SlideShare ist ein Scribd-Unternehmen logo

IIW 27 Wednesday Session 3

Als PPTX, PDF herunterladen
Bjorn Hjelm
Bjorn Hjelm

Discussion on best practices for managing OAuth 2.0 Access Tokens (or how to avoid being the next victim after Facebook).

Internet
1 von 3
Best Practices for Managing (OAuth 2.0) Access Tokens Or How to Avoid Being the Next Victim after Facebook Bjorn Hjelm
Background The Facebook data breach reported end of this September involved attackers obtaining access tokens for Facebook users. According to Facebook1, the vulnerability was the result of the interaction of the following three bugs: • First: For one type of composer (enabling people to wish their friends happy birthday) View As incorrectly provided the opportunity to post a video. • Second: The video uploader incorrectly generated an access token that had the permissions of the Facebook mobile app. • Third: When the video uploader appeared as part of View As, it generated the access token not for you as the viewer, but for the user that you were looking up. 1https://newsroom.fb.com/news/2018/09/security-update/#details
Discussion • What are the best practices for when designing and granting Access Tokens? • Guidance from “Access Token Privilege Restriction” in IETF draft “OAuth 2.0 Security Best Current Practice”2? • “The privileges associated with an access token SHOULD be restricted to the minimum required for the particular application or use case. This prevents clients from exceeding the privileges authorized by the resource owner. It also prevents users from exceeding their privileges authorized by the respective security policy.“ • Other or additional suggestions or proposals? 2 draft-ietf-oauth-security-topics, https://datatracker.ietf.org/doc/draft-ietf-oauth-security-topics/

Empfohlen

The Corporate Web Security Landscape
The Corporate Web Security LandscapeThe Corporate Web Security Landscape
The Corporate Web Security LandscapePeter Wood
 
SOCIAL NETWORK SECURITY
SOCIAL NETWORK SECURITYSOCIAL NETWORK SECURITY
SOCIAL NETWORK SECURITYMarketingatBahrain
 
Security threats in social networks
Security threats in social networksSecurity threats in social networks
Security threats in social networksTannistho Ghosh
 
Social Networking Security Issues
Social Networking Security IssuesSocial Networking Security Issues
Social Networking Security IssuesMangesh Gunjal
 
How Safe Is YOUR Social Network?
How Safe Is YOUR Social Network?How Safe Is YOUR Social Network?
How Safe Is YOUR Social Network?Blue Coat
 
Experience Sharing on School Pentest Project (Updated)
Experience Sharing on School Pentest Project (Updated)Experience Sharing on School Pentest Project (Updated)
Experience Sharing on School Pentest Project (Updated)eLearning Consortium 電子學習聯盟
 
Social media and Security risks
Social media and Security risksSocial media and Security risks
Social media and Security risksParakum Pathirana
 
Chapter 4
Chapter 4Chapter 4
Chapter 4NorazlinaAbdullah4
 

Empfohlen

The Corporate Web Security Landscape
The Corporate Web Security LandscapeThe Corporate Web Security Landscape
The Corporate Web Security LandscapePeter Wood
 
SOCIAL NETWORK SECURITY
SOCIAL NETWORK SECURITYSOCIAL NETWORK SECURITY
SOCIAL NETWORK SECURITYMarketingatBahrain
 
Security threats in social networks
Security threats in social networksSecurity threats in social networks
Security threats in social networksTannistho Ghosh
 
Social Networking Security Issues
Social Networking Security IssuesSocial Networking Security Issues
Social Networking Security IssuesMangesh Gunjal
 
How Safe Is YOUR Social Network?
How Safe Is YOUR Social Network?How Safe Is YOUR Social Network?
How Safe Is YOUR Social Network?Blue Coat
 
Experience Sharing on School Pentest Project (Updated)
Experience Sharing on School Pentest Project (Updated)Experience Sharing on School Pentest Project (Updated)
Experience Sharing on School Pentest Project (Updated)eLearning Consortium 電子學習聯盟
 
Social media and Security risks
Social media and Security risksSocial media and Security risks
Social media and Security risksParakum Pathirana
 
Chapter 4
Chapter 4Chapter 4
Chapter 4NorazlinaAbdullah4
 
Information Security Engineering
Information Security EngineeringInformation Security Engineering
Information Security EngineeringMd. Hasan Basri (Angel)
 
Cyber security awareness for end users
Cyber security awareness for end usersCyber security awareness for end users
Cyber security awareness for end usersNetWatcher
 
System failure
System failureSystem failure
System failurechrispaul8676
 
How to Like Social Media Network Security
How to Like Social Media Network SecurityHow to Like Social Media Network Security
How to Like Social Media Network SecurityBrian Honan
 
Mobile Security: The 5 Questions Modern Organizations Are Asking
Mobile Security: The 5 Questions Modern Organizations Are AskingMobile Security: The 5 Questions Modern Organizations Are Asking
Mobile Security: The 5 Questions Modern Organizations Are AskingLookout
 
Mobile security
Mobile securityMobile security
Mobile securityTapan Khilar
 
Computer Network Security
Computer Network SecurityComputer Network Security
Computer Network SecurityBryley Systems Inc.
 
