OAuth Multiple Lifetime Token

•Als PPTX, PDF herunterladen•

1 gefällt mir•935 views

Yusuke Kondo

Technologie News & Politik

OAuth Multiple lifetime token
by Yahoo! Japan

1 Copyright © 2010 Yahoo Japan Corporation. All Rights Reserved. 無断引用・転載禁止
Summary
–Proposal toward OAuth v2 spec
–multiple lifetime tokens
(access_token & refresh_token)
–no change in process of OAuth, only
change in token,lifetime and scope
parameter.
–Introduction of Yahoo! JAPAN OAuth
API and security policy

2 Copyright © 2010 Yahoo Japan Corporation. All Rights Reserved. 無断引用・転載禁止
Yahoo! JAPAN OAuth APIs
Payment API ”Credit Card Payment”
Point API ”Award and use Y!Points”
Contacts API ”Read Contact List of Y!Mail”
Social API ”Read & Update Y!Profiles”
Attribute API ”Read User Attributes”
Auction API ”Bidding or Selling at Y!Auction”

3 Copyright © 2010 Yahoo Japan Corporation. All Rights Reserved. 無断引用・転載禁止
Security Level of APIs
Security Level
Token
Lifetime
Payment API
Y! Point API high short
Attribute API
Contacts API
middle medium
Social APIs
(User Status &
Updates)
low long

$7 Copyright © 2010 Yahoo Japan Corporation. All Rights Reserved. 無断引用・転載禁止 Idea of multiple liftetime access token – Manage each access token lifetime by “expires_in” { “scope": “payment social" "access_token": "SlAV32hkKG V2v5ehmLY" "expires_in": "3600 1206900" } expires in 1h. expires in 2w$

$8 Copyright © 2010 Yahoo Japan Corporation. All Rights Reserved. 無断引用・転載禁止 Idea of multiple lifetime refresh_token – set access token lifetimes short and set refresh_token lifetimes longer { “scope": “payment social" "access_token": "SlAV32hkKG V2v5ehmLY" "expires_in": "3600 3600" "refresh_token": "8xLOxBtZp8 7euhZh4E" } expires in 1h. expires in 2w$

Weitere ähnliche Inhalte

Ähnlich wie OAuth Multiple Lifetime Token

John DaSilva, Identity Architect, Ping Identity Brian Campbell, Portfolio Architect, Ping Identity If you asked yourself the question, "What is OAuth and will it solve my mobile device SSO headaches?” then this is the session for you! In this bootcamp, you will learn the basic foundations of OAuth, the drivers (the “why”) behind it, the use cases, the protocol flow and basic terminology. Once we have a basic understanding of OAuth, we will explore various implementation strategies for OAuth 2.0. We’ll dissect the Web Server, User Agent and Native Application use cases, and describe how to configure OAuth in PingFederate Authorization Server. We will even take a look at the up and coming OpenID Connect specification. Bring your laptop; a configuration of PingFederate that you can set up and temporary product licenses will be supplied.

CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...

CloudIDSummit

OAuth - Don’t Throw the Baby Out with the Bathwater

Apigee | Google Cloud

170724 JP/UK Open Banking Summit English Translation

Nat Sakimura

Oauth2.0

Yasmine Gaber

Find out how today’s authorization experts are getting maximum value from OAuth OAuth has quickly become the key standard for authorization across mobile apps and the Web. But are you getting the most out of OAuth? Join Mehdi Medjaoul, Co-Founder & Executive Director of Webshell – the company behind OAuth.io – and Scott Morrison, former CTO of Layer 7 and now Distinguished Engineer at CA Technologies, as they discuss how authorization experts are really using OAuth today.

OAuth in the Real World featuring Webshell

CA API Management

John Bradley, Senior Technical Architect, Ping Identity OAuth 2.0 is the future of API Security, allowing software clients to request and use access tokens to access necessary APIs rather than caching and replaying usernames and passwords on every API fetch. John Bradley will explain the OAuth 2.0 protocol from top to bottom. Response types, authorization codes, front-channel vs. back-channel architecture decisions, security considerations and best practices will all be discussed. If you want to really understand OAuth, this session will dig deep.

