SlideShare a Scribd company logo

Introduction to OpenID TX proposed extension

Download as PPT, PDF
Nat Sakimura
Nat Sakimura

The document provides an overview of the Trust Exchange (TX) extension for OpenID, which allows for contract-driven data exchange to enable more secure transactions. The TX extension defines protocols for contract negotiation using either synchronous POST binding or asynchronous artifact binding. It also defines an optional data transfer method and formats for contract proposals and signed contracts containing terms like participant IDs, amounts, signatures, and expiration dates. The goal is to augment OpenID with stronger authentication and secure attribute exchange for sensitive transactions.

Technology
1 of 13
An Introduction to OpenID TX ver. 1.4 Nat Sakimura (=nat)‏ Nov. 11, 2008
Preface ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Contents ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Why TX? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Contract Driven Data Exchange = Trust Exchange (TX)‏
Highlight ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
OpenID Login + Payment (synchronous)‏ OP(Level 1)‏ User (Browser)‏ XRDS OP(Level 2 + Payment)‏ RP(Shopping)‏ Click “Login to check out” button Find the service for level 1 auth and Level 2+Payment auth Redirect to the Level 1 auth OP AuthN with Username and password etc. Positive Assertion Show Order Form Click on “Buy” button Positive Assertion +[TX] Contract Autn with 2 nd factor etc. “ Thanks!” screen Login to Checkout taro123 ***** Buy 暗証番号 Thanks! Approval Signing Legend OpenID Authentication User AuthN OpenID (TX)‏ Approval/Signing POST Binding Redirect to L2+Payment OP with [TX]POST Contract Proposal Proposal Signing
OpenID Login + Payment (synchronous)‏ OP(Level 1)‏ User (Browser)‏ XRDS OP(Level 2 + Payment)‏ RP(Shopping)‏ Click “Login to check out” button Find the service for level 1 auth and Level 2+Payment auth Redirect to the Level 1 auth OP AuthN with Username and password etc. Positive Assertion Show Order Form Click on “Buy” button Positive Assertion + tx.c.tatus=Pending Autn with 2 nd factor etc. “ Thanks!” screen Login to Checkout taro123 ***** Buy 暗証番号 Thanks! Approval Signing Legend OpenID Authentication User AuthN OpenID (TX)‏ Approval/Signing POST Binding Redirect to L2+Payment OP with [TX]POST Contract Proposal Proposal Signing
Notification OP(Level 1)‏ User (Browser)‏ XRDS OP(Level 2 + Payment)‏ RP(Shopping)‏ [TX] send Contract based Request [TX] Receive Data Legend OpenID Authentication User AuthN OpenID (TX)‏ Approval/Signing [TX] Notification (status)‏ Status: Contract Complete, Data Changed, Contract terminated, ID removed [TX] Notification OP to RP notification RP to OP notification
Data Transfer (Optional)‏ OP(Level 1)‏ User (Browser)‏ XRDS OP(Level 2 + Payment)‏ RP(Shopping)‏ [TX] GET with Contract ID + Signature [TX] Receive Data Legend OpenID Authentication User AuthN OpenID (TX)‏ Approval/Signing N.B. Although TX defines a default Data Transfer protocol, it can be substituted by any other methods as long as it is specified in the Contract.
OpenID Login + Payment (synchronous)‏ OP(Level 1)‏ User (Browser)‏ XRDS OP(Level 2 + Payment)‏ RP(Shopping)‏ Click “Login to check out” button Find the service for level 1 auth and Level 2+Payment auth Redirect to the Level 1 auth OP AuthN with Username and password etc. Positive Assertion Show Order Form Click on “Buy” button Redirect to L2+Payment OP with Transaction ID Positive Assertion +Contract ID Autn with 2 nd factor etc. “ Thanks!” screen Login to Checkout taro123 ***** Buy 暗証番号 Thanks! Approval Signing [TX]POST Contract Proposal [TX] Transaction ID [TX] send Contract ID [TX] Receive Contract Legend OpenID Authentication User AuthN OpenID (TX)‏ Approval/Signing Artifact Binding Proposal Signing
OpenID Login + Payment (asynchronous)‏ OP(Level 1)‏ User (Browser)‏ XRDS OP(Level 2 + Payment)‏ RP(Shopping)‏ Click “Login to check out” button Find the service for level 1 auth and Level 2+Payment auth Redirect to the Level 1 auth OP AuthN with Username and password etc. Positive Assertion Show Order Form Click on “Buy” button Redirect to L2+Payment OP with Transaction ID Positive Assertion + tx.c.tatus=Pending Autn with 2 nd factor etc. “ Thanks!” screen Login to Checkout taro123 ***** Buy 暗証番号 Thanks! Approval Signing [TX]POST Contract Proposal [TX] Transaction ID [TX] send Contract ID [TX] Receive Contract Legend OpenID Authentication User AuthN OpenID (TX)‏ Approval/Signing [TX] Completion Notification Artifact Binding Proposal Signing
Appendix: example proposal ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],NOTE: This is a bit out-of-date See http://sourceforge.jp/projects/openidtx/
Appendix: example contract ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],NOTE: This is a bit out-of-date See http://sourceforge.jp/projects/openidtx/