Social media and security essentials.pptx
Social media and security essentials.pptxSocial media and security essentials.pptx
Social media and security essentials.pptxPink Elephant
 
Security Basics Webinar
Security Basics WebinarSecurity Basics Webinar
Security Basics WebinarTechSoup
 
Can You Steal From Me Now? Mobile and BYOD Security Risks
Can You Steal From Me Now? Mobile and BYOD Security RisksCan You Steal From Me Now? Mobile and BYOD Security Risks
Can You Steal From Me Now? Mobile and BYOD Security RisksMichael Davis
 
Bl cybersecurity z_dooly
Bl cybersecurity z_doolyBl cybersecurity z_dooly
Bl cybersecurity z_doolyzdooly
 
Social media security
Social media securitySocial media security
Social media securityn|u - The Open Security Community
 
Social media risk
Social media riskSocial media risk
Social media riskMosoco Ltd
 
Security threats
Security threatsSecurity threats
Security threatsQamar Farooq
 
It security training
It security trainingIt security training
It security traininggethumamaravi
 
Cyber security ppt
Cyber security pptCyber security ppt
Cyber security pptCH Asim Zubair
 
Finding things out on the Web
Finding things out on the WebFinding things out on the Web
Finding things out on the WebMiles Berry
 
Privacy issues in social networking
Privacy issues in social networkingPrivacy issues in social networking
Privacy issues in social networkingBryan Tran
 
Dos and Don'ts of Internet Security
Dos and Don'ts of Internet SecurityDos and Don'ts of Internet Security
Dos and Don'ts of Internet SecurityQuick Heal Technologies Ltd.
 
Where To Start When Your Environment is Fucked
Where To Start When Your Environment is FuckedWhere To Start When Your Environment is Fucked
Where To Start When Your Environment is FuckedAmanda Berlin
 
Security_PPT.pptx
Security_PPT.pptxSecurity_PPT.pptx
Security_PPT.pptxBHARATGupta323808
 
Infocom Security
Infocom SecurityInfocom Security
Infocom Securitymmavis
 

Weitere ähnliche Inhalte

Was ist angesagt?

Cyber security awareness for end users
Cyber security awareness for end usersCyber security awareness for end users
Cyber security awareness for end usersNetWatcher
 
How to Like Social Media Network Security
How to Like Social Media Network SecurityHow to Like Social Media Network Security
How to Like Social Media Network SecurityBrian Honan
 
Mobile Security: The 5 Questions Modern Organizations Are Asking
Mobile Security: The 5 Questions Modern Organizations Are AskingMobile Security: The 5 Questions Modern Organizations Are Asking
Mobile Security: The 5 Questions Modern Organizations Are AskingLookout
 
Social media and security essentials.pptx
Social media and security essentials.pptxSocial media and security essentials.pptx
Social media and security essentials.pptxPink Elephant
 
Security Basics Webinar
Security Basics WebinarSecurity Basics Webinar
Security Basics WebinarTechSoup
 
Can You Steal From Me Now? Mobile and BYOD Security Risks
Can You Steal From Me Now? Mobile and BYOD Security RisksCan You Steal From Me Now? Mobile and BYOD Security Risks
Can You Steal From Me Now? Mobile and BYOD Security RisksMichael Davis
 
Bl cybersecurity z_dooly
Bl cybersecurity z_doolyBl cybersecurity z_dooly
Bl cybersecurity z_doolyzdooly
 
Social media risk
Social media riskSocial media risk
Social media riskMosoco Ltd
 
It security training
It security trainingIt security training
It security traininggethumamaravi
 
Finding things out on the Web
Finding things out on the WebFinding things out on the Web
Finding things out on the WebMiles Berry
 
Privacy issues in social networking
Privacy issues in social networkingPrivacy issues in social networking
Privacy issues in social networkingBryan Tran
 
Where To Start When Your Environment is Fucked
Where To Start When Your Environment is FuckedWhere To Start When Your Environment is Fucked
Where To Start When Your Environment is FuckedAmanda Berlin
 

Was ist angesagt? (20)

Information Security Engineering
Information Security EngineeringInformation Security Engineering
Information Security Engineering
 
Cyber security awareness for end users
Cyber security awareness for end usersCyber security awareness for end users
Cyber security awareness for end users
 
System failure
System failureSystem failure
System failure
 
How to Like Social Media Network Security
How to Like Social Media Network SecurityHow to Like Social Media Network Security
How to Like Social Media Network Security
 
