SlideShare ist ein Scribd-Unternehmen logo

The JSON-based Identity Protocol Suite

Als PPTX, PDF herunterladen
Twobo Technologies
Twobo Technologies

An overview of the JSON-based identity protocol suite, including JWT, JWE, JWK, etc.

Technologie
1 von 13
The JSON-based Identity Protocol Suite By Travis Spencer Copyright © 2013 Twobo Technologies AB.
Overview of the Protocol Suite  JavaScript Object Notation (JSON) – Data encoding format popularized by AJAX & REST  All being defined in IETF  Used to encode OAuth 2.0 security model  Tokens (JWT) Encryption (JWE)  Keys (JWK) Signatures (JWS)  OAuth 2.0 Bearer Token spec binds it to OAuth  Basis of OAuth and OpenID Connect Copyright © 2013 Twobo Technologies AB.
Overview of JWT  JWT – pronounced “jot” – are lightweight tokens passed in HTTP headers & query strings  Three basic sections – header, claims, signature  Akin to SAML tokens  Less expressive  Less security options  Encoded w/ JSON not XML for compactness Copyright © 2013 Twobo Technologies AB.
Basic Layout & Wire Format Header Claims Crypto JWT Token base64url(Header) + “.” + base64url(Claims) + “.” + base64url(Crypto) Copyright © 2013 Twobo Technologies AB.
Claims Section  Reserved (but optional) claim names  Expiration time (exp) Issuer (iss)  Not before (nbf) Type (typ)  Issued at (iat) Audience (aud)  Public claim names  IANA JWT claims registry  Domain name, OID, or UUID  Private claim names – Any unused name  Value can be any JSON type Copyright © 2013 Twobo Technologies AB.
Overview of JWE  Used to encrypt JWTs  Supports symmetric & asymmetric encryption  Three basic sections – header, key, ciphertext  Plaintext may be signed first  Encryption algorithm  RSA1_5 A(128|256)KW  RSA-OAEP A(128|256)GCM  ECDH-ES  Cyphertext is put in the crypto section of the JWT Copyright © 2013 Twobo Technologies AB.
Basic Layout & Wire Format Header Key Ciphertext JWE JWE = base64url(Header) + “.” + base64url(Key) + “.” + base64url(Ciphertext) Copyright © 2013 Twobo Technologies AB.
Overview of JWK  Array of public keys encoded as JSON objects  Intended for inclusion in JWS for signature verification  Explicit support for Elliptic Curve and RSA keys Copyright © 2013 Twobo Technologies AB.
JWK Example {“keyvalues” : {“algorithm” : “RSA”, [ “modulus” : “…”, {“algorithm” : “EC”, “exponent” : “…”, “curve” : “P-256”, “keyid” : “…”} ] “x” : “…”, } “y” : “…”, “use” : “encryption”, “keyid” : “1”}, Copyright © 2013 Twobo Technologies AB.
Overview of JWS  Header input is JWT header  Payload input is JWT claims  Output is appended to JWT inputs & (optionally) points to the JWK that was used  Supports symmetric & asymmetric signing algorithms  HMAC SHA RSA SHA  ECDSA w/ curve P & SHA Copyright © 2013 Twobo Technologies AB.
Basic Layout & Wire Format Header Payload JWS JWS = base64url(sig(base64url(Header) + “.” + base64url(Payload))) Copyright © 2013 Twobo Technologies AB.
Questions & Thanks @2botech @travisspencer www.2botech.com www.travisspencer.com Copyright © 2013 Twobo Technologies AB.
The JSON-based Identity Protocol Suite

Empfohlen

Nordic APIs - Building a Secure API
Nordic APIs - Building a Secure APINordic APIs - Building a Secure API
Nordic APIs - Building a Secure APITwobo Technologies
 
Incorporating OAuth
Incorporating OAuthIncorporating OAuth
Incorporating OAuthTwobo Technologies
 
