OAuth 2.0 #idit2012

OAuth 2.0

ID＆IT Management Conference 2012

OpenID Foundation Japan Evangelist

OAuth.jp

Ruby Libraries

rack-oauth2

openid_connect

fb_graph

Current Trend

Mobile Game Social

Platform ♥ 3rd-party Developers

API Integration

Access Control for APIs

No password sharing

Limited access lifetime

Expire a'er N weeks

Limited access scope

Status Update : OK

Read Inbox : NG

OAuth 2.0 in Enterprize

ResourceOwner

Client

ResourceServer

APIAccess

AccessToken

AuthorizationServer

AuthorizeClient Access

ResourceOwner

Client

ResourceServer

APIAccess

AccessToken

AuthorizationServer

ResourceOwner

Client

ResourceServer

APIAccess

AccessToken

AuthorizationServer

2 Response Types in Core

Extensions

Code + Token

and more..

Get Access Token

response_type = codeResource Owner Client Authorization Server

Initiate

Require Approval

Approve

Access Token

response_type = tokenResource Owner Client Authorization Server

Initiate

Require Approval

Approve

Access Token

Response Type

Secure

2 HTTP request

Require Approval

Get Access Token

Efficient

1 HTTP request

Both at once

+ extensions

♥OpenID Connect

~ OpenID based on OAuth 2.0 ~

So, why these matters?

Social

API Economy

Discovery

Identity

Access Control

Streams

People

Applications

デジタルアイデンティティ技術最新動向 - @IT

openid-foundation-japan.github.com

slideshare.net/matake

github.com/nov

twitter.com/nov

OAuth 2.0 #idit2012

Technology

Transcript of OAuth 2.0 #idit2012

OAuth 2.0 refresher (russian)

[MS-OAPX]: OAuth 2.0 Protocol Extensions · PDF fileThe OAuth 2.0 Protocol Extensions specify extensions to [RFC6749] (The OAuth 2.0 Authorization Framework). When no operating system

Introducción al Protocolo OAuth 2.0

Securing APIs using OAuth 2.0

OAuth 2.0 & Security Considerations

OAuth 2.0 & OpenID Connect #MA7

[MS-OAPXBC-Diff]: OAuth 2.0 Protocol Extensions …...The OAuth 2.0 Protocol Extensions for Broker Clients specify extensions to [RFC6749] (The OAuth 2.0 Authorization Framework) that

OAuth 2.0 Misconceptions

Oracle Access Management OAuth Service€¦ · OAuth 2.0 authorization server and also offers several compelling differentiations to enable the OAuth 2.0 Client and the OAuth 2.0

[MS-XOAUTH]: OAuth 2.0 Authorization Protocol ExtensionsMS... · 5.1 Security Considerations for Implementers ... The OAuth 2.0 Authorization Protocol Extensions extend the OAuth

OAuth 2.0 Security

OAuth 2.0 Threat Landscapes

AdWords API and OAuth 2.0

Securing APIs with OAuth 2.0

The OAuth 2.0 Authorization Protocol - cleesh.com · The OAuth 2.0 Authorization Protocol draft-ietf-oauth-v2-25 Abstract The OAuth 2.0 authorization protocol enables a third-party

CIS13: Introduction to OAuth 2.0

Identity Workshopinnovbfa.viabloga.com/files//Cloud_Identity_Summit... · OAuth 2.0 OAuth 1 + OAuth-WRAP + IETF = OAuth 2.0 Expanded participation with other major vendors such as

OAuth 2.0 e OpenID Connect

[MS-OAUTH2EX]: OAuth 2.0 Authentication Protocol Extensions · 2016-05-11 · OAuth 2.0 Authentication Protocol Extensions describes extensions to the OAuth 2.0 Authentication Protocol.

OAUTH 2.0 FLOWS IN DECOUPLED - FBKst.fbk.eu/sites/st.fbk.eu/files/decoupled_flows.pdf · OAuth 2.0 Device Flow Vanilla OAuth 2.0 . THE CIBA FLOW. THE CIBA FLOW RP sends Backchannel