CIS13: Introduction to OAuth 2.0

CloudIDSummit

OAuth 2.0 (RFC 6749/50) is a delegated authorization framework that makes requesting access for and authenticating as a client to an API as easy as getting a token and using a token. This session will explore the different OAuth flows in the spec as will as discuss extensions such as the JWT assertion flow and SAML bearer extension, and will also discuss security mitigations needed to use the protocol safely.

CIS 2015 Extreme OAuth - Paul Meyer

CloudIDSummit

Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...

Hitachi, Ltd. OSS Solution Center.

Single-Page-Application & REST security

Igor Bossenko

2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...

APIsecure_ Official

Why Assertion-based Access Token is preferred to Handle-based one?

Hitachi, Ltd. OSS Solution Center.

Introducing Open APIs and the security risks involved and the great rewards that can be reaped. Going through the advantages of using and publishing APIs and how to get started, how to handle security risks with a "neo-security" stack and how Twitters API has been used to analyse Twitter use in Sweden. Lightning talk from Øredev 7 november 2013 in Malmö Sweden. Presented by Andreas Krohn, Travis Spencer and Hampus Brynolf. More information at http://nordicapis.com/oredev2013.

Open APIs - Risks and Rewards (Øredev 2013)

Nordic APIs

OAuth2 Introduction

Arpit Suthar

The existence of an API allows developers to extend software so as to cater for unique use cases beyond the software's original scope. Administrators and end users of JIRA 5 can expect its REST API to enable the creation of integrated applications to solve their unique concerns. This presentation aims to describe ways in which the JIRA 5 REST API can be used to make a tangible impact for the end user. Several use cases will be discussed, ranging from running simple command line apps, through to creating web applications that integrate with the JIRA 5 REST API.

Extend Your Use of JIRA by Solving Your Unique Concerns: An Exposé of the New...

Atlassian

Extend Your Use of JIRA by Solving Your Unique Concerns: An Exposé of the New...

Atlassian

AT&T 2012 DevLab Speech API Deep Dive

Michael Owens

Authorization Architecture Patterns: How to Avoid Pitfalls in #OAuth / #OIDC ...

Tatsuo Kudo

Introduction to OAuth2.0

Oracle Corporation

Authorization Using JWTs

ForgeRock Identity Tech Talks

In this webinar from November 2015, John Barco (VP of Product Management) and Tim Sedlack (Sr. Product Manager) take you on a journey: A long time ago in a technology sector far, far away, organizations were promised a unified platform for centralizing identity and integrating it into resources everywhere. But this promise was never realized. Instead, organizations were forced down a dark path to implement a piecemeal identity infrastructure that was painful, with massive integration costs. Finally, the wait is over. In this webinar, we will provide an overview of ForgeRock's unified platform and highlight all the common services provided across the end-to-end solution to make your life easier. Learn more about ForgeRock Access Management: https://www.forgerock.com/platform/access-management/ Learn more about ForgeRock Identity Management: https://www.forgerock.com/platform/identity-management/

Webinar: Identity Wars: The Unified Platform Awakens

ForgeRock

Ähnlich wie OAuth Multiple Lifetime Token (20)

CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...

OAuth - Don’t Throw the Baby Out with the Bathwater

170724 JP/UK Open Banking Summit English Translation

Oauth2.0

OAuth in the Real World featuring Webshell

CIS13: Introduction to OAuth 2.0

CIS 2015 Extreme OAuth - Paul Meyer

Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...

Single-Page-Application & REST security

2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...

Why Assertion-based Access Token is preferred to Handle-based one?

Open APIs - Risks and Rewards (Øredev 2013)

OAuth2 Introduction

Extend Your Use of JIRA by Solving Your Unique Concerns: An Exposé of the New...

AT&T 2012 DevLab Speech API Deep Dive

Authorization Architecture Patterns: How to Avoid Pitfalls in #OAuth / #OIDC ...