Neo-security Stack
Neo-security StackNeo-security Stack
Neo-security StackTwobo Technologies
 
Incorporating OAuth: How to integrate OAuth into your mobile app
Incorporating OAuth: How to integrate OAuth into your mobile appIncorporating OAuth: How to integrate OAuth into your mobile app
Incorporating OAuth: How to integrate OAuth into your mobile appNordic APIs
 
OAuth and OpenID Connect for Microservices
OAuth and OpenID Connect for MicroservicesOAuth and OpenID Connect for Microservices
OAuth and OpenID Connect for MicroservicesTwobo Technologies
 
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile World
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile WorldNordic APIs - Integrated Social Solutions for a Cloudy, Mobile World
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile WorldTwobo Technologies
 
Authorization The Missing Piece of the Puzzle
Authorization The Missing Piece of the PuzzleAuthorization The Missing Piece of the Puzzle
Authorization The Missing Piece of the PuzzleNordic APIs
 
DDD Melbourne 2019 : Modern Authentication 101
DDD Melbourne 2019 : Modern Authentication 101DDD Melbourne 2019 : Modern Authentication 101
DDD Melbourne 2019 : Modern Authentication 101Dasith Wijesiriwardena
 

Empfohlen

Nordic APIs - Building a Secure API
Nordic APIs - Building a Secure APINordic APIs - Building a Secure API
Nordic APIs - Building a Secure APITwobo Technologies
 
Incorporating OAuth
Incorporating OAuthIncorporating OAuth
Incorporating OAuthTwobo Technologies
 
Neo-security Stack
Neo-security StackNeo-security Stack
Neo-security StackTwobo Technologies
 
Incorporating OAuth: How to integrate OAuth into your mobile app
Incorporating OAuth: How to integrate OAuth into your mobile appIncorporating OAuth: How to integrate OAuth into your mobile app
Incorporating OAuth: How to integrate OAuth into your mobile appNordic APIs
 
OAuth and OpenID Connect for Microservices
OAuth and OpenID Connect for MicroservicesOAuth and OpenID Connect for Microservices
OAuth and OpenID Connect for MicroservicesTwobo Technologies
 
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile World
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile WorldNordic APIs - Integrated Social Solutions for a Cloudy, Mobile World
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile WorldTwobo Technologies
 
Authorization The Missing Piece of the Puzzle
Authorization The Missing Piece of the PuzzleAuthorization The Missing Piece of the Puzzle
Authorization The Missing Piece of the PuzzleNordic APIs
 
DDD Melbourne 2019 : Modern Authentication 101
DDD Melbourne 2019 : Modern Authentication 101DDD Melbourne 2019 : Modern Authentication 101
DDD Melbourne 2019 : Modern Authentication 101Dasith Wijesiriwardena
 
Launching a Successful and Secure API
Launching a Successful and Secure APILaunching a Successful and Secure API
Launching a Successful and Secure APINordic APIs
 
HyWAI Web Bluetooth API
HyWAI Web Bluetooth APIHyWAI Web Bluetooth API
HyWAI Web Bluetooth APIJonathan Jeon
 
Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)Nordic APIs
 
Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the applic...
Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the applic...Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the applic...
Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the applic...Nat Sakimura
 
Security via Java
Security via JavaSecurity via Java
Security via JavaBahaa Zaid
 
CIS14: I Left My JWT in San JOSE
CIS14: I Left My JWT in San JOSECIS14: I Left My JWT in San JOSE
CIS14: I Left My JWT in San JOSECloudIDSummit
 
Sign in with Apple
Sign in with Apple Sign in with Apple
Sign in with Apple Nov Matake
 
Designing an API
Designing an APIDesigning an API
Designing an APITwobo Technologies
 
