SlideShare una empresa de Scribd logo
1 de 13
Descargar para leer sin conexión
The JSON-based Identity Protocol Suite
    By Travis Spencer




Copyright © 2013 Twobo Technologies AB.
Overview of the Protocol Suite

 JavaScript Object Notation (JSON) – Data
  encoding format popularized by AJAX & REST
 All being defined in IETF
 Used to encode OAuth 2.0 security model
          Tokens (JWT)                   Encryption (JWE)
          Keys (JWK)                     Signatures (JWS)
 OAuth 2.0 Bearer Token spec binds it to OAuth
 Basis of OAuth and OpenID Connect

Copyright © 2013 Twobo Technologies AB.
Overview of JWT

 JWT – pronounced “jot” – are lightweight tokens
  passed in HTTP headers & query strings
 Three basic sections – header, claims, signature
 Akin to SAML tokens
          Less expressive
          Less security options
          Encoded w/ JSON not XML for compactness




Copyright © 2013 Twobo Technologies AB.
Basic Layout & Wire Format


                                           Header
                                           Claims
                                            Crypto
                                          JWT Token
base64url(Header) + “.” + base64url(Claims) +
           “.” + base64url(Crypto)
Copyright © 2013 Twobo Technologies AB.
Claims Section

 Reserved (but optional) claim names
       Expiration time (exp)             Issuer (iss)
       Not before (nbf)                  Type (typ)
       Issued at (iat)                   Audience (aud)
 Public claim names
       IANA JWT claims registry
       Domain name, OID, or UUID

 Private claim names – Any unused name
 Value can be any JSON type


Copyright © 2013 Twobo Technologies AB.
Overview of JWE

 Used to encrypt JWTs
 Supports symmetric & asymmetric encryption
 Three basic sections – header, key, ciphertext
 Plaintext may be signed first
 Encryption algorithm
       RSA1_5                            A(128|256)KW
       RSA-OAEP                          A(128|256)GCM
       ECDH-ES

 Cyphertext is put in the crypto section of the JWT

Copyright © 2013 Twobo Technologies AB.
Basic Layout & Wire Format


                                           Header
                                             Key
                                          Ciphertext
                                            JWE
     JWE = base64url(Header) + “.” +
base64url(Key) + “.” + base64url(Ciphertext)
Copyright © 2013 Twobo Technologies AB.
Overview of JWK

 Array of public keys encoded as JSON objects
 Intended for inclusion in JWS for signature
  verification
 Explicit support for Elliptic Curve and RSA keys




Copyright © 2013 Twobo Technologies AB.
JWK Example

{“keyvalues” :                                 {“algorithm” : “RSA”,
    [                                            “modulus” : “…”,
        {“algorithm” : “EC”,                     “exponent” : “…”,
          “curve” : “P-256”,                     “keyid” : “…”}
                                              ]
          “x” : “…”,
                                          }
          “y” : “…”,
          “use” : “encryption”,
          “keyid” : “1”},
Copyright © 2013 Twobo Technologies AB.
Overview of JWS

 Header input is JWT header
 Payload input is JWT claims
 Output is appended to JWT inputs & (optionally)
  points to the JWK that was used
 Supports symmetric & asymmetric signing
  algorithms
          HMAC SHA                       RSA SHA
          ECDSA w/ curve P & SHA


Copyright © 2013 Twobo Technologies AB.
Basic Layout & Wire Format


                                           Header
                                           Payload
                                            JWS


JWS = base64url(sig(base64url(Header) + “.” +
           base64url(Payload)))
 Copyright © 2013 Twobo Technologies AB.
Questions & Thanks




                                                     @2botech
                                                @travisspencer
                                              www.2botech.com
                                          www.travisspencer.com
Copyright © 2013 Twobo Technologies AB.
The JSON-based Identity Protocol Suite

Más contenido relacionado

La actualidad más candente

Launching a Successful and Secure API
Launching a Successful and Secure APILaunching a Successful and Secure API
Launching a Successful and Secure APINordic APIs
 