Introduction to OAuth2.0

Authorization Using JWTs

Webinar: Identity Wars: The Unified Platform Awakens

Kürzlich hochgeladen

Vector Search -An Introduction in Oracle Database 23ai.pptx

Remote DBA Services

Dubai, known for its towering skyscrapers, luxurious lifestyle, and relentless pursuit of innovation, often finds itself in the global spotlight. However, amidst the glitz and glamour, the emirate faces its own set of challenges, including the occasional threat of flooding. In recent years, Dubai has experienced sporadic but significant floods, disrupting normalcy and posing unique challenges to its infrastructure. Among the critical nodes in this bustling metropolis is the Dubai International Airport, a vital hub connecting the world. This article delves into the intersection of Dubai flood events and the resilience demonstrated by the Dubai International Airport in the face of such challenges.

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Orbitshub

Whatsapp Number Escorts Call girls 8617370543 Available 24x7 Mcleodganj Call Girls Service Offer Genuine VIP Model Escorts Call Girls in Your Budget. Mcleodganj Call Girls Service Provide Real Call Girls Number. Make Your Sexual Pleasure Memorable with Our Mcleodganj Call Girls at Affordable Price. Top VIP Escorts Call Girls, High Profile Independent Escorts Call Girls, Housewife Women Escorts Call Girl, College Girls Escorts Call Girls, Russian Escorts Call girls Service in Your Budget.

Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model

Deepika Singh

Exploring Multimodal Embeddings with Milvus

Zilliz

Webinar Recording: https://www.panagenda.com/webinars/why-teams-call-analytics-is-critical-to-your-entire-business Nothing is as frustrating and noticeable as being in an important call and being unable to see or hear the other person. Not surprising then, that issues with Teams calls are among the most common problems users call their helpdesk for. Having in depth insight into everything relevant going on at the user’s device, local network, ISP and Microsoft itself during the call is crucial for good Microsoft Teams Call quality support. To ensure a quick and adequate solution and to ensure your users get the most out of their Microsoft 365. But did you know that ‘bad calls’ are also an excellent indicator of other problems arising? Precisely because it is so noticeable!? Like the canary in the mine, bad calls can be early indicators of problems. Problems that might otherwise not have been noticed for a while but can have a big impact on productivity and satisfaction. Join this session by Christoph Adler to learn how true Microsoft Teams call quality analytics helped other organizations troubleshoot bad calls and identify and fix problems that impacted Teams calls or the use of Microsoft365 in general. See what it can do to keep your users happy and productive! In this session we will cover - Why CQD data alone is not enough to troubleshoot call problems - The importance of attributing call problems to the right call participant - What call quality analytics can do to help you quickly find, fix-, and prevent problems - Why having retrospective detailed insights matters - Real life examples of how others have used Microsoft Teams call quality monitoring to problem shoot problems with their ISP, network, device health and more.

Why Teams call analytics are critical to your entire business

panagenda

MINDCTI Revenue Release Quarter One 2024

MIND CTI

[BuildWithAI] Introduction to Gemini.pdf

Sandro Moreira

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

MadyBayot

The Good, the Bad and the Governed - Why is governance a dirty word? David O'Neill, Chief Operating Officer - APIContext Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

apidays

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the deployment of external web forms using Jotform for Bonterra Impact Management. This solution can be customized to your organization’s needs and deployed to support the common use cases below: - Intake and consent - Assessments - Surveys - Applications - Program registration Interested in deploying web form automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Jeffrey Haguewood

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Zilliz

Passkeys: Developing APIs to enable passwordless authentication Cody Salas, Sr Developer Advocate | Solutions Architect - Yubico Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

apidays

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

ICT role in 21st century education and its challenges

rafiqahmad00786416

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

Following the popularity of “Cloud Revolution: Exploring the New Wave of Serverless Spatial Data,” we’re thrilled to announce this much-anticipated encore webinar. In this sequel, we’ll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you’re building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

Corporate and higher education. Two industries that, in the past, have had a clear divide with very little crossover. The difference in goals, learning styles and objectives paved the way for differing learning technologies platforms to evolve. Now, those stark lines are blurring as both sides are discovering they have content that’s relevant to the other. Join Tammy Rutherford as she walks through the pros and cons of corporate and higher ed collaborating. And the challenges of these different technology platforms working together for a brighter future.