Disrupting the Car Industry and Driver Experience with APIs - API Days San Fr...
Disrupting the Car Industry and Driver Experience with APIs - API Days San Fr...Disrupting the Car Industry and Driver Experience with APIs - API Days San Fr...
Disrupting the Car Industry and Driver Experience with APIs - API Days San Fr...Fabernovel
 
Fidor TecS AG Company Presentation
Fidor TecS AG Company PresentationFidor TecS AG Company Presentation
Fidor TecS AG Company PresentationFrank Schwab
 
The end of polling (Audrey Neveu)
The end of polling (Audrey Neveu)The end of polling (Audrey Neveu)
The end of polling (Audrey Neveu)Nordic APIs
 
Why should C-Level care about APIs? It's the new economy, stupid.
Why should C-Level care about APIs? It's the new economy, stupid.Why should C-Level care about APIs? It's the new economy, stupid.
Why should C-Level care about APIs? It's the new economy, stupid.Fabernovel
 
The future of Banking @ Social Media Week 2015
The future of Banking @ Social Media Week 2015The future of Banking @ Social Media Week 2015
The future of Banking @ Social Media Week 2015Lars Markull
 
Why Drones are the Future of IoT
Why Drones are the Future of IoTWhy Drones are the Future of IoT
Why Drones are the Future of IoTColin Snow
 
Automated Deployment with Maven - going the whole nine yards
Automated Deployment with Maven - going the whole nine yardsAutomated Deployment with Maven - going the whole nine yards
Automated Deployment with Maven - going the whole nine yardsJohn Ferguson Smart Limited
 
EVOLVE'13 | Keynote | Roy Fielding
EVOLVE'13 | Keynote | Roy FieldingEVOLVE'13 | Keynote | Roy Fielding
EVOLVE'13 | Keynote | Roy FieldingEvolve The Adobe Digital Marketing Community
 
API Management architect presentation
API Management architect presentationAPI Management architect presentation
API Management architect presentationsflynn073
 
Token Based Authentication Systems with AngularJS & NodeJS
Token Based Authentication Systems with AngularJS & NodeJSToken Based Authentication Systems with AngularJS & NodeJS
Token Based Authentication Systems with AngularJS & NodeJSHüseyin BABAL
 
エンタープライズIT環境での OpenID Connect / SCIM の具体的実装方法 idit2014
エンタープライズIT環境での OpenID Connect / SCIM の具体的実装方法 idit2014エンタープライズIT環境での OpenID Connect / SCIM の具体的実装方法 idit2014
エンタープライズIT環境での OpenID Connect / SCIM の具体的実装方法 idit2014Takashi Yahata
 
Synergies of Cloud Identity: Putting it All Together
Synergies of Cloud Identity: Putting it All TogetherSynergies of Cloud Identity: Putting it All Together
Synergies of Cloud Identity: Putting it All TogetherTwobo Technologies
 
Transforming organizations into platforms
Transforming organizations into platformsTransforming organizations into platforms
Transforming organizations into platformsTwobo Technologies
 
Beveiliging en REST services
Beveiliging en REST servicesBeveiliging en REST services
Beveiliging en REST servicesMaurice De Beijer [MVP]
 

Weitere ähnliche Inhalte

Was ist angesagt?

Launching a Successful and Secure API
Launching a Successful and Secure APILaunching a Successful and Secure API
Launching a Successful and Secure APINordic APIs
 
HyWAI Web Bluetooth API
HyWAI Web Bluetooth APIHyWAI Web Bluetooth API
HyWAI Web Bluetooth APIJonathan Jeon
 
Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)Nordic APIs
 
Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the applic...
Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the applic...Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the applic...
Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the applic...Nat Sakimura
 
Security via Java
Security via JavaSecurity via Java
Security via JavaBahaa Zaid
 
CIS14: I Left My JWT in San JOSE
CIS14: I Left My JWT in San JOSECIS14: I Left My JWT in San JOSE
CIS14: I Left My JWT in San JOSECloudIDSummit
 
Sign in with Apple
Sign in with Apple Sign in with Apple
Sign in with Apple Nov Matake
 

Was ist angesagt? (7)

Launching a Successful and Secure API
Launching a Successful and Secure APILaunching a Successful and Secure API
Launching a Successful and Secure API
 
HyWAI Web Bluetooth API
HyWAI Web Bluetooth APIHyWAI Web Bluetooth API
HyWAI Web Bluetooth API
 
Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)
 
Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the applic...
Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the applic...Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the applic...
Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the applic...
 
