Presentation is loading. Please wait.

Presentation is loading. Please wait.

Attribute Validation proposal for OpenID AX Spec ____________________________.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Attribute Validation proposal for OpenID AX Spec ____________________________."— Presentation transcript:

1 Attribute Validation proposal for OpenID AX Spec ____________________________

2 How did we get here? Demand for email validation Why not an email specific solution? o No desire to promote email as an identifier (email recycling, email change) o Strong desire to use email as a discovery start point leading to OP and maybe user, but not as an identifier, claimed or 'local' Email discovery is going to be supported in XRD, but not necessarily be used to derive identifiers (see above) o by itself, discovery-flow only does not provide confidence for "account creation", "password reset" or even "sign-on" Idea: Decouple discovery and validation; validate email as a user attribute o At this point, might as well make it a general validation mechanism ____________________________

3 Attribute Validation New modes for AX validate_request and validate_response o validate_request uses the same elements as store_request o validate_response uses the same elements as fetch_response To allow for mixed validate/fetch, a special URL value to mean attribute_select could be added ____________________________

4 Best effort versus strict validation Should the OP be allowed to return a different value to be asserted than the requested by the RP? E.g.: Email validation flows: account creation and password reset. Different email a reasonable approach for the former, but typically not for the latter. o Option 0 "Assertion": No value in the request, OP returns user's. o Option 1 "Strict": Given a value, OP returns same value or fails.  Cons: Feedback from RPs indicate that many would not like to change their UIs to have the user type values (emails) twice and prefer flexibility o Option 2 "Loose": Given a value, OP may return a different one. o Option 3 "Choose": RP specifies preference for Option 1 or 2, OP acts accordingly. o Option 4 "Strict-Choose": RP specifies preference for Option 1 or 2, OP is free to always behave as if "strict" is indicated. ____________________________

5 Trust (Quality of validation) Does the user has access to the email inbox (now)? Email (and more general, attribute) validation? o How long since the email was validated? o Proof-of-inbox-control (e.g., OP=email provider & cookie present) Should we have "annotations" to indicate level of confidence or "freshness" of validation? (i.e., PAPE for AX)? ____________________________

Download ppt "Attribute Validation proposal for OpenID AX Spec ____________________________."

Similar presentations

Yahoo OpenID UI Updates Aanchal Gupta November 09.

Yahoo OpenID UI Updates Aanchal Gupta November 09.
2010 OpenID UX Summit AOL Status & Plans George Fletcher Fady Semaan Joel Schnee.

2010 OpenID UX Summit AOL Status & Plans George Fletcher Fady Semaan Joel Schnee.
ATTACKING AUTHENTICATION The Web Application Hacker’s Handbook, Ch. 6 Presenter: Jie Huang 10/31/2012.

ATTACKING AUTHENTICATION The Web Application Hacker’s Handbook, Ch. 6 Presenter: Jie Huang 10/31/2012.
OpenID RP Reputation in Trusted Exchange NRI 2008/06/10.

OpenID RP Reputation in Trusted Exchange NRI 2008/06/10.
1 Security Assertion Markup Language (SAML). 2 SAML Goals Create trusted security statements –Example: Bill’s address is and he was authenticated.

1 Security Assertion Markup Language (SAML). 2 SAML Goals Create trusted security statements –Example: Bill’s address is and he was authenticated.
Web Database Programming Input Validation. User Input on the Web Web browser built-in mechanisms –HTML Forms HTTP POST method –Hyperlinks HTTP GET method.

Web Database Programming Input Validation. User Input on the Web Web browser built-in mechanisms –HTML Forms HTTP POST method –Hyperlinks HTTP GET method.
The Design and Implementation of an OpenID-Enabled PKI Kevin Bauer University of Colorado Supervisor: Dhiva Muruganantham.

The Design and Implementation of an OpenID-Enabled PKI Kevin Bauer University of Colorado Supervisor: Dhiva Muruganantham.
Robustness Analysis Dr. Neal CIS 480. Outline What is robustness analysis? Key roles in robustness analysis Object types found in discovery Diagramming.

Robustness Analysis Dr. Neal CIS 480. Outline What is robustness analysis? Key roles in robustness analysis Object types found in discovery Diagramming.
OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.

OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.
Account Management Best Practices OpenID for Mobile Webfinger Allen Tom Yahoo! Membership

Account Management Best Practices OpenID for Mobile Webfinger Allen Tom Yahoo! Membership
GMetrix SMS Testing Center Guide.

GMetrix SMS Testing Center Guide.
1 Scanning Tokens. 2 Tokens When a Scanner reads input, it separates it into “tokens”  … at least when using methods like nextInt()  nextInt() takes.

1 Scanning Tokens. 2 Tokens When a Scanner reads input, it separates it into “tokens”  … at least when using methods like nextInt()  nextInt() takes.
Overview Minimum required classifiers for mapping vegetation cover at global scale using the FAO-LCCS tool GLC 2000 - LEGEND hjs/30-Apr-01.

Overview Minimum required classifiers for mapping vegetation cover at global scale using the FAO-LCCS tool GLC LEGEND hjs/30-Apr-01.
A Use Case for SAML Extensibility Ashish Patel, France Telecom Paul Madsen, NTT.

A Use Case for SAML Extensibility Ashish Patel, France Telecom Paul Madsen, NTT.
Shibboleth: New Functionality in Version 1 Steve Carmody July 9, 2003 Steve Carmody July 9, 2003.

Shibboleth: New Functionality in Version 1 Steve Carmody July 9, 2003 Steve Carmody July 9, 2003.
IDENTITY MANAGEMENT Hoang Huu Hanh (PhD), OST – Hue University hanh-at-hueuni.edu.vn.

IDENTITY MANAGEMENT Hoang Huu Hanh (PhD), OST – Hue University hanh-at-hueuni.edu.vn.
Apply Sub Procedures/Methods and User Defined Functions

Apply Sub Procedures/Methods and User Defined Functions
Introduction to Comcare’s Customer Information System Presentation.

Introduction to Comcare’s Customer Information System Presentation.
28/08/2015SJF L31 F21SF Software Engineering Foundations ASSUMPTIONS AND TESTING Monica Farrow EM G30 Material available on Vision.

28/08/2015SJF L31 F21SF Software Engineering Foundations ASSUMPTIONS AND TESTING Monica Farrow EM G30 Material available on Vision.
UTIPS Core Roll-Out Fall, 2011 Julie Quinn, Data and Delivery Coordinator Assessment and Accountability Utah State Office of Education.

UTIPS Core Roll-Out Fall, 2011 Julie Quinn, Data and Delivery Coordinator Assessment and Accountability Utah State Office of Education.

Similar presentations

Ads by Google