Download presentation
Presentation is loading. Please wait.
1
Workflow OpenID Scenario Users get OpenID from provider Andy is given access to service, and then to workflow server. Andy installs workflow Workflow gets Access Token from service Andy can use workflow Andy can allow Bob to use service.
2
Andy Bob Charlie (evil) Dave (Admin) Eric (Admin) Andy requests an OpenID from the provider and gets a username/password. This is a shared secret. OpenID Provider a-u/p
3
Andy Bob Charlie (evil) Dave (Admin) Eric (Admin) svc1 Eric provisions the server, and installs service svc1 on it. Nobody has the right to access it. OpenID Provider a-u/p
4
Andy Bob Charlie (evil) Dave (Admin) Eric (Admin) svc1 Andy request Eric for access to the service by giving his OpenID (but NOT the password) OpenID Provider a-u/p a a
5
Andy Bob Charlie (evil) Dave (Admin) Eric (Admin) svc1 Andy can now access the Service, as long as the OpenID exchange works to verify that he really is Andy. Eric can not steal or abuse his pw program OpenID Provider a-u/p a
6
Andy Bob Charlie (evil) Dave (Admin) Eric (Admin) svc1 Dave provisions a workflow Server. Nobody can access it. Workflow Server OpenID Provider a-u/p a
7
Andy Bob Charlie (evil) Dave (Admin) Eric (Admin) svc1 Andy asks Dave for access To the workflow server. a-u/p Workflow Server OpenID Provider a-u/p a a a
8
Andy Bob Charlie (evil) Dave (Admin) Eric (Admin) svc1 Andy is now able to install a workflow process into the workflow server as long as the OpenID provider verifies who he really is. a-u/p Workflow Server workflow process OpenID Provider a-u/p a a
9
Andy Bob Charlie (evil) Dave (Admin) Eric (Admin) svc1 Andy asks the workflow process to get access to svc1. It initiates an OAuth exchange by getting a request ID. a-u/p Workflow Server workflow process Req OpenID Provider a-u/p a a
10
Andy Bob Charlie (evil) Dave Eric (Admin) svc1 Browser redirected to server, Andy might have to log in to proves that it is Andy. This validates the request token. Browser redirected back to workflow server. a-u/p Workflow Server workflow process Req OpenID Provider a-u/p a a
11
Andy Bob Charlie (evil) Dave (Admin) Eric (Admin) svc1 The validated request token is swapped for an access token which functions as a password to the service. Andy’s password NEVER given to the workflow server. a-u/p Workflow Server workflow process w-u/p OpenID Provider a-u/p a a
12
Andy Bob Charlie (evil) Dave (Admin) Eric (Admin) svc1 Andy now make a request to the process, and it will make a request to the svc1. a-u/p Workflow Server workflow process w-u/p OpenID Provider a-u/p a a
13
Andy Bob Charlie (evil) Dave (Admin) Eric (Admin) svc1 Bob can get an OpenID a-u/p Workflow Server workflow process w-u/p OpenID Provider a-u/p a a b-u/p
14
Andy Bob Charlie (evil) Dave (Admin) Eric (Admin) svc1 Bob can ask Andy for permission to access workflow process. Andy puts bob’s openid into process, and allows rights to it. a-u/p Workflow Server workflow process w-u/p OpenID Provider a-u/p a a b-u/p b b
15
Andy Bob Charlie (evil) Dave (Admin) Eric (Admin) svc1 Bob can now invoke the process, as long as authenticated to the openid provider. The process can access the service. a-u/p Workflow Server workflow process b-u/p w-u/p OpenID Provider a-u/p a a b-u/p b
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.