Recommended

R3Corda_Concepts+Components_AICTE_STTP_2020
R3Corda_Concepts+Components_AICTE_STTP_2020R3Corda_Concepts+Components_AICTE_STTP_2020
R3Corda_Concepts+Components_AICTE_STTP_2020Amritha Antony
 
53398506 10-case-study-digital-signature
53398506 10-case-study-digital-signature53398506 10-case-study-digital-signature
53398506 10-case-study-digital-signatureBookStoreLib
 
Dsa & Digi Cert
Dsa & Digi CertDsa & Digi Cert
Dsa & Digi CertRam Dutt Shukla
 
OPTIMIZING ONE FAIR DOCUMENT EXCHANGE PROTOCOL
OPTIMIZING ONE FAIR DOCUMENT EXCHANGE PROTOCOLOPTIMIZING ONE FAIR DOCUMENT EXCHANGE PROTOCOL
OPTIMIZING ONE FAIR DOCUMENT EXCHANGE PROTOCOLIJNSA Journal
 
Electronic Signature
Electronic SignatureElectronic Signature
Electronic SignatureJoon Young Park
 
Digital signature
Digital signatureDigital signature
Digital signatureCoders Hub
 
Digital signature algorithm (de la cruz, genelyn).ppt 2
Digital signature algorithm (de la cruz, genelyn).ppt 2Digital signature algorithm (de la cruz, genelyn).ppt 2
Digital signature algorithm (de la cruz, genelyn).ppt 2YooGenelyn
 
Blind Signature Scheme
Blind Signature SchemeBlind Signature Scheme
Blind Signature SchemeKelum Senanayake
 

Recommended

R3Corda_Concepts+Components_AICTE_STTP_2020
R3Corda_Concepts+Components_AICTE_STTP_2020R3Corda_Concepts+Components_AICTE_STTP_2020
R3Corda_Concepts+Components_AICTE_STTP_2020Amritha Antony
 
53398506 10-case-study-digital-signature
53398506 10-case-study-digital-signature53398506 10-case-study-digital-signature
53398506 10-case-study-digital-signatureBookStoreLib
 
Dsa & Digi Cert
Dsa & Digi CertDsa & Digi Cert
Dsa & Digi CertRam Dutt Shukla
 
OPTIMIZING ONE FAIR DOCUMENT EXCHANGE PROTOCOL
OPTIMIZING ONE FAIR DOCUMENT EXCHANGE PROTOCOLOPTIMIZING ONE FAIR DOCUMENT EXCHANGE PROTOCOL
OPTIMIZING ONE FAIR DOCUMENT EXCHANGE PROTOCOLIJNSA Journal
 
Electronic Signature
Electronic SignatureElectronic Signature
Electronic SignatureJoon Young Park
 
Digital signature
Digital signatureDigital signature
Digital signatureCoders Hub
 
Digital signature algorithm (de la cruz, genelyn).ppt 2
Digital signature algorithm (de la cruz, genelyn).ppt 2Digital signature algorithm (de la cruz, genelyn).ppt 2
Digital signature algorithm (de la cruz, genelyn).ppt 2YooGenelyn
 
Blind Signature Scheme
Blind Signature SchemeBlind Signature Scheme
Blind Signature SchemeKelum Senanayake
 
Digital signature schemes
Digital signature schemesDigital signature schemes
Digital signature schemesravik09783
 
Digital Signature Certificate
Digital Signature CertificateDigital Signature Certificate
Digital Signature Certificatehome
 
Dss digital signature standard and dsa algorithm
Dss digital signature standard and dsa algorithmDss digital signature standard and dsa algorithm
Dss digital signature standard and dsa algorithmAbhishek Kesharwani
 
