Presentation is loading. Please wait.

Presentation is loading. Please wait.

SIROPE OAuth and OAuth2 Living in SIR

Published byEunice Wright Modified over 6 years ago

Similar presentations

Presentation on theme: "SIROPE OAuth and OAuth2 Living in SIR"— Presentation transcript:

1 SIROPE OAuth and OAuth2 Living in SIR
Una vez comentado en qué consiste oauth, veamos cómo esta tecnología se ha utilizado para solucionar nuestro problema inicial. Diego R. Lopez, RedIRIS

2 The Goals Explore the applicability of “classic” OAuth within the RedIRIS environment User-mediated access to data held by the RedIRIS services by registered applications Contribute to the development of OAuth2 Assertion profile as a bridge to academic federations Authorization use cases in RESTful environments Enhanced user-mediated access in the line of Kantara’s WG-UMA

3 Classic OAuth Service components deployed Register interface
Server library Client reference implementation

4 Classic OAuth in Action
1-3: Control passes to the section dealing with OAuth logic 4-5: Client-server credential exchange 6-7: User redirected to AuthN/AuthR point (federation plays here) 8-9 Temporary credential and token exchange 10-11: Resource access using token En un primer paso, el usuario accede a una página inicial, donde la institución podrá tener cualquier tipo de estilo o de autenticación que desee; desde ahí se le redirige a donde se encuentra la lógica de oauth.

5 The OAuth2 Assertion Profile

6 Implementing the OAuth2 AP
The user goes to a Client Application. The Client App requires the user to authenticate at a federated IdP that generates an assertion. The Client App sends the assertion obtained to an Authorization Server. There, a token for a certain user, client, scope and lifetime is generated. The Authorization Server sends the generated token to the Client App. The Client App acts on behalf of the user and requests the resource to the Server. The token can be used more times until it expires. The Server returns the resource if the token sent is a valid token. OAuth2lib: Components supporting the OAuth2 AP Authorization Server Server access control logic Client interface

7 OAuth2lib AS Registered servers Registered clients Policy
Keys Acceptable scopes Registered clients Policy Clients Attributes Scopes Supports SAML and PAPI assertion formats Extensible interface

8 OAuth2lib Server Support
ASes Keys Resources Calls content handlers

9 OAuth2lib Client Interface
Federation data How to access and process the received assertion OAuth2 data How to access the appropriate AS and server Resource data Forwarded to the calling application

10 Deploying OAuth2 AP: SIROPE
A web-based client offering users the access to data related to their status in the SIR federation Currently, available SPs An Authorization Server Open to be used by other potential clients at the institutions A pilot server application Available SPs for a given user/institution The hub nature of SIR comes to help again

11 http://www.rediris.es/oauth2/ OAuth2lib beyond SIR
Access to resources in the AGORA e-learning toolset Fine-grained RESTful AuthR Evaluation of OAuth2lib in the OpenSocial environment Collaboration with SURFnet Any others welcome

Download ppt "SIROPE OAuth and OAuth2 Living in SIR"

Similar presentations

Suchin Rengan Principal Technical Architect Salesforce.com

Suchin Rengan Principal Technical Architect Salesforce.com
FI-WARE Testbed Access Control temporary solution.

FI-WARE Testbed Access Control temporary solution.
Contrail and Federated Identity Management

Contrail and Federated Identity Management
Step-up Authentication as-a Service Pieter van der Meulen Technical Product Manager.

Step-up Authentication as-a Service Pieter van der Meulen Technical Product Manager.
Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.

Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.
Hannes Tschofenig (IETF#79, SAAG, Beijing). Acknowledgements I would like to thank to Pasi Eronen. I am re- using some of his slides in this presentation.

Hannes Tschofenig (IETF#79, SAAG, Beijing). Acknowledgements I would like to thank to Pasi Eronen. I am re- using some of his slides in this presentation.
17 th TF-EMC2. Lyon, February 2011 On the Many Ways to Identity Exchange D i g i t a l i d e n t i t i e s a r e m o r e v a l u a b l e a s t h e y a.

17 th TF-EMC2. Lyon, February 2011 On the Many Ways to Identity Exchange D i g i t a l i d e n t i t i e s a r e m o r e v a l u a b l e a s t h e y a.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-

TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-
Connect. Communicate. Collaborate The eduGAIN Way Diego R. Lopez - RedIRIS.

Connect. Communicate. Collaborate The eduGAIN Way Diego R. Lopez - RedIRIS.
Prabath Siriwardena Senior Software Architect. An open source Identity & Entitlement management server.

Prabath Siriwardena Senior Software Architect. An open source Identity & Entitlement management server.
18 th TF-EMC2. WebEx, June 2011 Diego R. Lopez, RedIRIS On the Many Ways to Identity Exchange (Again) Digital identities are more valuable as they are.

18 th TF-EMC2. WebEx, June 2011 Diego R. Lopez, RedIRIS On the Many Ways to Identity Exchange (Again) Digital identities are more valuable as they are.
SAML-based Delegation in Shibboleth Scott Cantor Internet2/The Ohio State University.

SAML-based Delegation in Shibboleth Scott Cantor Internet2/The Ohio State University.
Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.

Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.
Distributed Web Security for Science Gateways Jim Basney In collaboration with: Rion Dooley Jeff Gaynor

Distributed Web Security for Science Gateways Jim Basney In collaboration with: Rion Dooley Jeff Gaynor
SWITCHaai Team Introduction to Shibboleth.

SWITCHaai Team Introduction to Shibboleth.
EuroPKI 2008 Manuel Sánchez Óscar Cánovas Gabriel López Antonio F. Gómez Skarmeta University of Murcia Levels of Assurance and Reauthentication in Federated.

EuroPKI 2008 Manuel Sánchez Óscar Cánovas Gabriel López Antonio F. Gómez Skarmeta University of Murcia Levels of Assurance and Reauthentication in Federated.
1 Multi Cloud Navid Pustchi April 25, 2014 World-Leading Research with Real-World Impact!

1 Multi Cloud Navid Pustchi April 25, 2014 World-Leading Research with Real-World Impact!
Workgroup Discussion on RESTful Application Programming Interface (API) Security Transport & Security Standards Workgroup January 12, 2014.

Workgroup Discussion on RESTful Application Programming Interface (API) Security Transport & Security Standards Workgroup January 12, 2014.
Connect. Communicate. Collaborate Federation Interoperability Made Possible By Design: eduGAIN Diego R. Lopez (RedIRIS)

Connect. Communicate. Collaborate Federation Interoperability Made Possible By Design: eduGAIN Diego R. Lopez (RedIRIS)

Similar presentations

Ads by Google