Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Lessons Learned from Integrating with Blockchain Identity Providers (European Identity & Cloud Conference 2018)

230 visualizaciones

Publicado el

Slides from EIC 2018.
Read more at https://www.scottbrady91.com/Blockchain-Identity/Lessons-Learned-from-Integrating-with-Blockchain-Identity-Providers

Publicado en: Tecnología
  • Sé el primero en comentar

  • Sé el primero en recomendar esto

Lessons Learned from Integrating with Blockchain Identity Providers (European Identity & Cloud Conference 2018)

  1. 1. Lessons Learned from Integrating with Blockchain Identity Providers Scott Brady – Rock Solid Knowledge @scottbrady91 – Rock Solid Knowledge
  2. 2. Introductions – Scott Brady • Background in OAuth, OpenID Connect, SAML, & WS-Federation • Identity & Access Control Lead at Rock Solid Knowledge @scottbrady91 – Rock Solid Knowledge
  3. 3. Introductions – The what & why • Why: Woo, Blockchain! • What: A blockchain project that I could use as an external Identity Provider • Start: First Google search • Finish: Why I am still searching @scottbrady91 – Rock Solid Knowledge
  4. 4. I will not be naming names Unless you buy me a beer first...
  5. 5. First Google Search icoalert.com?q=identity
  6. 6. Blockchain Identity projects 91 (taken from github.com/peacekeeper/blockchain-identity) @scottbrady91 – Rock Solid Knowledge
  7. 7. Blockchain Identity projects with product pages 17 @scottbrady91 – Rock Solid Knowledge
  8. 8. Blockchain Identity projects with products available to the public 3 @scottbrady91 – Rock Solid Knowledge
  9. 9. Initial Impressions • One page developer documentation • One integration library • A developer portal for registering apps • Token was the community focus @scottbrady91 – Rock Solid Knowledge
  10. 10. The Typical Authentication Flow BlockchainBlockchain Identity ProductUser Identity Requestor Mobile Device
  11. 11. The Typical Authentication Flow BlockchainBlockchain Identity ProductUser Identity Requestor Mobile Device Resource Owner Identity Provider Client/Relying Party
  12. 12. Dig a Little Deeper… • Trademarked reinventions • Call for integration libraries • No evidence of blockchain usage • Single points of failure @scottbrady91 – Rock Solid Knowledge
  13. 13. The Code • Custom JWTs • Non-standard signing • Non-standard encryption • Usage all over the place • Hidden public keys • Private keys that aren’t private • Integration issues that are already solved @scottbrady91 – Rock Solid Knowledge
  14. 14. Relationships Identities Attributes Attribute Metadata Authentication Data Deeper Network Layers Stephen Wilson’s “Proposed Digitial Identity Stack”
  15. 15. Relationships Identities Attributes Attribute Metadata Authentication Data Deeper Network Layers Stephen Wilson’s “Proposed Digitial Identity Stack”
  16. 16. There’s Still Hope • Open standards are on the way • Distributed Identity Foundation • Sovrin • Authentication/Integration Working Groups still last… @scottbrady91 – Rock Solid Knowledge
  17. 17. We Cannot Work in Silos @scottbrady91 – Rock Solid Knowledge
  18. 18. Thanks! @scottbrady91 www.identityserver.com

×