Libra Blockchain by SmartContract Thailand
Libra Blockchain by SmartContract ThailandLibra Blockchain by SmartContract Thailand
Libra Blockchain by SmartContract ThailandSathapon Patanakuha
 
Information and data security digital signatures
Information and data security digital signaturesInformation and data security digital signatures
Information and data security digital signaturesMazin Alwaaly
 
Klaytn: Service-Oriented Enterprise-Grade Public Blockchain Platform
Klaytn: Service-Oriented Enterprise-Grade Public Blockchain PlatformKlaytn: Service-Oriented Enterprise-Grade Public Blockchain Platform
Klaytn: Service-Oriented Enterprise-Grade Public Blockchain Platformif kakao
 
Digital signature
Digital signatureDigital signature
Digital signatureNisha Menon K
 
Demonstration of secure socket layer(synopsis)
Demonstration of secure socket layer(synopsis)Demonstration of secure socket layer(synopsis)
Demonstration of secure socket layer(synopsis)Mumbai Academisc
 
Primer to smart contracts, smart property, trustless asset management
Primer to smart contracts, smart property, trustless asset managementPrimer to smart contracts, smart property, trustless asset management
Primer to smart contracts, smart property, trustless asset managementTim Swanson
 
Nat Sakimura Presentation / CloudViews.Org Cloud Computing Conference 2009
Nat Sakimura Presentation / CloudViews.Org Cloud Computing Conference 2009Nat Sakimura Presentation / CloudViews.Org Cloud Computing Conference 2009
Nat Sakimura Presentation / CloudViews.Org Cloud Computing Conference 2009EuroCloud
 
OAuth 2
OAuth 2OAuth 2
OAuth 2ChrisWood262
 
Introducing OpenID 1.0 Protocol: Security and Performance
Introducing OpenID 1.0 Protocol: Security and PerformanceIntroducing OpenID 1.0 Protocol: Security and Performance
Introducing OpenID 1.0 Protocol: Security and PerformanceAmin Saqi
 
1. ibm blockchain explained
1. ibm blockchain explained1. ibm blockchain explained
1. ibm blockchain explainedDiego Alberto Tamayo
 
Session 3 introduction blockchain by franco 22 januari
Session 3 introduction blockchain by franco 22 januariSession 3 introduction blockchain by franco 22 januari
Session 3 introduction blockchain by franco 22 januariArthur Janse
 
Blockchain Essentials and Blockchain on Azure
Blockchain Essentials and Blockchain on AzureBlockchain Essentials and Blockchain on Azure
Blockchain Essentials and Blockchain on AzureNuri Cankaya
 
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...Hitachi, Ltd. OSS Solution Center.
 
Web Security
Web SecurityWeb Security
Web SecurityRam Dutt Shukla
 
Single-Page-Application & REST security
Single-Page-Application & REST securitySingle-Page-Application & REST security
Single-Page-Application & REST securityIgor Bossenko
 
Python, Blockchain, and Byte-Size Change
Python, Blockchain, and Byte-Size ChangePython, Blockchain, and Byte-Size Change
Python, Blockchain, and Byte-Size ChangePortia Burton
 
Ch17
Ch17Ch17
Ch17Joe Christensen
 
HTTPS
HTTPSHTTPS
HTTPSmaroti164
 
Soa Symposium Expressing Service Capabilities Uniformly 2009 10 14 Bc
Soa Symposium Expressing Service Capabilities Uniformly 2009 10 14 BcSoa Symposium Expressing Service Capabilities Uniformly 2009 10 14 Bc
Soa Symposium Expressing Service Capabilities Uniformly 2009 10 14 BcfuzzyBSc
 

More Related Content

What's hot

Digital signature schemes
Digital signature schemesDigital signature schemes
Digital signature schemesravik09783
 
Digital Signature Certificate
Digital Signature CertificateDigital Signature Certificate
Digital Signature Certificatehome
 
Dss digital signature standard and dsa algorithm
Dss digital signature standard and dsa algorithmDss digital signature standard and dsa algorithm
Dss digital signature standard and dsa algorithmAbhishek Kesharwani
 
Libra Blockchain by SmartContract Thailand
Libra Blockchain by SmartContract ThailandLibra Blockchain by SmartContract Thailand
Libra Blockchain by SmartContract ThailandSathapon Patanakuha
 
Information and data security digital signatures
Information and data security digital signaturesInformation and data security digital signatures
Information and data security digital signaturesMazin Alwaaly
 
