OpenID Foundation Connect Working Group Update - October 22, 2018

•

0 gostou•1,121 visualizações

OpenID Foundation Connect Working Group update presented by Michael Jones (Microsoft) at the OpenID Foundation Workshop at VMware on Monday, October 22, 2018.

Tecnologia

OpenID Connect Working Group
April 2, 2018
Michael B. Jones
Identity Standards Architect – Microsoft

You’re Probably Already
Using OpenID Connect!
• If you have an Android phone or log in at AOL,
Deutsche Telekom, Google, Microsoft, NEC,
NTT, Salesforce, Softbank, Symantec, Verizon,
or Yahoo! Japan, you’re already using OpenID
Connect
– Many other sites and apps large and small also
use OpenID Connect

Numerous Awards
• OpenID Connect won 2012 European Identity
Award for Best Innovation/New Standard
– http://openid.net/2012/04/18/openid-connect-
wins-2012-european-identity-and-cloud-award/
• OAuth 2.0 won in 2013
• JWT/JOSE won in 2014
• OpenID Certification program won
2018 Identity Innovation Award

Topics
• Federation Specification
• Session Management / Logout
• Second Errata Set
• Current Related Work
• OpenID Connect Certification

Federation Specification
• Roland Hedberg created OpenID Connect
Federation specification
– http://openid.net/specs/openid-connect-
federation-1_0.html
• Enables establishment and maintenance of
multi-party federations using OpenID Connect
• Defines hierarchical JSON-based metadata
structures for federation participants
• Prototype implementations being tested

Session Management /
Logout
• Three approaches being pursued by the working group:
– Session Management
• http://openid.net/specs/openid-connect-session-1_0.html
• Uses HTML5 postMessage to communicate state change messages
between OP and RP iframes
– Front-Channel Logout
• http://openid.net/specs/openid-connect-frontchannel-1_0.html
• Uses HTTP GET to load image or iframe, triggering logout
• Similar to options in SAML, WS-Federation
– Back-Channel Logout
• http://openid.net/specs/openid-connect-backchannel-1_0.html
• Server-to-communication not using the browser
• Can be used by native applications, which have no active browser
• All support multiple logged in sessions from OP at RP
• Unfortunately, no one approach best for all use cases
• Is it time to move to Final Specifications?

Second Errata Set
• Errata process corrects typos, etc. discovered
– Makes no normative changes
• Edits under way for second errata set
• See http://openid.net/specs/openid-connect-
core-1_0-23.html for current Core errata draft
• Waiting for OAuth AS metadata spec draft-ietf-
oauth-discovery to finish
– So we can register OpenID Discovery metadata values
– Spec just progressed to the RFC Editor
• I plan to do the remaining edits during IIW

OpenID Certification
• OpenID Certification enables OpenID Connect
implementations to be certified as meeting
requirements of defined conformance profiles
• Now OP and RP certification profiles for:
– Basic OP and Basic RP
– Implicit OP and Implicit RP
– Hybrid OP and Hybrid RP
– OP Publishing and RP Using Configuration Information
– Dynamic OP and Dynamic RP
• See http://openid.net/certification/ and
http://openid.net/certification/faq/
– And accompanying certification presentation!

Open Conversation
• How are you using OpenID Connect?
• What would you like the working group to
know and do?

Mais conteúdo relacionado

Mais procurados

OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- FAPI Certi...

OpenIDFoundation

OpenID Foundation Workshop at EIC 2018 - MODRNA Working Group Update

MikeLeszcz

OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- OpenID Cer...

OpenIDFoundation

OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group Update

OpenIDFoundation

OpenID Foundation Workshop at EIC 2018 - Mobile Driver's License Presentantion

MikeLeszcz

OpenID Foundation RISC WG Update - 2018-04-02

MikeLeszcz

OpenID Foundation RISC WG Update - 2017-10-16

MikeLeszcz

Identity is ubiquitous. Regardless of the kind of applications you develop you will, at some point, almost certainly have to deal with identifying users of the app. Yet it's seldom a central part of the app’s value proposition and rarely a core competency for developers. Wouldn’t it be nice to outsource user authentication and free yourself from the liability and complexity of storing and managing passwords? OpenID Connect, just ratified earlier this year and backed by some big industry names, is emerging as the go to standard way to do exactly that. Connect allows you to easily and securely get an answer to the question: “What is the identity of the person currently using this browser or native app?” Unlike some of it’s predecessors, however, Connect has roots spanning the consumer, SaaS and enterprise space and is better suited to serve a diverse set of deployments. Come find out more about Connect in this talk from a seasoned veteran of the prestigious basement conference rooms at GlueCon.

OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAut...

Brian Campbell

Enterprise Single Sign On

WSO2

apidays LIVE Australia 2021 - API Horror Stories from an Unnamed Coworking Co...

apidays

APIdays London 2020: Toward certifying Financial-grade API security profile w...

Hitachi, Ltd. OSS Solution Center.

[Workshop] Up-leveling Brownfield Integration

WSO2

Implementing security and availability requirements for banking API system us...

Hitachi, Ltd. OSS Solution Center.

[Workshop] Managing the API lifecycle with Open Source Technologies

WSO2

O365con14 - moving from on-premises to online, the road to follow

NCCOMMS

Debugging Integration Flows

WSO2

O365con14 - lync to the future

NCCOMMS

One of the burdens modern integration developers face is the disconnectivity between design, development, debugging, testing, and deploying integrations. WSO2 Enterprise Integrator provides a rich developer experience with all the tools you need to construct complex enterprise integrations. Learn how WSO2 Enterprise Integrator gives you a connected developer experience when building an enterprise application. This deck will explore how to simplify the integration of services with integrated middleware, creating a unified API management platform for a connected business, and a demonstration of an agile platform for a connected business.

Making a Connected Integration Developer Experience using WSO2 Enterprise Int...

WSO2

Strong Customer Authentication - All Your Questions Answered

WSO2

O365con14 - building a hybrid configuration with exchange 2013

NCCOMMS

Mais procurados (20)

OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- FAPI Certi...

OpenID Foundation Workshop at EIC 2018 - MODRNA Working Group Update

OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- OpenID Cer...

OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group Update

OpenID Foundation Workshop at EIC 2018 - Mobile Driver's License Presentantion

OpenID Foundation RISC WG Update - 2018-04-02

OpenID Foundation RISC WG Update - 2017-10-16

OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAut...

Enterprise Single Sign On

apidays LIVE Australia 2021 - API Horror Stories from an Unnamed Coworking Co...

APIdays London 2020: Toward certifying Financial-grade API security profile w...

[Workshop] Up-leveling Brownfield Integration

Implementing security and availability requirements for banking API system us...

[Workshop] Managing the API lifecycle with Open Source Technologies

O365con14 - moving from on-premises to online, the road to follow

Debugging Integration Flows

O365con14 - lync to the future

Making a Connected Integration Developer Experience using WSO2 Enterprise Int...

Strong Customer Authentication - All Your Questions Answered

O365con14 - building a hybrid configuration with exchange 2013

Semelhante a OpenID Foundation Connect Working Group Update - October 22, 2018

OpenID Connect "101" Introduction -- October 23, 2018

OpenIDFoundation

Enabling Large-Scale Multi-Party Federations with OpenID Connect - OpenID Sum...

OpenID Foundation Japan

OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17

Shane Coughlan

Tableau Desktop as a Linked (Open) Data Front-End via ODBC

Kingsley Uyi Idehen

Slides for my and Johan Palmer presentation on Oracle Open World 2019. Abstract: Project Helidon is an open-source framework that supports customers developing Java-based microservices applications. Helidon SE is designed to be simple to use, lightweight, and fast. In addition, Helidon also implements MicroProfile, a baseline platform definition that optimizes Java EE for microservices architectures, and delivers application portability across multiple runtimes. Come to this session to learn what Helidon is, gain an understanding of the strategy and roadmap, and uncover how you might benefit from using Helidon in your business.

Building Cloud-Native Applications with Helidon

Dmitry Kornilov

IBM Connect2014 JMP106

Thomas Evans

CIS 2013 Ping Identity Chalktalk

Craig Wu

OpenID Progress EEMA Conference

evidos

The wait is over! ForgeRock is releasing shiny new versions of all solution areas of the ForgeRock Identity Platform. To give you a preview on what’s coming, join this webinar to hear directly from the Product Managers what’s new in: Access Management Identity Management Directory Services Identity Gateway Shared Services Learn more about ForgeRock Access Management: https://www.forgerock.com/platform/access-management/ Learn more about ForgeRock Identity Management: https://www.forgerock.com/platform/identity-management/

Webinar: ForgeRock Identity Platform Preview (Dec 2015)

