OTP-ValidationService: Summary, Status, and Next Steps OTPS Workshop, February 2006.

Slides:

Advertisements

Similar presentations

RP Designs Semi-Custom e-Commerce Package. Overview RP Designs semi- custom e-commerce package is a complete website solution. Visitors can browse a catalog.

Advertisements

1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P April 11, 2007 Andrea Doherty.

OGSA Security Profile 2.0 (a.k.a. Express Authentication Profile) DUANE MERRILL October 18, 2007.

Data Transport Standard (DTS) for NCHELP Business Perspective.

Standardizing Usage Statistics Requests with SUSHI Theodore Fons Senior Product Manager Innovative Interfaces.

CT-KIP Magnus Nyström, RSA Security OTPS Workshop, October 2005.

WS – Security Policy Prabath Siriwardena Director, Security Architecture.

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

SOAP SOAP is a protocol for accessing a Web Service. SOAP stands for Simple Object Access Protocol * SOAP is a communication protocol * SOAP is for communication.

Functional component terminology - thoughts C. Tilton.

Donkey Project Introduction and ideas around February 21, 2003 Yuri Demchenko.

ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.

Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

Applied Cryptography Week 13 SAML Applied Cryptography SAML and XACML Mike McCarthy Week 13.

Long-term Archive Service Requirements draft-ietf-ltans-reqs-00.txt.

Web services security I

Use Case Development Scott Shorter, Electrosoft Services January/February 2013.

EsMD Background Phase I of esMD was implemented in September of It enabled Providers to send Medical Documentation electronically Review Contractor.

Digital Signature Technologies & Applications Ed Jensen Fall 2013.

Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.

Draft-ietf-abfab-aaa-saml Josh Howlett, JANET IETF 82.

Cardea Requirements, Authorization Model, Standards and Approach Globus World Security Workshop January 23, 2004 Rebekah Lepro Metz

T Network Application Frameworks and XML Web Services and WSDL Sasu Tarkoma Based on slides by Pekka Nikander.

MAHI Research Database Data Validation System Software Prototype Demonstration September 18, 2001

The NISO Question/Answer Transaction Protocol (QATP) AVIAC January 2004 Donna Dinberg Library and Archives Canada Mark Needleman Sirsi Corporation.

Module 14: WCF Send Adapters. Overview Lesson 1: Introduction to WCF Send Adapters Lesson 2: Consuming a Web Service Lesson 3: Consuming Services from.

Cross-Enterprise User Assertion IHE Educational Workshop 2007 Cross-Enterprise User Assertion IHE Educational Workshop 2007 John F. Moehrke GE Healthcare.

Web Services Glossary Summary of Holger Lausen

WS-Security: SOAP Message Security Web-enhanced Information Management (WHIM) Justin R. Wang Professor Kaiser.

International Telecommunication Union Geneva, 9(pm)-10 February 2009 ITU-T Security Standardization on Mobile Web Services Lee, Jae Seung Special Fellow,

Dynamic Symmetric Key Provisioning Protocol (DSKPP) Mingliang Pei Salah Machani IETF68 KeyProv WG Prague.

Web Services Security Standards Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems.

The NISO NETREF Protocol Mark H Needleman Product Manager- Standards Sirsi Corporation LITA National Conference 2004.

HTTP Extension Framework Name: Qin Zhao Id:

SPPF Batch DOS Considerations Jeremy Barkan Xconnect 28 March

ITU-T X.1254 | ISO/IEC An Overview of the Entity Authentication Assurance Framework.

OTP-WSS-Token John Linn, RSA Laboratories DRAFT: 24 May 2005.

1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV BOF IETF-67 San Diego November 2006 Andrea Doherty.

DSKPP And PSKC: IETF Standard Protocol And Payload For Symmetric Key Provisioning Philip Hoyer Senior Architect – CTO Office.

DSKPP And PSKC: IETF Standard Protocol And Payload For Symmetric Key Provisioning Philip Hoyer Senior Architect – CTO Office.

Random Logic l Forum.NET l Web Services Enhancements for Microsoft.NET (WSE) Forum.NET ● October 4th, 2006.

An XML based Security Assertion Markup Language

OTP-ValidationService John Linn, RSA Laboratories 11 May 2005.

Session Peering Protocol over SOAP I-D ( draft-ietf-drinks-spp-over-soap-01) draft-ietf-drinks-spp-over-soap-01 0 Presenter: Vikas Bhatia (On behalf of.

SAML in Authorization Policies draft-guenther-geopriv-saml-policy-01.

SAML: An XML Framework for Exchanging Authentication and Authorization Information + SPML, XCBF Prateek Mishra August 2002.

