
SMUCSE 5349/7349 SSL/TLS. SMUCSE 5349/7349 Layers of Security.
IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.
SAML for SIP Hannes Tschofenig, Jon Peterson, James Polk, Douglas Sicker, Marcus Tegnander.
NTP Header and Extension Fields Message DigestKey IDCompute Hash Message DigestCompare Message Authenticator Code (MAC) Figure 1 Message Authentication.
Pertemuan #8 Key Management Kuliah Pengaman Jaringan.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
Cryptography CSS 329 Lecture 13:SSL.
CDNI URI Signing (draft-leung-cdni-uri-signing-01) CDNI Working Group IETF 85 Atlanta, Georgia November 8, 2012 Kent Leung
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Apr 1, 2003Mårten Trolin1 Previous lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
PRESENTATION ON SECURE SOCKET LAYER (SSL) BY: ARZOO THAKUR M.E. C.S.E (REGULAR) BATCH
1 Cryptography CSS 329 Lecture 12: Key Establishment, IPSec.
The Secure Sockets Layer (SSL) Protocol
CSE 486/586 Distributed Systems Security --- 2
OAuth WG Conference Call, 11th Jan. 2013
Phil Hunt, Hannes Tschofenig
Cryptography and Network Security
Computer Communication & Networks
Chapter 18 IP Security  IP Security (IPSec)
Cryptography and Network Security
UNIT.4 IP Security.
Authentication Applications
CSE 486/586 Distributed Systems Security --- 2
COMP3220 Web Infrastructure COMP6218 Web Architecture
CSE 486/586 Distributed Systems Security --- 2
Originally by Yu Yang and Lilly Wang Modified by T. A. Yang
Cryptography and Network Security
Cryptography Basics and Symmetric Cryptography
Security in ebXML Messaging
Public Key Infrastructure (PKI)
Anonymity - Background
SSL (Secure Socket Layer)
Secure WUR frames Date: Authors: January 2018
The Secure Sockets Layer (SSL) Protocol
Lecture 10: Network Security.
Transport Layer Security (TLS)
Chapter -7 CRYPTOGRAPHIC HASH FUNCTIONS
Secure How do you do it? Need to worry about sniffing, modifying, end-user masquerading, replaying. If sender and receiver have shared secret keys,
COEN 351 Authentication.
Cryptography Fundamentals
Cryptography and Network Security
Presentation transcript:

OAuth Design Team Call 11th February 2013

Security Design Requirements Focus on symmetric key cryptography Use MAC Token spec as a starting point Lifetime of session key = Lifetime of access token Unless the sequence number space wraps Replay protection: Timestamp + [sequence number] Support for TLS channel bindings Integrity protection for data exchange between the client and the resource server, and vice versa. “Flexibility” regarding keyed message digest computation Crypto-Agility: Algorithm indication from Authorization Server to the Client.

Remaining Decisions Key distribution: Three mechanisms presented. Which one should focus on? Key naming: New key identifier (kid) parameter? Allow Client to indicate to which RS is wants to talk to?

DKIM Signature Recap body-hash: is the output from hashing the body, using hash-alg. data-hash: is the output from using the hash-alg algorithm, to hash the header including the DKIM-Signature header, and the body hash. h-headers: is the list of headers to be signed, as specified in the "h" parameter. h= Signed header fields Example: h=Received : From : To : Subject : Date : Message-ID; Alternative: IANA registration for example

Key Distribution Three techniques: Key point: What is MTI? Key Transport “Key Retrieval” Key Agreement Key point: What is MTI?

How RS obtains the Session Key? Option#1: Key Transport

How RS obtains the Session Key? Option#2: “Key Retrieval” Key Request

How RS obtains the Session Key? Option#3: Key Agreement Key Request

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.