hannes tschofenig (ietf#79, saag, beijing). acknowledgements i would like to thank to pasi eronen. i...
Post on 18-Dec-2015
217 views
TRANSCRIPT
Hannes Tschofenig (IETF#79, SAAG, Beijing)
Acknowledgements
• I would like to thank to Pasi Eronen. I am re-using some of his slides in this presentation.
04/18/23 IETF #79, OAuth Overview, SAAG Meeting, Beijing
2
04/18/23 IETF #79, OAuth Overview, SAAG Meeting, Beijing
3
The Problem: Secure Data Sharing
04/18/23 IETF #79, OAuth Overview, SAAG Meeting, Beijing
4
04/18/23 IETF #79, OAuth Overview, SAAG Meeting, Beijing
5
Example OAuth Exchange
04/18/23 6IETF #79, OAuth Overview, SAAG Meeting, Beijing
User Enters a URLIn the web browser
04/18/23 7IETF #79, OAuth Overview, SAAG Meeting, Beijing
Browser opens URL
04/18/23 8IETF #79, OAuth Overview, SAAG Meeting, Beijing
User is presentedWith the option toaccess remote (but protected) data
04/18/23 9IETF #79, OAuth Overview, SAAG Meeting, Beijing
Resource ConsumerRedirects to Authorization Server
04/18/23 10IETF #79, OAuth Overview, SAAG Meeting, Beijing
User authenticationtakes place
04/18/23 11IETF #79, OAuth Overview, SAAG Meeting, Beijing
User authorizes data exchange
04/18/23 12IETF #79, OAuth Overview, SAAG Meeting, Beijing
Authorization GrantedRedirect from Authz Server back to Resource Consumer
04/18/23 13IETF #79, OAuth Overview, SAAG Meeting, Beijing
Resource ConsumerRequests Token from Authorization ServerFor Access to theResource Server
04/18/23 14IETF #79, OAuth Overview, SAAG Meeting, Beijing
Resource ConsumerReceives Token
04/18/23 15IETF #79, OAuth Overview, SAAG Meeting, Beijing
Resource ConsumerRequests access toData at the ResourceServer
04/18/23 16IETF #79, OAuth Overview, SAAG Meeting, Beijing
Data exchange takesplace
OAuth Profiles
Token Request
Work Scope
UserUser Agent
Authorization Server
Resource Server
Resource Consumer
Access Request(incl. Token)
Authorization Request
04/18/23 17IETF #79, OAuth Overview, SAAG Meeting, Beijing
User Interface
Token FormatAnd Content
Authz ServerInteractionData Exchange
Authentication
Request Security
Summary• Open Web Authentication (OAuth) is developed in
the IETF to provide delegated authentication. • Code available (see http://oauth.net/code/) and
deployment on the way.• Working group is working on finalizing the OAuth 2.0
specification:– http://tools.ietf.org/html/draft-ietf-oauth-v2
• Rechartering discussion started with many extensions being considered by the group
• Your input is needed!
04/18/23 IETF #79, OAuth Overview, SAAG Meeting, Beijing
18