OAuth/UMA for ACE 24 th March 2015 draft-maler-ace-oauth-uma-00.txt Eve Maler, Erik Wahlström, Samuel Erdtman, Hannes Tschofenig.

Slides:

Advertisements

Similar presentations

Protocol carrying Authentication for Network Access (PANA) Subir Das/Basavaraj Patil Telcordia Technologies Inc./Nokia 12/14/2001.

Advertisements

Cloud PIV Authentication and Authorization Demo PIV Card User Workstation Central Security Server In order to use Cloud Authentication and Authorization.

Mobile Application Architectures

Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Prabath Siriwardena | Johann Nallathamby.

FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.

Hannes Tschofenig, Blaine Cook (IETF#79, Beijing).

Hannes Tschofenig (IETF#79, SAAG, Beijing). Acknowledgements I would like to thank to Pasi Eronen. I am re- using some of his slides in this presentation.

J2ME Web Services Specification.  With the promise to ease interoperability and allow for large scale software collaboration over the Internet by offering.

Hannes Tschofenig MIT CFP Privacy & Security Working Group Feb. 2 nd 2011.

IT:Network:Applications VIRTUAL DESKTOP INFRASTRUCTURE.

Exchange server Mail system Four components Mail user agent (MUA) to read and compose mail Mail transport agent (MTA) route messages Delivery agent.

Introduction To Windows NT ® Server And Internet Information Server.

Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.

ACE – Design Considerations Corinna Schmitt IETF ACE WG meeting July 23,

1 An overview Always Best Connected Networks Dênio Mariz Igor Chaves Thiago Souto Aug, 2004.

Chapter 11: Dial-Up Connectivity in Remote Access Designs

Using RADIUS Within the Framework of the School Environment Ed Register Consultant April 6, 2011.

VPN Scenarios © N. Ganesan, Ph.D.. Chapter Objectives.

1 Confidential Authentication Session Hannes Tschofenig.

Managing Client Access

Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.

OAuth option for mHealth Brief Profile Proposal for 2013/14 presented to the IT Infrastructure Planning Committee R Horn (Agfa Healthcare)

Authorization architecture sketches draft-selander-core-access-control-02 draft-gerdes-core-dcaf-authorize-02 draft-seitz-ace-design-considerations-00.

SIP Authorization Framework Use Cases Rifaat Shekh-Yusef, Jon Peterson IETF 91, SIPCore WG Honolulu, Hawaii, USA November 13,

UMA Could I Manage My Own Data. Please?. Agenda Business Trends & Technical Solutions Distributed Business (Decentralisation) Mobility & Automation Delegation.

1 Design Patterns for Connected Devices Hannes Tschofenig Michael Koster.

Introduction to VPN for MVS. Presented by Kevin D. Burney Computer Systems and Network Architect Office of the Vice Chancellor of Budget and Finance.

Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.

©Kwan Sai Kit, All Rights Reserved Windows Small Business Server 2003 Features.

ACE BOF, IETF-89 London Authentication and Authorization for Constrained Environments (ACE) BOF Wed 09:00-11:30, Balmoral BOF Chairs: Kepeng Li, Hannes.

FIspace SPT Seyhun Futaci. Technology behind FIspace Authentication and Authorization IDM service of Fispace provides SSO solution for web apps, mobile.

The Internet Identity Layer OpenID Connect Update for HIT Standards Committee’s Privacy and Security Workgroup Wednesday, March 12th from 10:00-2:45 PM.

(Preliminary) Gap Analysis Hannes Tschofenig. Goal of this Presentation The IETF has developed a number of security technologies that are applicable to.

Module 11: Implementing ISA Server 2004 Enterprise Edition.

 background and intro  client deployment  system Architecture and server deployment  behind the scenes  data protection and security  multi-server.

Identity Management Hannes Tschofenig. Motivation OAuth was created to allow secure and privacy friendly sharing of data. OAuth is not an authentication.

Distributed Authentication in Wireless Mesh Networks Through Kerberos Tickets draft-moustafa-krb-wg-mesh-nw-00.txt Hassnaa Moustafa

IETF #91 OAuth Meeting Derek Atkins Hannes Tschofenig.