Security via Java
Security via JavaSecurity via Java
Security via Java
 
CIS14: I Left My JWT in San JOSE
CIS14: I Left My JWT in San JOSECIS14: I Left My JWT in San JOSE
CIS14: I Left My JWT in San JOSE
 
Sign in with Apple
Sign in with Apple Sign in with Apple
Sign in with Apple
 

Andere mochten auch

Disrupting the Car Industry and Driver Experience with APIs - API Days San Fr...
Disrupting the Car Industry and Driver Experience with APIs - API Days San Fr...Disrupting the Car Industry and Driver Experience with APIs - API Days San Fr...
Disrupting the Car Industry and Driver Experience with APIs - API Days San Fr...Fabernovel
 
Fidor TecS AG Company Presentation
Fidor TecS AG Company PresentationFidor TecS AG Company Presentation
Fidor TecS AG Company PresentationFrank Schwab
 
The end of polling (Audrey Neveu)
The end of polling (Audrey Neveu)The end of polling (Audrey Neveu)
The end of polling (Audrey Neveu)Nordic APIs
 
Why should C-Level care about APIs? It's the new economy, stupid.
Why should C-Level care about APIs? It's the new economy, stupid.Why should C-Level care about APIs? It's the new economy, stupid.
Why should C-Level care about APIs? It's the new economy, stupid.Fabernovel
 
The future of Banking @ Social Media Week 2015
The future of Banking @ Social Media Week 2015The future of Banking @ Social Media Week 2015
The future of Banking @ Social Media Week 2015Lars Markull
 
Why Drones are the Future of IoT
Why Drones are the Future of IoTWhy Drones are the Future of IoT
Why Drones are the Future of IoTColin Snow
 
Automated Deployment with Maven - going the whole nine yards
Automated Deployment with Maven - going the whole nine yardsAutomated Deployment with Maven - going the whole nine yards
Automated Deployment with Maven - going the whole nine yardsJohn Ferguson Smart Limited
 
API Management architect presentation
API Management architect presentationAPI Management architect presentation
API Management architect presentationsflynn073
 
Token Based Authentication Systems with AngularJS & NodeJS
Token Based Authentication Systems with AngularJS & NodeJSToken Based Authentication Systems with AngularJS & NodeJS
Token Based Authentication Systems with AngularJS & NodeJSHüseyin BABAL
 
エンタープライズIT環境での OpenID Connect / SCIM の具体的実装方法 idit2014
エンタープライズIT環境での OpenID Connect / SCIM の具体的実装方法 idit2014エンタープライズIT環境での OpenID Connect / SCIM の具体的実装方法 idit2014
エンタープライズIT環境での OpenID Connect / SCIM の具体的実装方法 idit2014Takashi Yahata
 
Synergies of Cloud Identity: Putting it All Together
Synergies of Cloud Identity: Putting it All TogetherSynergies of Cloud Identity: Putting it All Together
Synergies of Cloud Identity: Putting it All TogetherTwobo Technologies
 
Transforming organizations into platforms
Transforming organizations into platformsTransforming organizations into platforms
Transforming organizations into platformsTwobo Technologies
 
OpenID ConnectとSCIMの標準化動向
OpenID ConnectとSCIMの標準化動向OpenID ConnectとSCIMの標準化動向
OpenID ConnectとSCIMの標準化動向Tatsuo Kudo
 