Klaytn: Service-Oriented Enterprise-Grade Public Blockchain Platform
Klaytn: Service-Oriented Enterprise-Grade Public Blockchain PlatformKlaytn: Service-Oriented Enterprise-Grade Public Blockchain Platform
Klaytn: Service-Oriented Enterprise-Grade Public Blockchain Platformif kakao
 
Demonstration of secure socket layer(synopsis)
Demonstration of secure socket layer(synopsis)Demonstration of secure socket layer(synopsis)
Demonstration of secure socket layer(synopsis)Mumbai Academisc
 

What's hot (8)

Digital signature schemes
Digital signature schemesDigital signature schemes
Digital signature schemes
 
Digital Signature Certificate
Digital Signature CertificateDigital Signature Certificate
Digital Signature Certificate
 
Dss digital signature standard and dsa algorithm
Dss digital signature standard and dsa algorithmDss digital signature standard and dsa algorithm
Dss digital signature standard and dsa algorithm
 
Libra Blockchain by SmartContract Thailand
Libra Blockchain by SmartContract ThailandLibra Blockchain by SmartContract Thailand
Libra Blockchain by SmartContract Thailand
 
Information and data security digital signatures
Information and data security digital signaturesInformation and data security digital signatures
Information and data security digital signatures
 
Klaytn: Service-Oriented Enterprise-Grade Public Blockchain Platform
Klaytn: Service-Oriented Enterprise-Grade Public Blockchain PlatformKlaytn: Service-Oriented Enterprise-Grade Public Blockchain Platform
Klaytn: Service-Oriented Enterprise-Grade Public Blockchain Platform
 
Digital signature
Digital signatureDigital signature
Digital signature
 
Demonstration of secure socket layer(synopsis)
Demonstration of secure socket layer(synopsis)Demonstration of secure socket layer(synopsis)
Demonstration of secure socket layer(synopsis)
 

Similar to Introduction to OpenID TX proposed extension

Primer to smart contracts, smart property, trustless asset management
Primer to smart contracts, smart property, trustless asset managementPrimer to smart contracts, smart property, trustless asset management
Primer to smart contracts, smart property, trustless asset managementTim Swanson
 
Nat Sakimura Presentation / CloudViews.Org Cloud Computing Conference 2009
Nat Sakimura Presentation / CloudViews.Org Cloud Computing Conference 2009Nat Sakimura Presentation / CloudViews.Org Cloud Computing Conference 2009
Nat Sakimura Presentation / CloudViews.Org Cloud Computing Conference 2009EuroCloud
 
Introducing OpenID 1.0 Protocol: Security and Performance
Introducing OpenID 1.0 Protocol: Security and PerformanceIntroducing OpenID 1.0 Protocol: Security and Performance
Introducing OpenID 1.0 Protocol: Security and PerformanceAmin Saqi
 
Session 3 introduction blockchain by franco 22 januari
Session 3 introduction blockchain by franco 22 januariSession 3 introduction blockchain by franco 22 januari
Session 3 introduction blockchain by franco 22 januariArthur Janse
 
Blockchain Essentials and Blockchain on Azure
Blockchain Essentials and Blockchain on AzureBlockchain Essentials and Blockchain on Azure
Blockchain Essentials and Blockchain on AzureNuri Cankaya
 
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...Hitachi, Ltd. OSS Solution Center.
 
Single-Page-Application & REST security
Single-Page-Application & REST securitySingle-Page-Application & REST security
Single-Page-Application & REST securityIgor Bossenko
 
Python, Blockchain, and Byte-Size Change
Python, Blockchain, and Byte-Size ChangePython, Blockchain, and Byte-Size Change
Python, Blockchain, and Byte-Size ChangePortia Burton
 
Soa Symposium Expressing Service Capabilities Uniformly 2009 10 14 Bc
Soa Symposium Expressing Service Capabilities Uniformly 2009 10 14 BcSoa Symposium Expressing Service Capabilities Uniformly 2009 10 14 Bc
Soa Symposium Expressing Service Capabilities Uniformly 2009 10 14 BcfuzzyBSc
 
TBD - Sept 13, 2018 - Signed messages in ethereum - destry saul
TBD - Sept 13, 2018 - Signed messages in ethereum - destry saulTBD - Sept 13, 2018 - Signed messages in ethereum - destry saul
TBD - Sept 13, 2018 - Signed messages in ethereum - destry saulDestry Saul
 