HyWAI Web Bluetooth API
HyWAI Web Bluetooth APIHyWAI Web Bluetooth API
HyWAI Web Bluetooth APIJonathan Jeon
 
Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)Nordic APIs
 
Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the applic...
Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the applic...Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the applic...
Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the applic...Nat Sakimura
 
Security via Java
Security via JavaSecurity via Java
Security via JavaBahaa Zaid
 
CIS14: I Left My JWT in San JOSE
CIS14: I Left My JWT in San JOSECIS14: I Left My JWT in San JOSE
CIS14: I Left My JWT in San JOSECloudIDSummit
 
Sign in with Apple
Sign in with Apple Sign in with Apple
Sign in with Apple Nov Matake
 

La actualidad más candente (7)

Launching a Successful and Secure API
Launching a Successful and Secure APILaunching a Successful and Secure API
Launching a Successful and Secure API
 
HyWAI Web Bluetooth API
HyWAI Web Bluetooth APIHyWAI Web Bluetooth API
HyWAI Web Bluetooth API
 
Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)
 
Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the applic...
Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the applic...Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the applic...
Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the applic...
 
Security via Java
Security via JavaSecurity via Java
Security via Java
 
CIS14: I Left My JWT in San JOSE
CIS14: I Left My JWT in San JOSECIS14: I Left My JWT in San JOSE
CIS14: I Left My JWT in San JOSE
 
Sign in with Apple
Sign in with Apple Sign in with Apple
Sign in with Apple
 

Destacado

Disrupting the Car Industry and Driver Experience with APIs - API Days San Fr...
Disrupting the Car Industry and Driver Experience with APIs - API Days San Fr...Disrupting the Car Industry and Driver Experience with APIs - API Days San Fr...
Disrupting the Car Industry and Driver Experience with APIs - API Days San Fr...Fabernovel
 
Fidor TecS AG Company Presentation
Fidor TecS AG Company PresentationFidor TecS AG Company Presentation
Fidor TecS AG Company PresentationFrank Schwab
 
The end of polling (Audrey Neveu)
The end of polling (Audrey Neveu)The end of polling (Audrey Neveu)
The end of polling (Audrey Neveu)Nordic APIs
 
Why should C-Level care about APIs? It's the new economy, stupid.
Why should C-Level care about APIs? It's the new economy, stupid.Why should C-Level care about APIs? It's the new economy, stupid.
Why should C-Level care about APIs? It's the new economy, stupid.Fabernovel
 
The future of Banking @ Social Media Week 2015
The future of Banking @ Social Media Week 2015The future of Banking @ Social Media Week 2015
The future of Banking @ Social Media Week 2015Lars Markull
 
Why Drones are the Future of IoT
Why Drones are the Future of IoTWhy Drones are the Future of IoT
Why Drones are the Future of IoTColin Snow
 
Automated Deployment with Maven - going the whole nine yards
Automated Deployment with Maven - going the whole nine yardsAutomated Deployment with Maven - going the whole nine yards
Automated Deployment with Maven - going the whole nine yardsJohn Ferguson Smart Limited
 
API Management architect presentation
API Management architect presentationAPI Management architect presentation
API Management architect presentationsflynn073
 
Token Based Authentication Systems with AngularJS & NodeJS
Token Based Authentication Systems with AngularJS & NodeJSToken Based Authentication Systems with AngularJS & NodeJS
Token Based Authentication Systems with AngularJS & NodeJSHüseyin BABAL
 
エンタープライズIT環境での OpenID Connect / SCIM の具体的実装方法 idit2014
エンタープライズIT環境での OpenID Connect / SCIM の具体的実装方法 idit2014エンタープライズIT環境での OpenID Connect / SCIM の具体的実装方法 idit2014
エンタープライズIT環境での OpenID Connect / SCIM の具体的実装方法 idit2014Takashi Yahata
 
