Presentation is loading. Please wait.

Presentation is loading. Please wait.

OAuth Security Hannes Tschofenig Derek Atkins. State-of-the-Art Design Team work late 2012/early 2013 Results documented in Appendix 3 (Requirements)

Published byNaomi Morgan Modified over 9 years ago

Similar presentations

Presentation on theme: "OAuth Security Hannes Tschofenig Derek Atkins. State-of-the-Art Design Team work late 2012/early 2013 Results documented in Appendix 3 (Requirements)"— Presentation transcript:

1 OAuth Security Hannes Tschofenig Derek Atkins

2 State-of-the-Art Design Team work late 2012/early 2013 Results documented in Appendix 3 (Requirements) and in Appendix 4 (Use Cases) of http://tools.ietf.org/html/draft-ietf-oauth- v2-http-mac-05http://tools.ietf.org/html/draft-ietf-oauth- v2-http-mac-05 Two solution approaches documents available in the group: – MAC Token: draft-ietf-oauth-v2-http-mac-05draft-ietf-oauth-v2-http-mac-05 – HOTK: draft-tschofenig-oauth-hotk-03draft-tschofenig-oauth-hotk-03

3 I Client Authorization Server Resource Server II III

4 I Client Authorization Server Resource Server II III

5 I: Key Distribution AS Client Variants: – Key Distribution at Token Issuance – Key Distribution at Registration Approaches: – Server-provided key – Client-provided key – Joint key control / key agreement Examples: – Section 3.1.2 of HOTK for asymmetric keys – Section 4.1 of MAC Token for symmetric keys

6 Lifetime Hierarchy OauthKerberos Client Secret / AssertionsLong-term Username/Passwd Refresh TokensTicket Granting Ticket Access Token-based keyService tickets

7 I Client Authorization Server Resource Server II III

8 II: Client RS Interaction Components: a)Proof of possession of client key b)Message integrity / Channel Binding c)Server-to-client authentication a)As part of TLS b)Custom application-layer solution Examples: – Section 5 of MAC Token for symmetric keys (encoded as HTTP header) – Section 3.2.2 of HOTK for asymmetric keys – Section 3.2.1 of HOTK for symmetric keys (encoded as JSON structure)

9 I Client Authorization Server Resource Server II III

10 III: Key Distribution AS RS Variants: a) Embedded key b) Token introspection c) Out-of-band Examples: Ad a) Section 4.2 of HOTK Ad b) draft-richer-oauth-introspection Ad c) PKI

11 Next Steps: Document Restructuring Use Cases, Requirements and Design Rational – Currently in the appendix of MAC Token – Update to reflect new use cases Key Distribution AS Client – Cover symmetric as well as asymmetric case Client RS Communication – Section 5 of MAC Token & Section 3.2 of HOTK. – Includes keyed message digest/signature calculation algorithm. – Includes binding to transport – Includes JSON structure. Token introspection Encoding of PoP in JWT (symmetric & asymmetric)

Download ppt "OAuth Security Hannes Tschofenig Derek Atkins. State-of-the-Art Design Team work late 2012/early 2013 Results documented in Appendix 3 (Requirements)"

Similar presentations

1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P1619.3 April 11, 2007 Andrea Doherty.

1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P April 11, 2007 Andrea Doherty.
Dynamic Symmetric Key Provisioning Protocol (DSKPP)

Dynamic Symmetric Key Provisioning Protocol (DSKPP)
April 23, 20021 XKMS Requirements Update Frederick Hirsch, Mike Just April 23, 2002 Goals Requirements Summary –General, Security Last Call Issues –For.

April 23, XKMS Requirements Update Frederick Hirsch, Mike Just April 23, 2002 Goals Requirements Summary –General, Security Last Call Issues –For.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
J. Wang. Computer Network Security Theory and Practice. Springer 2009 Chapter 5 Network Security Protocols in Practice Part II.

J. Wang. Computer Network Security Theory and Practice. Springer 2009 Chapter 5 Network Security Protocols in Practice Part II.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
CSE 486/586, Spring 2014 CSE 486/586 Distributed Systems Security --- 2 Steve Ko Computer Sciences and Engineering University at Buffalo.

CSE 486/586, Spring 2014 CSE 486/586 Distributed Systems Security Steve Ko Computer Sciences and Engineering University at Buffalo.
IETF OAuth Proof-of-Possession

IETF OAuth Proof-of-Possession
1 IETF OAuth Proof-of-Possession Hannes Tschofenig.

1 IETF OAuth Proof-of-Possession Hannes Tschofenig.
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Internet Engineering Task Force Provisioning of Symmetric Keys Working Group www.oasis-open.org Hannes Tschofenig.

Internet Engineering Task Force Provisioning of Symmetric Keys Working Group Hannes Tschofenig.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
More on AuthenticationCS-4513 D-term 20081 More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.

More on AuthenticationCS-4513 D-term More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.
May 21, 2002Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

May 21, 2002Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Information Security of Embedded Systems 3.2.2010: Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.

Information Security of Embedded Systems : Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.

Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.
Security Management.

Security Management.
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.

1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.

Similar presentations

Ads by Google