Enviar búsqueda
Cargar
The JSON-based Identity Protocol Suite
•
4 recomendaciones
•
4,951 vistas
Twobo Technologies
Seguir
An overview of the JSON-based identity protocol suite, including JWT, JWE, JWK, etc.
Leer menos
Leer más
Tecnología
Denunciar
Compartir
Denunciar
Compartir
1 de 13
Descargar ahora
Descargar para leer sin conexión
Recomendados
Nordic APIs - Building a Secure API
Nordic APIs - Building a Secure API
Twobo Technologies
Incorporating OAuth
Incorporating OAuth
Twobo Technologies
Neo-security Stack
Neo-security Stack
Twobo Technologies
Incorporating OAuth: How to integrate OAuth into your mobile app
Incorporating OAuth: How to integrate OAuth into your mobile app
Nordic APIs
OAuth and OpenID Connect for Microservices
OAuth and OpenID Connect for Microservices
Twobo Technologies
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile World
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile World
Twobo Technologies
Authorization The Missing Piece of the Puzzle
Authorization The Missing Piece of the Puzzle
Nordic APIs
DDD Melbourne 2019 : Modern Authentication 101
DDD Melbourne 2019 : Modern Authentication 101
Dasith Wijesiriwardena
Más contenido relacionado
La actualidad más candente
Launching a Successful and Secure API
Launching a Successful and Secure API
Nordic APIs
HyWAI Web Bluetooth API
HyWAI Web Bluetooth API
Jonathan Jeon
Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)
Nordic APIs
Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the applic...
Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the applic...
Nat Sakimura
Security via Java
Security via Java
Bahaa Zaid
CIS14: I Left My JWT in San JOSE
CIS14: I Left My JWT in San JOSE
CloudIDSummit
Sign in with Apple
Sign in with Apple
Nov Matake
La actualidad más candente
(7)
Launching a Successful and Secure API
Launching a Successful and Secure API
HyWAI Web Bluetooth API
HyWAI Web Bluetooth API
Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)
Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the applic...
Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the applic...
Security via Java
Security via Java
CIS14: I Left My JWT in San JOSE
CIS14: I Left My JWT in San JOSE
Sign in with Apple
Sign in with Apple
Destacado
Designing an API
Designing an API
Twobo Technologies
Disrupting the Car Industry and Driver Experience with APIs - API Days San Fr...
Disrupting the Car Industry and Driver Experience with APIs - API Days San Fr...
Fabernovel
Fidor TecS AG Company Presentation
Fidor TecS AG Company Presentation
Frank Schwab
The end of polling (Audrey Neveu)
The end of polling (Audrey Neveu)
Nordic APIs
Why should C-Level care about APIs? It's the new economy, stupid.
Why should C-Level care about APIs? It's the new economy, stupid.
Fabernovel
The future of Banking @ Social Media Week 2015
The future of Banking @ Social Media Week 2015
Lars Markull
Why Drones are the Future of IoT
Why Drones are the Future of IoT
Colin Snow
Automated Deployment with Maven - going the whole nine yards
Automated Deployment with Maven - going the whole nine yards
John Ferguson Smart Limited
EVOLVE'13 | Keynote | Roy Fielding
EVOLVE'13 | Keynote | Roy Fielding
Evolve The Adobe Digital Marketing Community
API Management architect presentation
API Management architect presentation
sflynn073
Token Based Authentication Systems with AngularJS & NodeJS
Token Based Authentication Systems with AngularJS & NodeJS
Hüseyin BABAL
エンタープライズIT環境での OpenID Connect / SCIM の具体的実装方法 idit2014
エンタープライズIT環境での OpenID Connect / SCIM の具体的実装方法 idit2014
Takashi Yahata
Synergies of Cloud Identity: Putting it All Together
Synergies of Cloud Identity: Putting it All Together
Twobo Technologies
Transforming organizations into platforms
Transforming organizations into platforms
Twobo Technologies
Beveiliging en REST services
Beveiliging en REST services
Maurice De Beijer [MVP]
OpenID ConnectとSCIMの標準化動向
OpenID ConnectとSCIMの標準化動向
Tatsuo Kudo
#dd12 OAuth for Domino Developers
#dd12 OAuth for Domino Developers
Dominopoint - Italian Lotus User Group
Five Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern Identity
Mark Diodati
SCIM presentation from CIS 2012
SCIM presentation from CIS 2012
Twobo Technologies
Twobo LDAP Attribute Store for ADFS
Twobo LDAP Attribute Store for ADFS
Twobo Technologies
Destacado
(20)
Designing an API
Designing an API
Disrupting the Car Industry and Driver Experience with APIs - API Days San Fr...
Disrupting the Car Industry and Driver Experience with APIs - API Days San Fr...
Fidor TecS AG Company Presentation
Fidor TecS AG Company Presentation
The end of polling (Audrey Neveu)
The end of polling (Audrey Neveu)
Why should C-Level care about APIs? It's the new economy, stupid.