Synergies of Cloud Identity: Putting it All Together
Synergies of Cloud Identity: Putting it All TogetherSynergies of Cloud Identity: Putting it All Together
Synergies of Cloud Identity: Putting it All TogetherTwobo Technologies
 
Transforming organizations into platforms
Transforming organizations into platformsTransforming organizations into platforms
Transforming organizations into platformsTwobo Technologies
 
OpenID ConnectとSCIMの標準化動向
OpenID ConnectとSCIMの標準化動向OpenID ConnectとSCIMの標準化動向
OpenID ConnectとSCIMの標準化動向Tatsuo Kudo
 
Five Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern IdentityFive Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern IdentityMark Diodati
 
SCIM presentation from CIS 2012
SCIM presentation from CIS 2012SCIM presentation from CIS 2012
SCIM presentation from CIS 2012Twobo Technologies
 
Twobo LDAP Attribute Store for ADFS
Twobo LDAP Attribute Store for ADFSTwobo LDAP Attribute Store for ADFS
Twobo LDAP Attribute Store for ADFSTwobo Technologies
 

Destacado (20)

Designing an API
Designing an APIDesigning an API
Designing an API
 
Disrupting the Car Industry and Driver Experience with APIs - API Days San Fr...
Disrupting the Car Industry and Driver Experience with APIs - API Days San Fr...Disrupting the Car Industry and Driver Experience with APIs - API Days San Fr...
Disrupting the Car Industry and Driver Experience with APIs - API Days San Fr...
 
Fidor TecS AG Company Presentation
Fidor TecS AG Company PresentationFidor TecS AG Company Presentation
Fidor TecS AG Company Presentation
 
The end of polling (Audrey Neveu)
The end of polling (Audrey Neveu)The end of polling (Audrey Neveu)
The end of polling (Audrey Neveu)
 
Why should C-Level care about APIs? It's the new economy, stupid.
Why should C-Level care about APIs? It's the new economy, stupid.Why should C-Level care about APIs? It's the new economy, stupid.
Why should C-Level care about APIs? It's the new economy, stupid.
 
The future of Banking @ Social Media Week 2015
The future of Banking @ Social Media Week 2015The future of Banking @ Social Media Week 2015
The future of Banking @ Social Media Week 2015
 
Why Drones are the Future of IoT
Why Drones are the Future of IoTWhy Drones are the Future of IoT
Why Drones are the Future of IoT
 
Automated Deployment with Maven - going the whole nine yards
Automated Deployment with Maven - going the whole nine yardsAutomated Deployment with Maven - going the whole nine yards
Automated Deployment with Maven - going the whole nine yards
 
EVOLVE'13 | Keynote | Roy Fielding
EVOLVE'13 | Keynote | Roy FieldingEVOLVE'13 | Keynote | Roy Fielding
EVOLVE'13 | Keynote | Roy Fielding
 
API Management architect presentation
API Management architect presentationAPI Management architect presentation
API Management architect presentation
 
Token Based Authentication Systems with AngularJS & NodeJS
Token Based Authentication Systems with AngularJS & NodeJSToken Based Authentication Systems with AngularJS & NodeJS
Token Based Authentication Systems with AngularJS & NodeJS
 
エンタープライズIT環境での OpenID Connect / SCIM の具体的実装方法 idit2014
エンタープライズIT環境での OpenID Connect / SCIM の具体的実装方法 idit2014エンタープライズIT環境での OpenID Connect / SCIM の具体的実装方法 idit2014
エンタープライズIT環境での OpenID Connect / SCIM の具体的実装方法 idit2014
 
Synergies of Cloud Identity: Putting it All Together
Synergies of Cloud Identity: Putting it All TogetherSynergies of Cloud Identity: Putting it All Together
Synergies of Cloud Identity: Putting it All Together
 
Transforming organizations into platforms
Transforming organizations into platformsTransforming organizations into platforms
Transforming organizations into platforms
 
Beveiliging en REST services
Beveiliging en REST servicesBeveiliging en REST services
Beveiliging en REST services
 
