Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
The JSON-based Identity Protocol Suite    By Travis SpencerCopyright © 2013 Twobo Technologies AB.
Overview of the Protocol Suite JavaScript Object Notation (JSON) – Data  encoding format popularized by AJAX & REST All ...
Overview of JWT JWT – pronounced “jot” – are lightweight tokens  passed in HTTP headers & query strings Three basic sect...
Basic Layout & Wire Format                                           Header                                           Clai...
Claims Section Reserved (but optional) claim names       Expiration time (exp)             Issuer (iss)       Not befor...
Overview of JWE Used to encrypt JWTs Supports symmetric & asymmetric encryption Three basic sections – header, key, cip...
Basic Layout & Wire Format                                           Header                                             Ke...
Overview of JWK Array of public keys encoded as JSON objects Intended for inclusion in JWS for signature  verification ...
JWK Example{“keyvalues” :                                 {“algorithm” : “RSA”,    [                                      ...
Overview of JWS Header input is JWT header Payload input is JWT claims Output is appended to JWT inputs & (optionally) ...
Basic Layout & Wire Format                                           Header                                           Payl...
Questions & Thanks                                                     @2botech                                           ...
The JSON-based Identity Protocol Suite
Nächste SlideShare
Wird geladen in …5
×

The JSON-based Identity Protocol Suite

An overview of the JSON-based identity protocol suite, including JWT, JWE, JWK, etc.

Ähnliche Bücher

Kostenlos mit einer 30-tägigen Testversion von Scribd

Alle anzeigen

Ähnliche Hörbücher

Kostenlos mit einer 30-tägigen Testversion von Scribd

Alle anzeigen
  • Als Erste(r) kommentieren

The JSON-based Identity Protocol Suite

  1. 1. The JSON-based Identity Protocol Suite By Travis SpencerCopyright © 2013 Twobo Technologies AB.
  2. 2. Overview of the Protocol Suite JavaScript Object Notation (JSON) – Data encoding format popularized by AJAX & REST All being defined in IETF Used to encode OAuth 2.0 security model  Tokens (JWT) Encryption (JWE)  Keys (JWK) Signatures (JWS) OAuth 2.0 Bearer Token spec binds it to OAuth Basis of OAuth and OpenID ConnectCopyright © 2013 Twobo Technologies AB.
  3. 3. Overview of JWT JWT – pronounced “jot” – are lightweight tokens passed in HTTP headers & query strings Three basic sections – header, claims, signature Akin to SAML tokens  Less expressive  Less security options  Encoded w/ JSON not XML for compactnessCopyright © 2013 Twobo Technologies AB.
  4. 4. Basic Layout & Wire Format Header Claims Crypto JWT Tokenbase64url(Header) + “.” + base64url(Claims) + “.” + base64url(Crypto)Copyright © 2013 Twobo Technologies AB.
  5. 5. Claims Section Reserved (but optional) claim names  Expiration time (exp) Issuer (iss)  Not before (nbf) Type (typ)  Issued at (iat) Audience (aud) Public claim names  IANA JWT claims registry  Domain name, OID, or UUID Private claim names – Any unused name Value can be any JSON typeCopyright © 2013 Twobo Technologies AB.
  6. 6. Overview of JWE Used to encrypt JWTs Supports symmetric & asymmetric encryption Three basic sections – header, key, ciphertext Plaintext may be signed first Encryption algorithm  RSA1_5 A(128|256)KW  RSA-OAEP A(128|256)GCM  ECDH-ES Cyphertext is put in the crypto section of the JWTCopyright © 2013 Twobo Technologies AB.
  7. 7. Basic Layout & Wire Format Header Key Ciphertext JWE JWE = base64url(Header) + “.” +base64url(Key) + “.” + base64url(Ciphertext)Copyright © 2013 Twobo Technologies AB.
  8. 8. Overview of JWK Array of public keys encoded as JSON objects Intended for inclusion in JWS for signature verification Explicit support for Elliptic Curve and RSA keysCopyright © 2013 Twobo Technologies AB.
  9. 9. JWK Example{“keyvalues” : {“algorithm” : “RSA”, [ “modulus” : “…”, {“algorithm” : “EC”, “exponent” : “…”, “curve” : “P-256”, “keyid” : “…”} ] “x” : “…”, } “y” : “…”, “use” : “encryption”, “keyid” : “1”},Copyright © 2013 Twobo Technologies AB.
  10. 10. Overview of JWS Header input is JWT header Payload input is JWT claims Output is appended to JWT inputs & (optionally) points to the JWK that was used Supports symmetric & asymmetric signing algorithms  HMAC SHA RSA SHA  ECDSA w/ curve P & SHACopyright © 2013 Twobo Technologies AB.
  11. 11. Basic Layout & Wire Format Header Payload JWSJWS = base64url(sig(base64url(Header) + “.” + base64url(Payload))) Copyright © 2013 Twobo Technologies AB.
  12. 12. Questions & Thanks @2botech @travisspencer www.2botech.com www.travisspencer.comCopyright © 2013 Twobo Technologies AB.

×