Why should C-Level care about APIs? It's the new economy, stupid.
The future of Banking @ Social Media Week 2015
The future of Banking @ Social Media Week 2015
Why Drones are the Future of IoT
Why Drones are the Future of IoT
Automated Deployment with Maven - going the whole nine yards
Automated Deployment with Maven - going the whole nine yards
EVOLVE'13 | Keynote | Roy Fielding
EVOLVE'13 | Keynote | Roy Fielding
API Management architect presentation
API Management architect presentation
Token Based Authentication Systems with AngularJS & NodeJS
Token Based Authentication Systems with AngularJS & NodeJS
エンタープライズIT環境での OpenID Connect / SCIM の具体的実装方法 idit2014
エンタープライズIT環境での OpenID Connect / SCIM の具体的実装方法 idit2014
Synergies of Cloud Identity: Putting it All Together
Synergies of Cloud Identity: Putting it All Together
Transforming organizations into platforms
Transforming organizations into platforms
Beveiliging en REST services
Beveiliging en REST services
OpenID ConnectとSCIMの標準化動向
OpenID ConnectとSCIMの標準化動向
#dd12 OAuth for Domino Developers
#dd12 OAuth for Domino Developers
Five Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern Identity
SCIM presentation from CIS 2012
SCIM presentation from CIS 2012
Twobo LDAP Attribute Store for ADFS
Twobo LDAP Attribute Store for ADFS
Similar a The JSON-based Identity Protocol Suite
JWTs and JOSE in a flash
JWTs and JOSE in a flash
Evan J Johnson (Not a CISSP)
A Primer on JSON Web Tokens
A Primer on JSON Web Tokens
Chris Herbert
NoSql-YesSQL mickey alon
NoSql-YesSQL mickey alon
Mickey Alon
IoT関連技術の動向@IETF87
IoT関連技術の動向@IETF87
Shoichi Sakane
HFile: A Block-Indexed File Format to Store Sorted Key-Value Pairs
HFile: A Block-Indexed File Format to Store Sorted Key-Value Pairs
Schubert Zhang
I Left My JWT in San JOSE
I Left My JWT in San JOSE
Brian Campbell
Introduction to the Emerging JSON-Based Identity and Security Protocols
Introduction to the Emerging JSON-Based Identity and Security Protocols
Brian Campbell
HBase Data Modeling and Access Patterns with Kite SDK
HBase Data Modeling and Access Patterns with Kite SDK
HBaseCon
Event-driven IO server-side JavaScript environment based on V8 Engine
Event-driven IO server-side JavaScript environment based on V8 Engine
Ricardo Silva
Pki by Steve Lamb
Pki by Steve Lamb
Information Security Awareness Group
What’s new in JSR 367 Java API for JSON Binding
What’s new in JSR 367 Java API for JSON Binding
Dmitry Kornilov
BCS_PKI_part1.ppt
BCS_PKI_part1.ppt
UskuMusku1
Cassandra 3.0 - JSON at scale - StampedeCon 2015
Cassandra 3.0 - JSON at scale - StampedeCon 2015
StampedeCon
Hfile格式详细介绍
Hfile格式详细介绍
Institute of Computing Technology, Chinese Academy of Sciences
Overview of JSON Object Signing and Encryption
Overview of JSON Object Signing and Encryption
Masaru Kurahayashi
Best Practices of IoT in the Cloud
Best Practices of IoT in the Cloud
Amazon Web Services
Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the Cloud
Amazon Web Services
Introduction to JWT and How to integrate with Spring Security
Introduction to JWT and How to integrate with Spring Security
Bruno Henrique Rother
支撐英雄聯盟戰績網的那條巨蟒
支撐英雄聯盟戰績網的那條巨蟒
Toki Kanno
Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the Cloud
Amazon Web Services
Similar a The JSON-based Identity Protocol Suite
(20)
JWTs and JOSE in a flash
JWTs and JOSE in a flash
A Primer on JSON Web Tokens
A Primer on JSON Web Tokens
NoSql-YesSQL mickey alon
NoSql-YesSQL mickey alon
IoT関連技術の動向@IETF87
IoT関連技術の動向@IETF87
HFile: A Block-Indexed File Format to Store Sorted Key-Value Pairs
HFile: A Block-Indexed File Format to Store Sorted Key-Value Pairs
I Left My JWT in San JOSE
I Left My JWT in San JOSE
Introduction to the Emerging JSON-Based Identity and Security Protocols
Introduction to the Emerging JSON-Based Identity and Security Protocols
HBase Data Modeling and Access Patterns with Kite SDK
HBase Data Modeling and Access Patterns with Kite SDK
Event-driven IO server-side JavaScript environment based on V8 Engine
Event-driven IO server-side JavaScript environment based on V8 Engine
Pki by Steve Lamb
Pki by Steve Lamb
What’s new in JSR 367 Java API for JSON Binding
What’s new in JSR 367 Java API for JSON Binding
BCS_PKI_part1.ppt
BCS_PKI_part1.ppt
Cassandra 3.0 - JSON at scale - StampedeCon 2015
Cassandra 3.0 - JSON at scale - StampedeCon 2015
Hfile格式详细介绍
Hfile格式详细介绍
Overview of JSON Object Signing and Encryption
Overview of JSON Object Signing and Encryption
Best Practices of IoT in the Cloud
Best Practices of IoT in the Cloud
Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the Cloud
Introduction to JWT and How to integrate with Spring Security
