Post on 06-Jan-2016
description
Hannes Tschofenig (IETF#79, SAAG, Beijing)
Acknowledgements
• I would like to thank to Pasi Eronen. I am re-using some of his slides in this presentation.
04/20/23 IETF #79, OAuth Overview, SAAG Meeting, Beijing
2
04/20/23 IETF #79, OAuth Overview, SAAG Meeting, Beijing
3
The Problem: Secure Data Sharing
04/20/23 IETF #79, OAuth Overview, SAAG Meeting, Beijing
4
04/20/23 IETF #79, OAuth Overview, SAAG Meeting, Beijing
5
Example OAuth Exchange
04/20/23 6IETF #79, OAuth Overview, SAAG Meeting, Beijing
User Enters a URLIn the web browser
04/20/23 7IETF #79, OAuth Overview, SAAG Meeting, Beijing
Browser opens URL
04/20/23 8IETF #79, OAuth Overview, SAAG Meeting, Beijing
User is presentedWith the option toaccess remote (but protected) data
04/20/23 9IETF #79, OAuth Overview, SAAG Meeting, Beijing
Resource ConsumerRedirects to Authorization Server
04/20/23 10IETF #79, OAuth Overview, SAAG Meeting, Beijing
User authenticationtakes place
04/20/23 11IETF #79, OAuth Overview, SAAG Meeting, Beijing
User authorizes data exchange
04/20/23 12IETF #79, OAuth Overview, SAAG Meeting, Beijing
Authorization GrantedRedirect from Authz Server back to Resource Consumer
04/20/23 13IETF #79, OAuth Overview, SAAG Meeting, Beijing
Resource ConsumerRequests Token from Authorization ServerFor Access to theResource Server
04/20/23 14IETF #79, OAuth Overview, SAAG Meeting, Beijing
Resource ConsumerReceives Token
04/20/23 15IETF #79, OAuth Overview, SAAG Meeting, Beijing
Resource ConsumerRequests access toData at the ResourceServer
04/20/23 16IETF #79, OAuth Overview, SAAG Meeting, Beijing
Data exchange takesplace
OAuth Profiles
Token Request
Work Scope
UserUser Agent
Authorization Server
Resource Server
Resource Consumer
Access Request(incl. Token)
Authorization Request
04/20/23 17IETF #79, OAuth Overview, SAAG Meeting, Beijing
User Interface
Token FormatAnd Content
Authz ServerInteractionData Exchange
Authentication
Request Security
Summary• Open Web Authentication (OAuth) is developed in
the IETF to provide delegated authentication. • Code available (see http://oauth.net/code/) and
deployment on the way.• Working group is working on finalizing the OAuth 2.0
specification:– http://tools.ietf.org/html/draft-ietf-oauth-v2
• Rechartering discussion started with many extensions being considered by the group
• Your input is needed!
04/20/23 IETF #79, OAuth Overview, SAAG Meeting, Beijing
18