OpenID ConnectとSCIMの標準化動向
OpenID ConnectとSCIMの標準化動向OpenID ConnectとSCIMの標準化動向
OpenID ConnectとSCIMの標準化動向
 
#dd12 OAuth for Domino Developers
#dd12 OAuth for Domino Developers#dd12 OAuth for Domino Developers
#dd12 OAuth for Domino Developers
 
Five Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern IdentityFive Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern Identity
 
SCIM presentation from CIS 2012
SCIM presentation from CIS 2012SCIM presentation from CIS 2012
SCIM presentation from CIS 2012
 
Twobo LDAP Attribute Store for ADFS
Twobo LDAP Attribute Store for ADFSTwobo LDAP Attribute Store for ADFS
Twobo LDAP Attribute Store for ADFS
 

Similar a The JSON-based Identity Protocol Suite

A Primer on JSON Web Tokens
A Primer on JSON Web TokensA Primer on JSON Web Tokens
A Primer on JSON Web TokensChris Herbert
 
NoSql-YesSQL mickey alon
NoSql-YesSQL mickey alon NoSql-YesSQL mickey alon
NoSql-YesSQL mickey alon Mickey Alon
 
IoT関連技術の動向@IETF87
IoT関連技術の動向@IETF87IoT関連技術の動向@IETF87
IoT関連技術の動向@IETF87Shoichi Sakane
 
HFile: A Block-Indexed File Format to Store Sorted Key-Value Pairs
HFile: A Block-Indexed File Format to Store Sorted Key-Value PairsHFile: A Block-Indexed File Format to Store Sorted Key-Value Pairs
HFile: A Block-Indexed File Format to Store Sorted Key-Value PairsSchubert Zhang
 
I Left My JWT in San JOSE
I Left My JWT in San JOSEI Left My JWT in San JOSE
I Left My JWT in San JOSEBrian Campbell
 
Introduction to the Emerging JSON-Based Identity and Security Protocols
Introduction to the Emerging JSON-Based Identity and Security ProtocolsIntroduction to the Emerging JSON-Based Identity and Security Protocols
Introduction to the Emerging JSON-Based Identity and Security ProtocolsBrian Campbell
 
HBase Data Modeling and Access Patterns with Kite SDK
HBase Data Modeling and Access Patterns with Kite SDKHBase Data Modeling and Access Patterns with Kite SDK
HBase Data Modeling and Access Patterns with Kite SDKHBaseCon
 
Event-driven IO server-side JavaScript environment based on V8 Engine
Event-driven IO server-side JavaScript environment based on V8 EngineEvent-driven IO server-side JavaScript environment based on V8 Engine
Event-driven IO server-side JavaScript environment based on V8 EngineRicardo Silva
 
What’s new in JSR 367 Java API for JSON Binding
What’s new in JSR 367 Java API for JSON BindingWhat’s new in JSR 367 Java API for JSON Binding
What’s new in JSR 367 Java API for JSON BindingDmitry Kornilov
 
BCS_PKI_part1.ppt
BCS_PKI_part1.pptBCS_PKI_part1.ppt
BCS_PKI_part1.pptUskuMusku1
 
Cassandra 3.0 - JSON at scale - StampedeCon 2015
Cassandra 3.0 - JSON at scale - StampedeCon 2015Cassandra 3.0 - JSON at scale - StampedeCon 2015
Cassandra 3.0 - JSON at scale - StampedeCon 2015StampedeCon
 
Overview of JSON Object Signing and Encryption
Overview of JSON Object Signing and EncryptionOverview of JSON Object Signing and Encryption
Overview of JSON Object Signing and EncryptionMasaru Kurahayashi
 
Best Practices of IoT in the Cloud
Best Practices of IoT in the CloudBest Practices of IoT in the Cloud
Best Practices of IoT in the CloudAmazon Web Services
 
Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the CloudBest Practices for IoT Security in the Cloud
Best Practices for IoT Security in the CloudAmazon Web Services
 