Introduction to JWT and How to integrate with Spring Security
支撐英雄聯盟戰績網的那條巨蟒
支撐英雄聯盟戰績網的那條巨蟒
Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the Cloud
Último
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
DianaGray10
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
SkyPlanner
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
Eric D. Schabell
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
Adtran
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Will Schroeder
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
Jamie (Taka) Wang
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
UiPathCommunity
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
Mahmoud Rabie
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
DianaGray10
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
Seth Reyes
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Aijun Zhang
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
GDSC PJATK
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
Precisely
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
Md Hossain Ali
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
Jamie (Taka) Wang
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
DianaGray10
Designing A Time bound resource download URL
Designing A Time bound resource download URL
Runcy Oommen
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
Adam Moalla
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
Udaiappa Ramachandran
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
Matt Ray
Último
(20)
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
Designing A Time bound resource download URL
Designing A Time bound resource download URL
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
The JSON-based Identity Protocol Suite
1.
The JSON-based Identity
Protocol Suite By Travis Spencer Copyright © 2013 Twobo Technologies AB.
2.
Overview of the
Protocol Suite JavaScript Object Notation (JSON) – Data encoding format popularized by AJAX & REST All being defined in IETF Used to encode OAuth 2.0 security model Tokens (JWT) Encryption (JWE) Keys (JWK) Signatures (JWS) OAuth 2.0 Bearer Token spec binds it to OAuth Basis of OAuth and OpenID Connect Copyright © 2013 Twobo Technologies AB.
3.
Overview of JWT
JWT – pronounced “jot” – are lightweight tokens passed in HTTP headers & query strings Three basic sections – header, claims, signature Akin to SAML tokens Less expressive Less security options Encoded w/ JSON not XML for compactness Copyright © 2013 Twobo Technologies AB.
4.
Basic Layout &
Wire Format Header Claims Crypto JWT Token base64url(Header) + “.” + base64url(Claims) + “.” + base64url(Crypto) Copyright © 2013 Twobo Technologies AB.
5.
Claims Section Reserved
(but optional) claim names Expiration time (exp) Issuer (iss) Not before (nbf) Type (typ) Issued at (iat) Audience (aud) Public claim names IANA JWT claims registry Domain name, OID, or UUID Private claim names – Any unused name Value can be any JSON type Copyright © 2013 Twobo Technologies AB.
6.
Overview of JWE
Used to encrypt JWTs Supports symmetric & asymmetric encryption Three basic sections – header, key, ciphertext Plaintext may be signed first Encryption algorithm RSA1_5 A(128|256)KW RSA-OAEP A(128|256)GCM ECDH-ES Cyphertext is put in the crypto section of the JWT Copyright © 2013 Twobo Technologies AB.
7.
Basic Layout &
Wire Format Header Key Ciphertext JWE JWE = base64url(Header) + “.” + base64url(Key) + “.” + base64url(Ciphertext) Copyright © 2013 Twobo Technologies AB.
8.
Overview of JWK
Array of public keys encoded as JSON objects Intended for inclusion in JWS for signature verification Explicit support for Elliptic Curve and RSA keys Copyright © 2013 Twobo Technologies AB.
9.
JWK Example {“keyvalues” :
{“algorithm” : “RSA”, [ “modulus” : “…”, {“algorithm” : “EC”, “exponent” : “…”, “curve” : “P-256”, “keyid” : “…”} ] “x” : “…”, } “y” : “…”, “use” : “encryption”, “keyid” : “1”}, Copyright © 2013 Twobo Technologies AB.
10.
Overview of JWS
Header input is JWT header Payload input is JWT claims Output is appended to JWT inputs & (optionally) points to the JWK that was used Supports symmetric & asymmetric signing algorithms HMAC SHA RSA SHA ECDSA w/ curve P & SHA Copyright © 2013 Twobo Technologies AB.
11.
Basic Layout &
Wire Format Header Payload JWS JWS = base64url(sig(base64url(Header) + “.” + base64url(Payload))) Copyright © 2013 Twobo Technologies AB.
12.
Questions & Thanks
@2botech @travisspencer www.2botech.com www.travisspencer.com Copyright © 2013 Twobo Technologies AB.
Notas del editor
Crypto = Signature & Ciphertext
Descargar ahora