Five Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern IdentityFive Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern IdentityMark Diodati
 
SCIM presentation from CIS 2012
SCIM presentation from CIS 2012SCIM presentation from CIS 2012
SCIM presentation from CIS 2012Twobo Technologies
 
Twobo LDAP Attribute Store for ADFS
Twobo LDAP Attribute Store for ADFSTwobo LDAP Attribute Store for ADFS
Twobo LDAP Attribute Store for ADFSTwobo Technologies
 

Andere mochten auch (20)

Designing an API
Designing an APIDesigning an API
Designing an API
 
Disrupting the Car Industry and Driver Experience with APIs - API Days San Fr...
Disrupting the Car Industry and Driver Experience with APIs - API Days San Fr...Disrupting the Car Industry and Driver Experience with APIs - API Days San Fr...
Disrupting the Car Industry and Driver Experience with APIs - API Days San Fr...
 
Fidor TecS AG Company Presentation
Fidor TecS AG Company PresentationFidor TecS AG Company Presentation
Fidor TecS AG Company Presentation
 
The end of polling (Audrey Neveu)
The end of polling (Audrey Neveu)The end of polling (Audrey Neveu)
The end of polling (Audrey Neveu)
 
Why should C-Level care about APIs? It's the new economy, stupid.
Why should C-Level care about APIs? It's the new economy, stupid.Why should C-Level care about APIs? It's the new economy, stupid.
Why should C-Level care about APIs? It's the new economy, stupid.
 
The future of Banking @ Social Media Week 2015
The future of Banking @ Social Media Week 2015The future of Banking @ Social Media Week 2015
The future of Banking @ Social Media Week 2015
 
Why Drones are the Future of IoT
Why Drones are the Future of IoTWhy Drones are the Future of IoT
Why Drones are the Future of IoT
 
Automated Deployment with Maven - going the whole nine yards
Automated Deployment with Maven - going the whole nine yardsAutomated Deployment with Maven - going the whole nine yards
Automated Deployment with Maven - going the whole nine yards
 
EVOLVE'13 | Keynote | Roy Fielding
EVOLVE'13 | Keynote | Roy FieldingEVOLVE'13 | Keynote | Roy Fielding
EVOLVE'13 | Keynote | Roy Fielding
 
API Management architect presentation
API Management architect presentationAPI Management architect presentation
API Management architect presentation
 
Token Based Authentication Systems with AngularJS & NodeJS
Token Based Authentication Systems with AngularJS & NodeJSToken Based Authentication Systems with AngularJS & NodeJS
Token Based Authentication Systems with AngularJS & NodeJS
 
エンタープライズIT環境での OpenID Connect / SCIM の具体的実装方法 idit2014
エンタープライズIT環境での OpenID Connect / SCIM の具体的実装方法 idit2014エンタープライズIT環境での OpenID Connect / SCIM の具体的実装方法 idit2014
エンタープライズIT環境での OpenID Connect / SCIM の具体的実装方法 idit2014
 
Synergies of Cloud Identity: Putting it All Together
Synergies of Cloud Identity: Putting it All TogetherSynergies of Cloud Identity: Putting it All Together
Synergies of Cloud Identity: Putting it All Together
 
Transforming organizations into platforms
Transforming organizations into platformsTransforming organizations into platforms
Transforming organizations into platforms
 
Beveiliging en REST services
Beveiliging en REST servicesBeveiliging en REST services
Beveiliging en REST services
 
OpenID ConnectとSCIMの標準化動向
OpenID ConnectとSCIMの標準化動向OpenID ConnectとSCIMの標準化動向
OpenID ConnectとSCIMの標準化動向
 
#dd12 OAuth for Domino Developers
#dd12 OAuth for Domino Developers#dd12 OAuth for Domino Developers
#dd12 OAuth for Domino Developers
 
Five Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern IdentityFive Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern Identity
 