Introduction to JWT and How to integrate with Spring Security
Introduction to JWT and How to integrate with Spring SecurityIntroduction to JWT and How to integrate with Spring Security
Introduction to JWT and How to integrate with Spring SecurityBruno Henrique Rother
 
支撐英雄聯盟戰績網的那條巨蟒
支撐英雄聯盟戰績網的那條巨蟒支撐英雄聯盟戰績網的那條巨蟒
支撐英雄聯盟戰績網的那條巨蟒Toki Kanno
 
Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the CloudBest Practices for IoT Security in the Cloud
Best Practices for IoT Security in the CloudAmazon Web Services
 

Similar a The JSON-based Identity Protocol Suite (20)

JWTs and JOSE in a flash
JWTs and JOSE in a flashJWTs and JOSE in a flash
JWTs and JOSE in a flash
 
A Primer on JSON Web Tokens
A Primer on JSON Web TokensA Primer on JSON Web Tokens
A Primer on JSON Web Tokens
 
NoSql-YesSQL mickey alon
NoSql-YesSQL mickey alon NoSql-YesSQL mickey alon
NoSql-YesSQL mickey alon
 
IoT関連技術の動向@IETF87
IoT関連技術の動向@IETF87IoT関連技術の動向@IETF87
IoT関連技術の動向@IETF87
 
HFile: A Block-Indexed File Format to Store Sorted Key-Value Pairs
HFile: A Block-Indexed File Format to Store Sorted Key-Value PairsHFile: A Block-Indexed File Format to Store Sorted Key-Value Pairs
HFile: A Block-Indexed File Format to Store Sorted Key-Value Pairs
 
I Left My JWT in San JOSE
I Left My JWT in San JOSEI Left My JWT in San JOSE
I Left My JWT in San JOSE
 
Introduction to the Emerging JSON-Based Identity and Security Protocols
Introduction to the Emerging JSON-Based Identity and Security ProtocolsIntroduction to the Emerging JSON-Based Identity and Security Protocols
Introduction to the Emerging JSON-Based Identity and Security Protocols
 
HBase Data Modeling and Access Patterns with Kite SDK
HBase Data Modeling and Access Patterns with Kite SDKHBase Data Modeling and Access Patterns with Kite SDK
HBase Data Modeling and Access Patterns with Kite SDK
 
Event-driven IO server-side JavaScript environment based on V8 Engine
Event-driven IO server-side JavaScript environment based on V8 EngineEvent-driven IO server-side JavaScript environment based on V8 Engine
Event-driven IO server-side JavaScript environment based on V8 Engine
 
Pki by Steve Lamb
Pki by Steve LambPki by Steve Lamb
Pki by Steve Lamb
 
What’s new in JSR 367 Java API for JSON Binding
What’s new in JSR 367 Java API for JSON BindingWhat’s new in JSR 367 Java API for JSON Binding
What’s new in JSR 367 Java API for JSON Binding
 
BCS_PKI_part1.ppt
BCS_PKI_part1.pptBCS_PKI_part1.ppt
BCS_PKI_part1.ppt
 
Cassandra 3.0 - JSON at scale - StampedeCon 2015
Cassandra 3.0 - JSON at scale - StampedeCon 2015Cassandra 3.0 - JSON at scale - StampedeCon 2015
Cassandra 3.0 - JSON at scale - StampedeCon 2015
 
Hfile格式详细介绍
Hfile格式详细介绍Hfile格式详细介绍
Hfile格式详细介绍
 
Overview of JSON Object Signing and Encryption
Overview of JSON Object Signing and EncryptionOverview of JSON Object Signing and Encryption
Overview of JSON Object Signing and Encryption
 
Best Practices of IoT in the Cloud
Best Practices of IoT in the CloudBest Practices of IoT in the Cloud
Best Practices of IoT in the Cloud
 
Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the CloudBest Practices for IoT Security in the Cloud
Best Practices for IoT Security in the Cloud
 
Introduction to JWT and How to integrate with Spring Security
Introduction to JWT and How to integrate with Spring SecurityIntroduction to JWT and How to integrate with Spring Security
Introduction to JWT and How to integrate with Spring Security
 