Algorand Smart Contracts
Algorand Smart ContractsAlgorand Smart Contracts
Algorand Smart Contractsssusercc3bf81
 
Whitepaper: What You Should Know About eSignature Law
Whitepaper: What You Should Know About eSignature LawWhitepaper: What You Should Know About eSignature Law
Whitepaper: What You Should Know About eSignature LawDocuSign
 
R3Corda - Architecture Overview - Concepts and Components
R3Corda - Architecture Overview - Concepts and ComponentsR3Corda - Architecture Overview - Concepts and Components
R3Corda - Architecture Overview - Concepts and ComponentsGokul Alex
 

Similar to Introduction to OpenID TX proposed extension (20)

Primer to smart contracts, smart property, trustless asset management
Primer to smart contracts, smart property, trustless asset managementPrimer to smart contracts, smart property, trustless asset management
Primer to smart contracts, smart property, trustless asset management
 
Nat Sakimura Presentation / CloudViews.Org Cloud Computing Conference 2009
Nat Sakimura Presentation / CloudViews.Org Cloud Computing Conference 2009Nat Sakimura Presentation / CloudViews.Org Cloud Computing Conference 2009
Nat Sakimura Presentation / CloudViews.Org Cloud Computing Conference 2009
 
OAuth 2
OAuth 2OAuth 2
OAuth 2
 
Introducing OpenID 1.0 Protocol: Security and Performance
Introducing OpenID 1.0 Protocol: Security and PerformanceIntroducing OpenID 1.0 Protocol: Security and Performance
Introducing OpenID 1.0 Protocol: Security and Performance
 
1. ibm blockchain explained
1. ibm blockchain explained1. ibm blockchain explained
1. ibm blockchain explained
 
Session 3 introduction blockchain by franco 22 januari
Session 3 introduction blockchain by franco 22 januariSession 3 introduction blockchain by franco 22 januari
Session 3 introduction blockchain by franco 22 januari
 
Blockchain Essentials and Blockchain on Azure
Blockchain Essentials and Blockchain on AzureBlockchain Essentials and Blockchain on Azure
Blockchain Essentials and Blockchain on Azure
 
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...
 
Web Security
Web SecurityWeb Security
Web Security
 
Single-Page-Application & REST security
Single-Page-Application & REST securitySingle-Page-Application & REST security
Single-Page-Application & REST security
 
Python, Blockchain, and Byte-Size Change
Python, Blockchain, and Byte-Size ChangePython, Blockchain, and Byte-Size Change
Python, Blockchain, and Byte-Size Change
 
Ch17
Ch17Ch17
Ch17
 
HTTPS
HTTPSHTTPS
HTTPS
 
Soa Symposium Expressing Service Capabilities Uniformly 2009 10 14 Bc
Soa Symposium Expressing Service Capabilities Uniformly 2009 10 14 BcSoa Symposium Expressing Service Capabilities Uniformly 2009 10 14 Bc
Soa Symposium Expressing Service Capabilities Uniformly 2009 10 14 Bc
 
TBD - Sept 13, 2018 - Signed messages in ethereum - destry saul
TBD - Sept 13, 2018 - Signed messages in ethereum - destry saulTBD - Sept 13, 2018 - Signed messages in ethereum - destry saul
TBD - Sept 13, 2018 - Signed messages in ethereum - destry saul
 
ch17.ppt
ch17.pptch17.ppt
ch17.ppt
 
Algorand Smart Contracts
Algorand Smart ContractsAlgorand Smart Contracts
Algorand Smart Contracts
 
Whitepaper: What You Should Know About eSignature Law
Whitepaper: What You Should Know About eSignature LawWhitepaper: What You Should Know About eSignature Law
Whitepaper: What You Should Know About eSignature Law
 
R3Corda - Architecture Overview - Concepts and Components
R3Corda - Architecture Overview - Concepts and ComponentsR3Corda - Architecture Overview - Concepts and Components
R3Corda - Architecture Overview - Concepts and Components
 
SSL
SSLSSL
SSL
 

More from Nat Sakimura

FAPI and beyond - よりよいセキュリティのために
FAPI and beyond - よりよいセキュリティのためにFAPI and beyond - よりよいセキュリティのために
FAPI and beyond - よりよいセキュリティのためにNat Sakimura
 
OpenID in the Digital ID Landscape: A Perspective From the Past to the Future
OpenID in the Digital ID Landscape: A Perspective From the Past to the FutureOpenID in the Digital ID Landscape: A Perspective From the Past to the Future
OpenID in the Digital ID Landscape: A Perspective From the Past to the FutureNat Sakimura
 