Corporate and higher education May webinar.pptx

Rustici Software

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Edi Saputra

Kürzlich hochgeladen (20)

Vector Search -An Introduction in Oracle Database 23ai.pptx

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model

Exploring Multimodal Embeddings with Milvus

Why Teams call analytics are critical to your entire business

MINDCTI Revenue Release Quarter One 2024

[BuildWithAI] Introduction to Gemini.pdf

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Strategies for Landing an Oracle DBA Job as a Fresher

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

AWS Community Day CPH - Three problems of Terraform

ICT role in 21st century education and its challenges

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Corporate and higher education May webinar.pptx

presentation ICT roal in 21st century education

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

OAuth Multiple Lifetime Token

1. OAuth Multiple lifetime token by Yahoo! Japan

2. 1 Copyright © 2010 Yahoo Japan Corporation. All Rights Reserved. 無断引用・転載禁止 Summary –Proposal toward OAuth v2 spec –multiple lifetime tokens (access_token & refresh_token) –no change in process of OAuth, only change in token,lifetime and scope parameter. –Introduction of Yahoo! JAPAN OAuth API and security policy

3. 2 Copyright © 2010 Yahoo Japan Corporation. All Rights Reserved. 無断引用・転載禁止 Yahoo! JAPAN OAuth APIs Payment API ”Credit Card Payment” Point API ”Award and use Y!Points” Contacts API ”Read Contact List of Y!Mail” Social API ”Read & Update Y!Profiles” Attribute API ”Read User Attributes” Auction API ”Bidding or Selling at Y!Auction”

4. 3 Copyright © 2010 Yahoo Japan Corporation. All Rights Reserved. 無断引用・転載禁止 Security Level of APIs Security Level Token Lifetime Payment API Y! Point API high short Attribute API Contacts API middle medium Social APIs (User Status & Updates) low long

5. 4 Copyright © 2010 Yahoo Japan Corporation. All Rights Reserved. 無断引用・転載禁止 Current issue – Moba-ge-town(http://yahoo-mbga.jp/) – Social API (security level: low) – Update Yahoo! Profile – Contacts API (security level: middle) – Find Friends, Send Invitation to Friends – Payment API (security level: high) – Purchase Avatar Item, Virtual coin expires in 2w

6. 5 Copyright © 2010 Yahoo Japan Corporation. All Rights Reserved. 無断引用・転載禁止 Web Server Profile User-Agent (Web browser) Client (Web App) AuthZ Server (Service Provider) Access Grant Ask for Permission Authorization Request w/ multiple scopes Authorization code & multiple scopes Authorization code & multiple scopes Access(and refresh) Tokens with different lifetime w/ multiple scopes

7. 6 Copyright © 2010 Yahoo Japan Corporation. All Rights Reserved. 無断引用・転載禁止 User-agent Profile – Still needs consideration about the URL lengh User-Agent (Web browser) AuthZ Server (Service provider Access Grant Ask for Permission Authorization Request w/ multiple scopes multiple Access(or refresh) Token with different lifetime w/ multiple scopes

8. 7 Copyright © 2010 Yahoo Japan Corporation. All Rights Reserved. 無断引用・転載禁止 Idea of multiple liftetime access token – Manage each access token lifetime by “expires_in” { “scope": “payment social" "access_token": "SlAV32hkKG V2v5ehmLY" "expires_in": "3600 1206900" } expires in 1h. expires in 2w

9. 8 Copyright © 2010 Yahoo Japan Corporation. All Rights Reserved. 無断引用・転載禁止 Idea of multiple lifetime refresh_token – set access token lifetimes short and set refresh_token lifetimes longer { “scope": “payment social" "access_token": "SlAV32hkKG V2v5ehmLY" "expires_in": "3600 3600" "refresh_token": "8xLOxBtZp8 7euhZh4E" } expires in 1h. expires in 2w

OAuth Multiple Lifetime Token

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Ähnlich wie OAuth Multiple Lifetime Token

Ähnlich wie OAuth Multiple Lifetime Token (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

OAuth Multiple Lifetime Token