支撐英雄聯盟戰績網的那條巨蟒
支撐英雄聯盟戰績網的那條巨蟒支撐英雄聯盟戰績網的那條巨蟒
支撐英雄聯盟戰績網的那條巨蟒
 
Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the CloudBest Practices for IoT Security in the Cloud
Best Practices for IoT Security in the Cloud
 

Último

UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 

Último (20)

UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 

The JSON-based Identity Protocol Suite

  • 1. The JSON-based Identity Protocol Suite By Travis Spencer Copyright © 2013 Twobo Technologies AB.
  • 2. Overview of the Protocol Suite  JavaScript Object Notation (JSON) – Data encoding format popularized by AJAX & REST  All being defined in IETF  Used to encode OAuth 2.0 security model  Tokens (JWT) Encryption (JWE)  Keys (JWK) Signatures (JWS)  OAuth 2.0 Bearer Token spec binds it to OAuth  Basis of OAuth and OpenID Connect Copyright © 2013 Twobo Technologies AB.
  • 3. Overview of JWT  JWT – pronounced “jot” – are lightweight tokens passed in HTTP headers & query strings  Three basic sections – header, claims, signature  Akin to SAML tokens  Less expressive  Less security options  Encoded w/ JSON not XML for compactness Copyright © 2013 Twobo Technologies AB.
  • 4. Basic Layout & Wire Format Header Claims Crypto JWT Token base64url(Header) + “.” + base64url(Claims) + “.” + base64url(Crypto) Copyright © 2013 Twobo Technologies AB.
  • 5. Claims Section  Reserved (but optional) claim names  Expiration time (exp) Issuer (iss)  Not before (nbf) Type (typ)  Issued at (iat) Audience (aud)  Public claim names  IANA JWT claims registry  Domain name, OID, or UUID  Private claim names – Any unused name  Value can be any JSON type Copyright © 2013 Twobo Technologies AB.
  • 6. Overview of JWE  Used to encrypt JWTs  Supports symmetric & asymmetric encryption  Three basic sections – header, key, ciphertext  Plaintext may be signed first  Encryption algorithm  RSA1_5 A(128|256)KW  RSA-OAEP A(128|256)GCM  ECDH-ES  Cyphertext is put in the crypto section of the JWT Copyright © 2013 Twobo Technologies AB.
  • 7. Basic Layout & Wire Format Header Key Ciphertext JWE JWE = base64url(Header) + “.” + base64url(Key) + “.” + base64url(Ciphertext) Copyright © 2013 Twobo Technologies AB.
  • 8. Overview of JWK  Array of public keys encoded as JSON objects  Intended for inclusion in JWS for signature verification  Explicit support for Elliptic Curve and RSA keys Copyright © 2013 Twobo Technologies AB.
  • 9. JWK Example {“keyvalues” : {“algorithm” : “RSA”, [ “modulus” : “…”, {“algorithm” : “EC”, “exponent” : “…”, “curve” : “P-256”, “keyid” : “…”} ] “x” : “…”, } “y” : “…”, “use” : “encryption”, “keyid” : “1”}, Copyright © 2013 Twobo Technologies AB.
  • 10. Overview of JWS  Header input is JWT header  Payload input is JWT claims  Output is appended to JWT inputs & (optionally) points to the JWK that was used  Supports symmetric & asymmetric signing algorithms  HMAC SHA RSA SHA  ECDSA w/ curve P & SHA Copyright © 2013 Twobo Technologies AB.
  • 11. Basic Layout & Wire Format Header Payload JWS JWS = base64url(sig(base64url(Header) + “.” + base64url(Payload))) Copyright © 2013 Twobo Technologies AB.
  • 12. Questions & Thanks @2botech @travisspencer www.2botech.com www.travisspencer.com Copyright © 2013 Twobo Technologies AB.

Notas del editor

  1. Crypto = Signature & Ciphertext