170724 JP/UK Open Banking Summit English Translation
170724 JP/UK Open Banking Summit English Translation170724 JP/UK Open Banking Summit English Translation
170724 JP/UK Open Banking Summit English TranslationNat Sakimura
 
Introduction to 
the FAPI Read & Write OAuth Profile - Jan 2018 Updates
Introduction to 
the FAPI Read & Write OAuth Profile - Jan 2018 UpdatesIntroduction to 
the FAPI Read & Write OAuth Profile - Jan 2018 Updates
Introduction to 
the FAPI Read & Write OAuth Profile - Jan 2018 UpdatesNat Sakimura
 
Introduction to the FAPI Read & Write OAuth Profile
Introduction to the FAPI Read & Write OAuth ProfileIntroduction to the FAPI Read & Write OAuth Profile
Introduction to the FAPI Read & Write OAuth ProfileNat Sakimura
 
金融 API 時代のセキュリティ: OpenID Financial API (FAPI) WG
金融 API 時代のセキュリティ: OpenID Financial API (FAPI) WG金融 API 時代のセキュリティ: OpenID Financial API (FAPI) WG
金融 API 時代のセキュリティ: OpenID Financial API (FAPI) WGNat Sakimura
 
ブロックチェーン〜信頼の源泉の民主化のもたらす変革
ブロックチェーン〜信頼の源泉の民主化のもたらす変革ブロックチェーン〜信頼の源泉の民主化のもたらす変革
ブロックチェーン〜信頼の源泉の民主化のもたらす変革Nat Sakimura
 
Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the applic...
Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the applic...Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the applic...
Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the applic...Nat Sakimura
 
OpenID Foundation FAPI WG: June 2017 Update
OpenID Foundation FAPI WG: June 2017 UpdateOpenID Foundation FAPI WG: June 2017 Update
OpenID Foundation FAPI WG: June 2017 UpdateNat Sakimura
 
API Days 2016 Day 1: OpenID Financial API WG
API Days 2016 Day 1: OpenID Financial API WGAPI Days 2016 Day 1: OpenID Financial API WG
API Days 2016 Day 1: OpenID Financial API WGNat Sakimura
 
Financial Grade OAuth & OpenID Connect
Financial Grade OAuth & OpenID ConnectFinancial Grade OAuth & OpenID Connect
Financial Grade OAuth & OpenID ConnectNat Sakimura
 
OpenID Foundation Foundation Financial API (FAPI) WG
OpenID Foundation Foundation Financial API (FAPI) WGOpenID Foundation Foundation Financial API (FAPI) WG
OpenID Foundation Foundation Financial API (FAPI) WGNat Sakimura
 
OpenID Foundation Foundation Financial API (FAPI) WG
OpenID Foundation Foundation Financial API (FAPI) WGOpenID Foundation Foundation Financial API (FAPI) WG
OpenID Foundation Foundation Financial API (FAPI) WGNat Sakimura
 
車輪は丸くなったか?~デジタル・アイデンティティの標準化動向とそのゴール
車輪は丸くなったか?~デジタル・アイデンティティの標準化動向とそのゴール車輪は丸くなったか?~デジタル・アイデンティティの標準化動向とそのゴール
車輪は丸くなったか?~デジタル・アイデンティティの標準化動向とそのゴールNat Sakimura
 
OAuth SPOP @ IETF 91
OAuth SPOP @ IETF 91OAuth SPOP @ IETF 91
OAuth SPOP @ IETF 91Nat Sakimura
 
Oidc how it solves your problems
Oidc how it solves your problemsOidc how it solves your problems
Oidc how it solves your problemsNat Sakimura
 
Transient client secret extension
Transient client secret extensionTransient client secret extension
Transient client secret extensionNat Sakimura
 
Introduction to OpenID Connect
Introduction to OpenID Connect Introduction to OpenID Connect
Introduction to OpenID Connect Nat Sakimura
 
Nc 30 sakimura-distribution_0604
Nc 30 sakimura-distribution_0604Nc 30 sakimura-distribution_0604
Nc 30 sakimura-distribution_0604Nat Sakimura
 
Smartphone Native Application OP
Smartphone Native Application OPSmartphone Native Application OP
Smartphone Native Application OPNat Sakimura
 

More from Nat Sakimura (20)