ForgeRock

OData External Data Integration Strategies for SaaS

Sumit Sarkar

OData, External objects & Lightning Connect

Prasanna Deshpande ☁

OpenID Connect: An Overview

Pat Patterson

OAuth2 for IoT Security: Why OpenID Connect & UMA Are They Key

Mike Schwartz

There's a lot of reasons to love Git. (Git is awesome at what it does.) Let’s look at the 3 major use cases for Git in the enterprise: 1. You work with third party or outsourced development teams. 2. You use open source in your products. 3. You have different workflow needs for different teams. Making the best of Git can be difficult in an enterprise environment. Trying to manage all the moving parts is like herding cats. So, how do you optimize your teams’ use of Git — and make it all fit into your vision of the enterprise SDLC? You’ll learn about: -The challenges that accompany each use case — third parties, open source code, different workflows. -Ways to solve these problems. -How to make Git better, faster, and easier — with Perforce

Better, Faster, Easier: How to Make Git Really Work in the Enterprise

Perforce

Maker of Things - the open IoT cloud for makers chapter.

Jollen Chen

CIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn Fay

CloudIDSummit

Improve and simplify securing Red Hat OpenShift containerized environments by leveraging CyberArk’s secrets management solutions and out-of-the-box certified integrations. This demo heavy technical session expands on the prior webinar and uses demos and examples to give practical guidance on how to improve securing your organization’s containerized applications. All while avoiding impacting developer velocity. This session will provide: A clear understanding of the challenges and requirements for securing Kubernetes and Red Hat OpenShift containerized environments at enterprise scale The benefits of enhancing the native secrets management and security capabilities of OpenShift with CyberArk’s certified integrations Guidance to address common security challenges, including achieving enterprise scale and availability, minimizing the time spent on audit and compliance requests, avoiding problems with developer adoption Practical steps to get started using Conjur Open Source and next steps CyberArk, the global leader in privileged access management, offers the industry’s most complete solution for securing both the credentials and secrets used by applications, Playbooks, scripts and other non-human identities, as well as human users. CyberArk solutions are deployed at many of the world’s largest enterprises including over half the Fortune 500.

Securing Red Hat OpenShift Containerized Applications At Enterprise Scale

DevOps.com

Android Study Jam

DSCMESCOE

Smart Device Link Integration into Linux systems by Jeremiah Foster

Luxoft

Webinar: OpenIDM 3.1

ForgeRock

Semelhante a OpenID Foundation Connect Working Group Update - October 22, 2018 (20)

OpenID Connect "101" Introduction -- October 23, 2018

Enabling Large-Scale Multi-Party Federations with OpenID Connect - OpenID Sum...

OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17

Tableau Desktop as a Linked (Open) Data Front-End via ODBC

Building Cloud-Native Applications with Helidon

IBM Connect2014 JMP106

CIS 2013 Ping Identity Chalktalk

OpenID Progress EEMA Conference

Webinar: ForgeRock Identity Platform Preview (Dec 2015)

OData External Data Integration Strategies for SaaS

OData, External objects & Lightning Connect

OpenID Connect: An Overview

OAuth2 for IoT Security: Why OpenID Connect & UMA Are They Key

Better, Faster, Easier: How to Make Git Really Work in the Enterprise

Maker of Things - the open IoT cloud for makers chapter.

CIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn Fay

Securing Red Hat OpenShift Containerized Applications At Enterprise Scale

Android Study Jam

Smart Device Link Integration into Linux systems by Jeremiah Foster

Webinar: OpenIDM 3.1

Mais de OpenIDFoundation

OIDF Virtual Workshop -- 5/21/2020 -- OpenID Certification Program Update

OpenIDFoundation

OIDF Workshop at Verizon Media -- 9/30/2019 -- Browser Changes Impacting Iden...

OpenIDFoundation

OIDF Workshop at Verizon Media -- 9/30/2019 -- Continuous Access Evaluation P...

OpenIDFoundation

OIDF Workshop at Verizon Media -- 9/30/2019 -- Research & Education Working G...

OpenIDFoundation

OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect for Identity As...

OpenIDFoundation

OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update

OpenIDFoundation

OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- FAPI Certi...

OpenIDFoundation

OIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group Update

OpenIDFoundation

OpenID Foundation Research & Education Working Group Update - October 22, 2018

OpenIDFoundation

OpenID Foundation iGov Working Group Update - October 22, 2018

OpenIDFoundation

OpenID Foundation Certification Program Update - October 22, 2018

OpenIDFoundation

Mais de OpenIDFoundation (11)