Presentation is loading. Please wait.

Presentation is loading. Please wait.

OpenID Enhanced Authentication Profile (EAP) Working Group

Published byStella Osborne Modified over 5 years ago

Similar presentations

Presentation on theme: "OpenID Enhanced Authentication Profile (EAP) Working Group"— Presentation transcript:

1 OpenID Enhanced Authentication Profile (EAP) Working Group
May 15, 2018 Dr. Michael B. Jones Identity Standards Architect – Microsoft

2 What is the EAP WG? Working group description at Chartered to: “Develop a security and privacy profile of the OpenID Connect specifications that enable users to authenticate to OpenID Providers using strong authentication specifications. The resulting profile will enable use of IETF Token Binding specifications with OpenID Connect and integration with FIDO relying parties and/or other strong authentication technologies.”

3 Two EAP Specifications
Token Bound Authentication Defines how to apply Token Binding to OpenID Connect ID Tokens EAP ACR Values Defines “acr” values strong authentication profiles

4 Token Binding Update IETF Token Binding specs went to IESG telechat May 10, 2018 IESG review the last step before going to the RFC Editor OAuth Token Binding spec Defines Token Binding of OAuth 2.0 access tokens, refresh tokens, authorization codes, JWT authorization grants, and JWT client authentication OpenID Connect Token Binding spec Defines Binding of OpenID Connect ID Tokens Continuing to define metadata about Token Binding implementations Implementation available for interop testing Created by Brian Campbell See

5 Two ACR Values Defined “phr” – Phishing-Resistant
An authentication mechanism where a party potentially under the control of the Relying Party cannot gain sufficient information to be able to successfully authenticate to the End User's OpenID Provider as if that party were the End User “phrh” – Phishing-Resistant Hardware Protected An authentication mechanism meeting the requirements for phishing-resistant authentication above in which additionally information needed to be able to successfully authenticate to the End User's OpenID Provider as if that party were the End User is held in a hardware-protected device or component Phishing-Resistant definition based on 2008 OpenID Provider Authentication Policy Extension (PAPE) specification

6 Status Working group active
Chairs Brian Campbell and Mike Jones Calls scheduled every two weeks on Thursdays For more information, see the working group page

Download ppt "OpenID Enhanced Authentication Profile (EAP) Working Group"

Similar presentations

1Copyright © 2010, Printer Working Group. All rights reserved. PWG Plenary Status Report IDS Working Group August 4, 2010 Bagsværd, Denmark- PWG F2F Meeting.

1Copyright © 2010, Printer Working Group. All rights reserved. PWG Plenary Status Report IDS Working Group August 4, 2010 Bagsværd, Denmark- PWG F2F Meeting.
Smartphone-based authorization system Advisor: Dr. Wenjun Zeng - Professor Presenter: Yilihamujiang, Ailiyasijiang Zhou, Guanlong Al-Sinani, H. S. (2011).

Smartphone-based authorization system Advisor: Dr. Wenjun Zeng - Professor Presenter: Yilihamujiang, Ailiyasijiang Zhou, Guanlong Al-Sinani, H. S. (2011).
1Copyright © 2008, Printer Working Group. All rights reserved. PWG Imaging Device Security (IDS) Working Group Lexington, KY – P2600 Meeting October 24,

1Copyright © 2008, Printer Working Group. All rights reserved. PWG Imaging Device Security (IDS) Working Group Lexington, KY – P2600 Meeting October 24,
1 Trillion Azure AD authentications since the release of the service 50 M Office 365 users active every month >1 Billion authentications every.

1 Trillion Azure AD authentications since the release of the service 50 M Office 365 users active every month >1 Billion authentications every.
OpenID Connect Update and Discussion Mountain View Summit – September 12, 2011 Mike Jones – Microsoft John Bradley – Independent Nat Sakimura – Nomura.

OpenID Connect Update and Discussion Mountain View Summit – September 12, 2011 Mike Jones – Microsoft John Bradley – Independent Nat Sakimura – Nomura.
Finalize RESTful Application Programming Interface (API) Security Recommendations Transport & Security Standards Workgroup January 28, 2014.

Finalize RESTful Application Programming Interface (API) Security Recommendations Transport & Security Standards Workgroup January 28, 2014.
OpenID Connect Working Group April 6, 2015 Mike Jones Identity Standards Architect – Microsoft.

OpenID Connect Working Group April 6, 2015 Mike Jones Identity Standards Architect – Microsoft.
OAuth/UMA for ACE 24 th March 2015 draft-maler-ace-oauth-uma-00.txt Eve Maler, Erik Wahlström, Samuel Erdtman, Hannes Tschofenig.

OAuth/UMA for ACE 24 th March 2015 draft-maler-ace-oauth-uma-00.txt Eve Maler, Erik Wahlström, Samuel Erdtman, Hannes Tschofenig.
Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.

Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.
Prabath Siriwardena Senior Software Architect. An open source Identity & Entitlement management server.

Prabath Siriwardena Senior Software Architect. An open source Identity & Entitlement management server.
Workgroup Discussion on RESTful Application Programming Interface (API) Security Transport & Security Standards Workgroup January 12, 2014.

Workgroup Discussion on RESTful Application Programming Interface (API) Security Transport & Security Standards Workgroup January 12, 2014.
Identity Management Hannes Tschofenig. Motivation OAuth was created to allow secure and privacy friendly sharing of data. OAuth is not an authentication.

Identity Management Hannes Tschofenig. Motivation OAuth was created to allow secure and privacy friendly sharing of data. OAuth is not an authentication.
IETF #91 OAuth Meeting Derek Atkins Hannes Tschofenig.

IETF #91 OAuth Meeting Derek Atkins Hannes Tschofenig.
PAWS: Security Considerations Yizhuang WU, Yang CUI PAWS WG 2012.07.30.

PAWS: Security Considerations Yizhuang WU, Yang CUI PAWS WG
Hannes Tschofenig, Blaine Cook. 6/4/2016 IETF #77, SAAG 2 The Problem.

Hannes Tschofenig, Blaine Cook. 6/4/2016 IETF #77, SAAG 2 The Problem.
Observations from the OAuth Feature Survey Mike Jones March 14, 2013 IETF 86.

Observations from the OAuth Feature Survey Mike Jones March 14, 2013 IETF 86.
Status Update on Other GFIPM Activity Threads GFIPM Delivery Team Meeting November 2011.

Status Update on Other GFIPM Activity Threads GFIPM Delivery Team Meeting November 2011.
Web Authorization Protocol (oauth) IETF 90, Toronto Chairs: Hannes Tschofenig, Derek Atkins Responsible AD: Kathleen Moriarty Mailing List:

Web Authorization Protocol (oauth) IETF 90, Toronto Chairs: Hannes Tschofenig, Derek Atkins Responsible AD: Kathleen Moriarty Mailing List:
Web Authorization Protocol (oauth) Hannes Tschofenig.

Web Authorization Protocol (oauth) Hannes Tschofenig.
Justin Richer The MITRE Corporation October 8, 2014 Overview of OAuth 2.0 and Blue Button + REST.

Justin Richer The MITRE Corporation October 8, 2014 Overview of OAuth 2.0 and Blue Button + REST.

Similar presentations

Ads by Google