SCIM presentation from CIS 2012
SCIM presentation from CIS 2012SCIM presentation from CIS 2012
SCIM presentation from CIS 2012
 
Twobo LDAP Attribute Store for ADFS
Twobo LDAP Attribute Store for ADFSTwobo LDAP Attribute Store for ADFS
Twobo LDAP Attribute Store for ADFS
 

Ähnlich wie The JSON-based Identity Protocol Suite

A Primer on JSON Web Tokens
A Primer on JSON Web TokensA Primer on JSON Web Tokens
A Primer on JSON Web TokensChris Herbert
 
NoSql-YesSQL mickey alon
NoSql-YesSQL mickey alon NoSql-YesSQL mickey alon
NoSql-YesSQL mickey alon Mickey Alon
 
IoT関連技術の動向@IETF87
IoT関連技術の動向@IETF87IoT関連技術の動向@IETF87
IoT関連技術の動向@IETF87Shoichi Sakane
 
HFile: A Block-Indexed File Format to Store Sorted Key-Value Pairs
HFile: A Block-Indexed File Format to Store Sorted Key-Value PairsHFile: A Block-Indexed File Format to Store Sorted Key-Value Pairs
HFile: A Block-Indexed File Format to Store Sorted Key-Value PairsSchubert Zhang
 
I Left My JWT in San JOSE
I Left My JWT in San JOSEI Left My JWT in San JOSE
I Left My JWT in San JOSEBrian Campbell
 
Introduction to the Emerging JSON-Based Identity and Security Protocols
Introduction to the Emerging JSON-Based Identity and Security ProtocolsIntroduction to the Emerging JSON-Based Identity and Security Protocols
Introduction to the Emerging JSON-Based Identity and Security ProtocolsBrian Campbell
 
HBase Data Modeling and Access Patterns with Kite SDK
HBase Data Modeling and Access Patterns with Kite SDKHBase Data Modeling and Access Patterns with Kite SDK
HBase Data Modeling and Access Patterns with Kite SDKHBaseCon
 
Event-driven IO server-side JavaScript environment based on V8 Engine
Event-driven IO server-side JavaScript environment based on V8 EngineEvent-driven IO server-side JavaScript environment based on V8 Engine
Event-driven IO server-side JavaScript environment based on V8 EngineRicardo Silva
 
What’s new in JSR 367 Java API for JSON Binding
What’s new in JSR 367 Java API for JSON BindingWhat’s new in JSR 367 Java API for JSON Binding
What’s new in JSR 367 Java API for JSON BindingDmitry Kornilov
 
BCS_PKI_part1.ppt
BCS_PKI_part1.pptBCS_PKI_part1.ppt
BCS_PKI_part1.pptUskuMusku1
 
Cassandra 3.0 - JSON at scale - StampedeCon 2015
Cassandra 3.0 - JSON at scale - StampedeCon 2015Cassandra 3.0 - JSON at scale - StampedeCon 2015
Cassandra 3.0 - JSON at scale - StampedeCon 2015StampedeCon
 
Overview of JSON Object Signing and Encryption
Overview of JSON Object Signing and EncryptionOverview of JSON Object Signing and Encryption
Overview of JSON Object Signing and EncryptionMasaru Kurahayashi
 
Best Practices of IoT in the Cloud
Best Practices of IoT in the CloudBest Practices of IoT in the Cloud
Best Practices of IoT in the CloudAmazon Web Services
 
Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the CloudBest Practices for IoT Security in the Cloud
Best Practices for IoT Security in the CloudAmazon Web Services
 
Introduction to JWT and How to integrate with Spring Security
Introduction to JWT and How to integrate with Spring SecurityIntroduction to JWT and How to integrate with Spring Security
Introduction to JWT and How to integrate with Spring SecurityBruno Henrique Rother
 