W3C Web Services Architecture Security Discussion Kick-Off Abbie Barbir, Ph.D. Nortel Networks.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Security Token Service Valéry Tschopp - SWITCH.

 A Web service is a method of communication between two electronic devices over World Wide Web.

Standards for Technology in Automotive Retail STAR Update Michelle Vidanes STAR XML Data Architect April 30 th, 2008.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

1 G52IWS: Web Services Chris Greenhalgh. 2 Contents The World Wide Web Web Services example scenario Motivations Basic Operational Model Supporting standards.

EbXML Conference Ministry of Informatics

Technical Steering Committee La Jolla, January 2003 Paul Kiel, HR-XML.

Task Force CoRD Meeting / XML Security for Statistical Data Exchange Gregory Farmakis Agilis SA.

Long-term Archive Service Requirements November 9, 2004.

Requirements for Generic Rights Trading Ko Fujimura 49th IETF Meeting – San Diego draft-ietf-trade-drt-requirements-01.txt.

Portable Symmetric Key Container (PSKC) Mingliang Pei Philip Hoyer Dec. 3, th IETF, Vancouver.

Security Hannes Tschofenig. Goal for this Meeting Use the next 2 hours to determine what the security consideration section of the OAuth draft(s) should.

Standards Certification Education & Training Publishing Conferences & Exhibits Automation Connections ISA EXPO 2006 Wed, 1:00 Oct 18.

© ETNIC l l Anne Noseda l WSGenCon 2.0 Presentation 1 WSGenCon /02/2010 E2SA – Equipe Support Standard Architecture.

Access Policy - Federation March 23, 2016

Training for developers of X-Road interfaces

Cryptography and Network Security

Data Transport Standard (DTS)

draft-ietf-dtn-bpsec-06

Presentation transcript:

OTP-ValidationService: Summary, Status, and Next Steps OTPS Workshop, February 2006

OTP-ValidationService (OTP- VS) Overview OTP-VS uses XML Schema, defines a web service request/response protocol to validate OTP credentials Using OTP-VS, a relying party (RP) can ask an authentication service (AS) whether OTP data that it has received successfully authenticates a claimant OTP-VS uses OTP-WSS-Token to represent OTP data Supports ancillary OTP-related functions (obtaining challenges, PIN management, resynchronization) Validation transactions can be secured "in band" within OTP-VS protocol (using XML Signature, XML Encryption), externally (e.g., SSL/TLS, IPsec, WSS:SMS), or by relying on security properties of environment Generic service can be profiled to support the needs of particular OTP methods

OTP-VS Usage Scenario ClaimantRPAS Application Request with OTP OTP-VS User OTP-VS operates in a web service environment; claimant-RP protocol can be arbitrary

OTP-VS Premises and Assumptions RP has prior knowledge of the set of OTP methods that the AS supports Depending on method and situation, an OTP-VS transaction may span one or more request-response round trips For example, could request and obtain challenge, then provide an OTPToken based on the challenge to be validated RequestID and SessionID identify a message's transaction, SequenceID supports sequence integrity Two-level status framework: transaction status, credential status SOAP binding defined, other bindings possible

Draft 4 Status Current Draft 4 released January 2006, relatively few changes from Draft 3 Added AuxiliaryValidationData, replacing ExtendedStatusCode with more general approach Extended CertHash to bind VS as well as RP Removed remaining PIN management references Allowed advisory, non-failure LostToken status Various clarifications and editorial changes Unless significant issues identified, expect to declare this as final OTP-VS 1.0 draft following workshop

Draft 3 status (1 of 2) Draft 3 (November 2005) responded to issues discussed on list and at October workshop Expanded string comparison rules Additional error codes (SignatureValidationFailed, SignatureRequired, DecryptionFailed) Removed PIN management from scope Separated request from response payloads Allowed challenge requests to identify user and/or OTP component

Draft 3 status (2 of 2) Additional changes in Draft 3: Added CertHash to bind requester with certificate Described that values are generally defined at method level, included usage example Also defined specific method-independent s: LostToken, ExpiredToken, PINUpdate Clarified end-user display (and associated internationalization) as out of scope, given functional focus on adminstrator interaction Various other clarifications, simplifications, editorial changes

Areas Intended for Support, Independent Validation Sought Challenge-response profile Indicating authentication strength within verification responses Example included in current draft Supporting multiple challenge-response sets

OTP-VS Next Steps Confirmation of document content as V1.0 Consideration of profiles for additional OTP methods Profiles can be specified separately from base document Possible contribution of document to external forum?