FAPI and beyond - よりよいセキュリティのために
FAPI and beyond - よりよいセキュリティのためにFAPI and beyond - よりよいセキュリティのために
FAPI and beyond - よりよいセキュリティのために
 
OpenID in the Digital ID Landscape: A Perspective From the Past to the Future
OpenID in the Digital ID Landscape: A Perspective From the Past to the FutureOpenID in the Digital ID Landscape: A Perspective From the Past to the Future
OpenID in the Digital ID Landscape: A Perspective From the Past to the Future
 
170724 JP/UK Open Banking Summit English Translation
170724 JP/UK Open Banking Summit English Translation170724 JP/UK Open Banking Summit English Translation
170724 JP/UK Open Banking Summit English Translation
 
Introduction to 
the FAPI Read & Write OAuth Profile - Jan 2018 Updates
Introduction to 
the FAPI Read & Write OAuth Profile - Jan 2018 UpdatesIntroduction to 
the FAPI Read & Write OAuth Profile - Jan 2018 Updates
Introduction to 
the FAPI Read & Write OAuth Profile - Jan 2018 Updates
 
Introduction to the FAPI Read & Write OAuth Profile
Introduction to the FAPI Read & Write OAuth ProfileIntroduction to the FAPI Read & Write OAuth Profile
Introduction to the FAPI Read & Write OAuth Profile
 
金融 API 時代のセキュリティ: OpenID Financial API (FAPI) WG
金融 API 時代のセキュリティ: OpenID Financial API (FAPI) WG金融 API 時代のセキュリティ: OpenID Financial API (FAPI) WG
金融 API 時代のセキュリティ: OpenID Financial API (FAPI) WG
 
ブロックチェーン〜信頼の源泉の民主化のもたらす変革
ブロックチェーン〜信頼の源泉の民主化のもたらす変革ブロックチェーン〜信頼の源泉の民主化のもたらす変革
ブロックチェーン〜信頼の源泉の民主化のもたらす変革
 
Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the applic...
Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the applic...Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the applic...
Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the applic...
 
OpenID Foundation FAPI WG: June 2017 Update
OpenID Foundation FAPI WG: June 2017 UpdateOpenID Foundation FAPI WG: June 2017 Update
OpenID Foundation FAPI WG: June 2017 Update
 
API Days 2016 Day 1: OpenID Financial API WG
API Days 2016 Day 1: OpenID Financial API WGAPI Days 2016 Day 1: OpenID Financial API WG
API Days 2016 Day 1: OpenID Financial API WG
 
Financial Grade OAuth & OpenID Connect
Financial Grade OAuth & OpenID ConnectFinancial Grade OAuth & OpenID Connect
Financial Grade OAuth & OpenID Connect
 
OpenID Foundation Foundation Financial API (FAPI) WG
OpenID Foundation Foundation Financial API (FAPI) WGOpenID Foundation Foundation Financial API (FAPI) WG
OpenID Foundation Foundation Financial API (FAPI) WG
 
OpenID Foundation Foundation Financial API (FAPI) WG
OpenID Foundation Foundation Financial API (FAPI) WGOpenID Foundation Foundation Financial API (FAPI) WG
OpenID Foundation Foundation Financial API (FAPI) WG
 
車輪は丸くなったか?~デジタル・アイデンティティの標準化動向とそのゴール
車輪は丸くなったか?~デジタル・アイデンティティの標準化動向とそのゴール車輪は丸くなったか?~デジタル・アイデンティティの標準化動向とそのゴール
車輪は丸くなったか?~デジタル・アイデンティティの標準化動向とそのゴール
 
OAuth SPOP @ IETF 91
OAuth SPOP @ IETF 91OAuth SPOP @ IETF 91
OAuth SPOP @ IETF 91
 
Oidc how it solves your problems
Oidc how it solves your problemsOidc how it solves your problems
Oidc how it solves your problems
 
Transient client secret extension
Transient client secret extensionTransient client secret extension
Transient client secret extension
 
Introduction to OpenID Connect
Introduction to OpenID Connect Introduction to OpenID Connect
Introduction to OpenID Connect
 
Nc 30 sakimura-distribution_0604
Nc 30 sakimura-distribution_0604Nc 30 sakimura-distribution_0604
Nc 30 sakimura-distribution_0604
 
Smartphone Native Application OP
Smartphone Native Application OPSmartphone Native Application OP
Smartphone Native Application OP
 

Recently uploaded

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 

Recently uploaded (20)