支撐英雄聯盟戰績網的那條巨蟒
支撐英雄聯盟戰績網的那條巨蟒支撐英雄聯盟戰績網的那條巨蟒
支撐英雄聯盟戰績網的那條巨蟒Toki Kanno
 
Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the CloudBest Practices for IoT Security in the Cloud
Best Practices for IoT Security in the CloudAmazon Web Services
 

Ähnlich wie The JSON-based Identity Protocol Suite (20)

JWTs and JOSE in a flash
JWTs and JOSE in a flashJWTs and JOSE in a flash
JWTs and JOSE in a flash
 
A Primer on JSON Web Tokens
A Primer on JSON Web TokensA Primer on JSON Web Tokens
A Primer on JSON Web Tokens
 
NoSql-YesSQL mickey alon
NoSql-YesSQL mickey alon NoSql-YesSQL mickey alon
NoSql-YesSQL mickey alon
 
IoT関連技術の動向@IETF87
IoT関連技術の動向@IETF87IoT関連技術の動向@IETF87
IoT関連技術の動向@IETF87
 
HFile: A Block-Indexed File Format to Store Sorted Key-Value Pairs
HFile: A Block-Indexed File Format to Store Sorted Key-Value PairsHFile: A Block-Indexed File Format to Store Sorted Key-Value Pairs
HFile: A Block-Indexed File Format to Store Sorted Key-Value Pairs
 
I Left My JWT in San JOSE
I Left My JWT in San JOSEI Left My JWT in San JOSE
I Left My JWT in San JOSE
 
Introduction to the Emerging JSON-Based Identity and Security Protocols
Introduction to the Emerging JSON-Based Identity and Security ProtocolsIntroduction to the Emerging JSON-Based Identity and Security Protocols
Introduction to the Emerging JSON-Based Identity and Security Protocols
 
HBase Data Modeling and Access Patterns with Kite SDK
HBase Data Modeling and Access Patterns with Kite SDKHBase Data Modeling and Access Patterns with Kite SDK
HBase Data Modeling and Access Patterns with Kite SDK
 
Event-driven IO server-side JavaScript environment based on V8 Engine
Event-driven IO server-side JavaScript environment based on V8 EngineEvent-driven IO server-side JavaScript environment based on V8 Engine
Event-driven IO server-side JavaScript environment based on V8 Engine
 
Pki by Steve Lamb
Pki by Steve LambPki by Steve Lamb
Pki by Steve Lamb
 
What’s new in JSR 367 Java API for JSON Binding
What’s new in JSR 367 Java API for JSON BindingWhat’s new in JSR 367 Java API for JSON Binding
What’s new in JSR 367 Java API for JSON Binding
 
BCS_PKI_part1.ppt
BCS_PKI_part1.pptBCS_PKI_part1.ppt
BCS_PKI_part1.ppt
 
Cassandra 3.0 - JSON at scale - StampedeCon 2015
Cassandra 3.0 - JSON at scale - StampedeCon 2015Cassandra 3.0 - JSON at scale - StampedeCon 2015
Cassandra 3.0 - JSON at scale - StampedeCon 2015
 
Hfile格式详细介绍
Hfile格式详细介绍Hfile格式详细介绍
Hfile格式详细介绍
 
Overview of JSON Object Signing and Encryption
Overview of JSON Object Signing and EncryptionOverview of JSON Object Signing and Encryption
Overview of JSON Object Signing and Encryption
 
Best Practices of IoT in the Cloud
Best Practices of IoT in the CloudBest Practices of IoT in the Cloud
Best Practices of IoT in the Cloud
 
Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the CloudBest Practices for IoT Security in the Cloud
Best Practices for IoT Security in the Cloud
 
Introduction to JWT and How to integrate with Spring Security
Introduction to JWT and How to integrate with Spring SecurityIntroduction to JWT and How to integrate with Spring Security
Introduction to JWT and How to integrate with Spring Security
 
