Ignite Talk: I AM a robot, how do I log in?
-
Upload
pivotal -
Category
Technology
-
view
82 -
download
0
Transcript of Ignite Talk: I AM a robot, how do I log in?
![Page 1: Ignite Talk: I AM a robot, how do I log in?](https://reader036.fdocuments.us/reader036/viewer/2022070519/58f30a841a28abbf228b4591/html5/thumbnails/1.jpg)
![Page 2: Ignite Talk: I AM a robot, how do I log in?](https://reader036.fdocuments.us/reader036/viewer/2022070519/58f30a841a28abbf228b4591/html5/thumbnails/2.jpg)
Jayson DelanceyI am a robot, how do I login
![Page 3: Ignite Talk: I AM a robot, how do I log in?](https://reader036.fdocuments.us/reader036/viewer/2022070519/58f30a841a28abbf228b4591/html5/thumbnails/3.jpg)
But I AM a robot _
![Page 5: Ignite Talk: I AM a robot, how do I log in?](https://reader036.fdocuments.us/reader036/viewer/2022070519/58f30a841a28abbf228b4591/html5/thumbnails/5.jpg)
UAAUser Account and Authentication Server
![Page 6: Ignite Talk: I AM a robot, how do I log in?](https://reader036.fdocuments.us/reader036/viewer/2022070519/58f30a841a28abbf228b4591/html5/thumbnails/6.jpg)
SSO
OAuth2
![Page 7: Ignite Talk: I AM a robot, how do I log in?](https://reader036.fdocuments.us/reader036/viewer/2022070519/58f30a841a28abbf228b4591/html5/thumbnails/7.jpg)
![Page 8: Ignite Talk: I AM a robot, how do I log in?](https://reader036.fdocuments.us/reader036/viewer/2022070519/58f30a841a28abbf228b4591/html5/thumbnails/8.jpg)
![Page 9: Ignite Talk: I AM a robot, how do I log in?](https://reader036.fdocuments.us/reader036/viewer/2022070519/58f30a841a28abbf228b4591/html5/thumbnails/9.jpg)
• Headless
• Exposed
• Accessible
• Sensitive data
• Sensitive Hardware
![Page 10: Ignite Talk: I AM a robot, how do I log in?](https://reader036.fdocuments.us/reader036/viewer/2022070519/58f30a841a28abbf228b4591/html5/thumbnails/10.jpg)
draft-ietf-oauth-jwt-bearer
This specification defines the use of a JSON Web Token (JWT) Bearer Token as a means for requesting an OAuth 2.0 access token as well as for use as a means of client authentication.
![Page 11: Ignite Talk: I AM a robot, how do I log in?](https://reader036.fdocuments.us/reader036/viewer/2022070519/58f30a841a28abbf228b4591/html5/thumbnails/11.jpg)
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImV4cCI6MTIzMTIzfQ.cUyTEK1BKsOU5stpPiM5-PGT4nUrKwAHajhmb9Ojim7NbEwgsDAju9vlukBYJOSCFyXbG_N0zlQrO8n7yJ9G2OIOerQNqMTNWcqwtcFha1TJyhv4tb40bLONfcrMIAO1L-oF9f27xwJQODJz4SmyU1nSI1dKeqN5KmyHVUqOLAI
![Page 12: Ignite Talk: I AM a robot, how do I log in?](https://reader036.fdocuments.us/reader036/viewer/2022070519/58f30a841a28abbf228b4591/html5/thumbnails/12.jpg)
Header{ "alg":"RS256"} Payload{ "iss": <clientID> "sub": <device ID> "aud": <uaa> "exp": <expiration time of this token> "tenant_id": <tenant_id>} SignatureSHA256withRSA( <base64(Header)>.<base64(Payload)>, <private key>)
![Page 13: Ignite Talk: I AM a robot, how do I log in?](https://reader036.fdocuments.us/reader036/viewer/2022070519/58f30a841a28abbf228b4591/html5/thumbnails/13.jpg)
• Certificate-Signing Request
• Certificate Authority
• Signature
![Page 14: Ignite Talk: I AM a robot, how do I log in?](https://reader036.fdocuments.us/reader036/viewer/2022070519/58f30a841a28abbf228b4591/html5/thumbnails/14.jpg)
• Device name
• Device serial no.
• Shared secret
1. Add Device
![Page 15: Ignite Talk: I AM a robot, how do I log in?](https://reader036.fdocuments.us/reader036/viewer/2022070519/58f30a841a28abbf228b4591/html5/thumbnails/15.jpg)
Hardware Security Module (HSM)
![Page 16: Ignite Talk: I AM a robot, how do I log in?](https://reader036.fdocuments.us/reader036/viewer/2022070519/58f30a841a28abbf228b4591/html5/thumbnails/16.jpg)
2. Enroll Device• MAC address
• Device UUID
• Tenant ID
![Page 17: Ignite Talk: I AM a robot, how do I log in?](https://reader036.fdocuments.us/reader036/viewer/2022070519/58f30a841a28abbf228b4591/html5/thumbnails/17.jpg)
Streaming Sensor Data
![Page 18: Ignite Talk: I AM a robot, how do I log in?](https://reader036.fdocuments.us/reader036/viewer/2022070519/58f30a841a28abbf228b4591/html5/thumbnails/18.jpg)
Bearer Token Access Token
![Page 19: Ignite Talk: I AM a robot, how do I log in?](https://reader036.fdocuments.us/reader036/viewer/2022070519/58f30a841a28abbf228b4591/html5/thumbnails/19.jpg)
401 Unauthorized
![Page 20: Ignite Talk: I AM a robot, how do I log in?](https://reader036.fdocuments.us/reader036/viewer/2022070519/58f30a841a28abbf228b4591/html5/thumbnails/20.jpg)
UAA
+
JWT
![Page 21: Ignite Talk: I AM a robot, how do I log in?](https://reader036.fdocuments.us/reader036/viewer/2022070519/58f30a841a28abbf228b4591/html5/thumbnails/21.jpg)
Sense, Plan, Act
![Page 22: Ignite Talk: I AM a robot, how do I log in?](https://reader036.fdocuments.us/reader036/viewer/2022070519/58f30a841a28abbf228b4591/html5/thumbnails/22.jpg)
Robots are users too.
https://github.com/GESoftware-CF/uaa
jwt_grant_3.4.0 branch