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 

Introduction to OpenID TX proposed extension

  • 1. An Introduction to OpenID TX ver. 1.4 Nat Sakimura (=nat)‏ Nov. 11, 2008
  • 2.
  • 3.
  • 4.
  • 5.
  • 6. OpenID Login + Payment (synchronous)‏ OP(Level 1)‏ User (Browser)‏ XRDS OP(Level 2 + Payment)‏ RP(Shopping)‏ Click “Login to check out” button Find the service for level 1 auth and Level 2+Payment auth Redirect to the Level 1 auth OP AuthN with Username and password etc. Positive Assertion Show Order Form Click on “Buy” button Positive Assertion +[TX] Contract Autn with 2 nd factor etc. “ Thanks!” screen Login to Checkout taro123 ***** Buy 暗証番号 Thanks! Approval Signing Legend OpenID Authentication User AuthN OpenID (TX)‏ Approval/Signing POST Binding Redirect to L2+Payment OP with [TX]POST Contract Proposal Proposal Signing
  • 7. OpenID Login + Payment (synchronous)‏ OP(Level 1)‏ User (Browser)‏ XRDS OP(Level 2 + Payment)‏ RP(Shopping)‏ Click “Login to check out” button Find the service for level 1 auth and Level 2+Payment auth Redirect to the Level 1 auth OP AuthN with Username and password etc. Positive Assertion Show Order Form Click on “Buy” button Positive Assertion + tx.c.tatus=Pending Autn with 2 nd factor etc. “ Thanks!” screen Login to Checkout taro123 ***** Buy 暗証番号 Thanks! Approval Signing Legend OpenID Authentication User AuthN OpenID (TX)‏ Approval/Signing POST Binding Redirect to L2+Payment OP with [TX]POST Contract Proposal Proposal Signing
  • 8. Notification OP(Level 1)‏ User (Browser)‏ XRDS OP(Level 2 + Payment)‏ RP(Shopping)‏ [TX] send Contract based Request [TX] Receive Data Legend OpenID Authentication User AuthN OpenID (TX)‏ Approval/Signing [TX] Notification (status)‏ Status: Contract Complete, Data Changed, Contract terminated, ID removed [TX] Notification OP to RP notification RP to OP notification
  • 9. Data Transfer (Optional)‏ OP(Level 1)‏ User (Browser)‏ XRDS OP(Level 2 + Payment)‏ RP(Shopping)‏ [TX] GET with Contract ID + Signature [TX] Receive Data Legend OpenID Authentication User AuthN OpenID (TX)‏ Approval/Signing N.B. Although TX defines a default Data Transfer protocol, it can be substituted by any other methods as long as it is specified in the Contract.
  • 10. OpenID Login + Payment (synchronous)‏ OP(Level 1)‏ User (Browser)‏ XRDS OP(Level 2 + Payment)‏ RP(Shopping)‏ Click “Login to check out” button Find the service for level 1 auth and Level 2+Payment auth Redirect to the Level 1 auth OP AuthN with Username and password etc. Positive Assertion Show Order Form Click on “Buy” button Redirect to L2+Payment OP with Transaction ID Positive Assertion +Contract ID Autn with 2 nd factor etc. “ Thanks!” screen Login to Checkout taro123 ***** Buy 暗証番号 Thanks! Approval Signing [TX]POST Contract Proposal [TX] Transaction ID [TX] send Contract ID [TX] Receive Contract Legend OpenID Authentication User AuthN OpenID (TX)‏ Approval/Signing Artifact Binding Proposal Signing
  • 11. OpenID Login + Payment (asynchronous)‏ OP(Level 1)‏ User (Browser)‏ XRDS OP(Level 2 + Payment)‏ RP(Shopping)‏ Click “Login to check out” button Find the service for level 1 auth and Level 2+Payment auth Redirect to the Level 1 auth OP AuthN with Username and password etc. Positive Assertion Show Order Form Click on “Buy” button Redirect to L2+Payment OP with Transaction ID Positive Assertion + tx.c.tatus=Pending Autn with 2 nd factor etc. “ Thanks!” screen Login to Checkout taro123 ***** Buy 暗証番号 Thanks! Approval Signing [TX]POST Contract Proposal [TX] Transaction ID [TX] send Contract ID [TX] Receive Contract Legend OpenID Authentication User AuthN OpenID (TX)‏ Approval/Signing [TX] Completion Notification Artifact Binding Proposal Signing
  • 12.
  • 13.