支撐英雄聯盟戰績網的那條巨蟒
支撐英雄聯盟戰績網的那條巨蟒支撐英雄聯盟戰績網的那條巨蟒
支撐英雄聯盟戰績網的那條巨蟒
 
Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the CloudBest Practices for IoT Security in the Cloud
Best Practices for IoT Security in the Cloud
 

Kürzlich hochgeladen

Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 

Kürzlich hochgeladen (20)

Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 

The JSON-based Identity Protocol Suite

  • 1. The JSON-based Identity Protocol Suite By Travis Spencer Copyright © 2013 Twobo Technologies AB.
  • 2. Overview of the Protocol Suite  JavaScript Object Notation (JSON) – Data encoding format popularized by AJAX & REST  All being defined in IETF  Used to encode OAuth 2.0 security model  Tokens (JWT) Encryption (JWE)  Keys (JWK) Signatures (JWS)  OAuth 2.0 Bearer Token spec binds it to OAuth  Basis of OAuth and OpenID Connect Copyright © 2013 Twobo Technologies AB.
  • 3. Overview of JWT  JWT – pronounced “jot” – are lightweight tokens passed in HTTP headers & query strings  Three basic sections – header, claims, signature  Akin to SAML tokens  Less expressive  Less security options  Encoded w/ JSON not XML for compactness Copyright © 2013 Twobo Technologies AB.
  • 4. Basic Layout & Wire Format Header Claims Crypto JWT Token base64url(Header) + “.” + base64url(Claims) + “.” + base64url(Crypto) Copyright © 2013 Twobo Technologies AB.
  • 5. Claims Section  Reserved (but optional) claim names  Expiration time (exp) Issuer (iss)  Not before (nbf) Type (typ)  Issued at (iat) Audience (aud)  Public claim names  IANA JWT claims registry  Domain name, OID, or UUID  Private claim names – Any unused name  Value can be any JSON type Copyright © 2013 Twobo Technologies AB.
  • 6. Overview of JWE  Used to encrypt JWTs  Supports symmetric & asymmetric encryption  Three basic sections – header, key, ciphertext  Plaintext may be signed first  Encryption algorithm  RSA1_5 A(128|256)KW  RSA-OAEP A(128|256)GCM  ECDH-ES  Cyphertext is put in the crypto section of the JWT Copyright © 2013 Twobo Technologies AB.
  • 7. Basic Layout & Wire Format Header Key Ciphertext JWE JWE = base64url(Header) + “.” + base64url(Key) + “.” + base64url(Ciphertext) Copyright © 2013 Twobo Technologies AB.
  • 8. Overview of JWK  Array of public keys encoded as JSON objects  Intended for inclusion in JWS for signature verification  Explicit support for Elliptic Curve and RSA keys Copyright © 2013 Twobo Technologies AB.
  • 9. JWK Example {“keyvalues” : {“algorithm” : “RSA”, [ “modulus” : “…”, {“algorithm” : “EC”, “exponent” : “…”, “curve” : “P-256”, “keyid” : “…”} ] “x” : “…”, } “y” : “…”, “use” : “encryption”, “keyid” : “1”}, Copyright © 2013 Twobo Technologies AB.
  • 10. Overview of JWS  Header input is JWT header  Payload input is JWT claims  Output is appended to JWT inputs & (optionally) points to the JWK that was used  Supports symmetric & asymmetric signing algorithms  HMAC SHA RSA SHA  ECDSA w/ curve P & SHA Copyright © 2013 Twobo Technologies AB.
  • 11. Basic Layout & Wire Format Header Payload JWS JWS = base64url(sig(base64url(Header) + “.” + base64url(Payload))) Copyright © 2013 Twobo Technologies AB.
  • 12. Questions & Thanks @2botech @travisspencer www.2botech.com www.travisspencer.com Copyright © 2013 Twobo Technologies AB.

Hinweis der Redaktion

  1. Crypto = Signature & Ciphertext