G CITRIXHACKIN. Citrix Presentation Server 4.5 New version is called XenApp/Server Common Deployments Nfuse classic CSG – Citrix Secure Gateway Citrix.

Systems and Network Design Professional Services for NT Server and NetWare Networks.

Core 3: Communication Systems. Network software includes the Network Operating Software (NOS) and also network based applications such as those running.

Access Management 2.0: UMA for the #UMAam20 for questions 20 March 2014 tinyurl.com/umawg for slides, recording, and more 1.

SAML for SIP Hannes Tschofenig, Jon Peterson, James Polk, Douglas Sicker, Marcus Tegnander.

Justin Richer The MITRE Corporation October 8, 2014 Overview of OAuth 2.0 and Blue Button + REST.

1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV WG IETF-68 Prague March 2007 Andrea Doherty.

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.

1 Requirement Specification for IoT API layer Company:Tata Consultancy Services Author(s):Avik Ghose Contact

OAuth WG Blaine Cook, Hannes Tschofenig. Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft.

1 Public Key Infrastructure Rocky K. C. Chang 6 March 2007.

Security Hannes Tschofenig. Goal for this Meeting Use the next 2 hours to determine what the security consideration section of the OAuth draft(s) should.

IS 4506 Windows NTFS and IIS Security Features.  Overview Windows NTFS Server security Internet Information Server security features Securing communication.

Secure Mobile Development with NetIQ Access Manager

COMPUTER NETWORKS Quizzes 5% First practical exam 5% Final practical exam 10% LANGUAGE.

Web Authorization Protocol WG Hannes Tschofenig, Derek Atkins.

OAuth2 and UMA for ACE draft-maler-ace-oauth-uma-00.txt Eve Maler, Erik Wahlström, Samuel Erdtman, Hannes Tschofenig.

Phil Hunt, Hannes Tschofenig

Implementing TMG Server Publishing

OpenID Enhanced Authentication Profile (EAP) Working Group

OpenID Enhanced Authentication Profile (EAP) Working Group

PLUG-N-HARVEST ID: H2020-EU

SharePoint Online Hybrid – Configure Outbound Search

Web Authorization Protocol (oauth)

An Introduction to Cloud Computing

SharePoint Online Authentication Patterns

OpenID Enhanced Authentication Profile (EAP) Working Group

OpenID Enhanced Authentication Profile (EAP) Working Group

Web Authorization Protocol (OAuth)

OpenID Enhanced Authentication Profile (EAP) Working Group

Presentation transcript:

OAuth/UMA for ACE 24 th March 2015 draft-maler-ace-oauth-uma-00.txt Eve Maler, Erik Wahlström, Samuel Erdtman, Hannes Tschofenig

1.Need security and privacy in web. Authentication and authorization become an important component of Web security today. 2.Providing the same level of security functionality to the Internet of Things (IoT) environment. 3.IoT devices, however, have limitations. 4.Web and Iot is a continuum rather than an either or. 5.Would like to use the same approach for managing services, user accounts as well as devices. 6.Approach of adapting already standardized and deployed technologies. Motivation

"Existing authentication and authorization protocols will be evaluated and used where applicable to build the constrained-environment solution. This requires relevant specifications to be reviewed for suitability, selecting a subset of them and restricting the options within each of the specifications.” Extract from IETF ACE Charter

Door Lock Use Case

Players in this Scenario 5 Joe works for a maintenance company and is specialized in installing physical access control systems Tom is employed by Alice at example.com. Alice is the owner of the small but widely known company example.com. She wants to deploy a new physical access control system in her office building.

Installing Door Locks Joe configures the door lock with credentials and the address of the authorization server. Joe uploads credentials about the door locks to the authz server. Joe works for a maintenance company and is specialized in installing physical access control systems

… not the most complex scenarios but we need to pick others up where they are today. The presented scenario does not require many new extensions. Mostly the communication between client and resource server. Remarks

Technical solution details are available with UMA/OAuth/OpenID Connect specifications but optimizations are possible. OAuth over CoAP profiles. More compact token encodings Ongoing work on PoP tokens and token binding. Looking for other interested parties to work on prototypes to gain more experience. What’s Next?