Mobile Security: The 5 Questions Modern Organizations Are Asking
Mobile Security: The 5 Questions Modern Organizations Are AskingMobile Security: The 5 Questions Modern Organizations Are Asking
Mobile Security: The 5 Questions Modern Organizations Are Asking
 
Mobile security
Mobile securityMobile security
Mobile security
 
Computer Network Security
Computer Network SecurityComputer Network Security
Computer Network Security
 
Social media and security essentials.pptx
Social media and security essentials.pptxSocial media and security essentials.pptx
Social media and security essentials.pptx
 
Security Basics Webinar
Security Basics WebinarSecurity Basics Webinar
Security Basics Webinar
 
Can You Steal From Me Now? Mobile and BYOD Security Risks
Can You Steal From Me Now? Mobile and BYOD Security RisksCan You Steal From Me Now? Mobile and BYOD Security Risks
Can You Steal From Me Now? Mobile and BYOD Security Risks
 
Bl cybersecurity z_dooly
Bl cybersecurity z_doolyBl cybersecurity z_dooly
Bl cybersecurity z_dooly
 
Social media security
Social media securitySocial media security
Social media security
 
Social media risk
Social media riskSocial media risk
Social media risk
 
Security threats
Security threatsSecurity threats
Security threats
 
It security training
It security trainingIt security training
It security training
 
Cyber security ppt
Cyber security pptCyber security ppt
Cyber security ppt
 
Finding things out on the Web
Finding things out on the WebFinding things out on the Web
Finding things out on the Web
 
Privacy issues in social networking
Privacy issues in social networkingPrivacy issues in social networking
Privacy issues in social networking
 
Dos and Don'ts of Internet Security
Dos and Don'ts of Internet SecurityDos and Don'ts of Internet Security
Dos and Don'ts of Internet Security
 
Where To Start When Your Environment is Fucked
Where To Start When Your Environment is FuckedWhere To Start When Your Environment is Fucked
Where To Start When Your Environment is Fucked
 

Ähnlich wie IIW 27 Wednesday Session 3

Infocom Security
Infocom SecurityInfocom Security
Infocom Securitymmavis
 
Zoom: Privacy and Security - A case study
Zoom: Privacy and Security - A case studyZoom: Privacy and Security - A case study
Zoom: Privacy and Security - A case studyAdri Jovin
 
web 3 poerpoint presentation in simple words and the evolution of web
web 3 poerpoint presentation in simple words and the evolution of webweb 3 poerpoint presentation in simple words and the evolution of web
web 3 poerpoint presentation in simple words and the evolution of webachuarjunnattakom
 
Tik tok owner to use blockchain technology
Tik tok owner to use blockchain technologyTik tok owner to use blockchain technology
Tik tok owner to use blockchain technologyBlockchain Council
 
A4.1Proceedings of Student-Faculty Research Day, CSIS, Pa.docx
A4.1Proceedings of Student-Faculty Research Day, CSIS, Pa.docx A4.1Proceedings of Student-Faculty Research Day, CSIS, Pa.docx
A4.1Proceedings of Student-Faculty Research Day, CSIS, Pa.docxjoyjonna282
 
2010 Exemptions for the DMCA: What's New
2010 Exemptions for the DMCA: What's New2010 Exemptions for the DMCA: What's New
2010 Exemptions for the DMCA: What's Newzsrlibrary
 
How the Tubes are Strangling Their Owners: Consumer Rights Bill 2014
How the Tubes are Strangling Their Owners: Consumer Rights Bill 2014How the Tubes are Strangling Their Owners: Consumer Rights Bill 2014
How the Tubes are Strangling Their Owners: Consumer Rights Bill 2014Chris Marsden
 
Privacy on the internet presentation_kf_final
Privacy on the internet presentation_kf_finalPrivacy on the internet presentation_kf_final
Privacy on the internet presentation_kf_finalKaren Fraser
 
Security presentation
Security presentationSecurity presentation
Security presentationSmart Mirror
 
Certes webinar securing the frictionless enterprise
Certes webinar securing the frictionless enterpriseCertes webinar securing the frictionless enterprise
Certes webinar securing the frictionless enterpriseJason Bloomberg
 
Why Building Your Ship (Application) with Raw Materials is a Bad Idea!.pptx
Why Building Your Ship (Application) with Raw Materials is a Bad Idea!.pptxWhy Building Your Ship (Application) with Raw Materials is a Bad Idea!.pptx
Why Building Your Ship (Application) with Raw Materials is a Bad Idea!.pptxJamie Coleman
 
Insecure trends in web technologies 2009
Insecure trends in web technologies 2009Insecure trends in web technologies 2009
Insecure trends in web technologies 2009Chandrakanth Narreddy
 
Facebook Fights Fake News Shop Talk
Facebook Fights Fake News Shop TalkFacebook Fights Fake News Shop Talk
Facebook Fights Fake News Shop TalkSMED Tests
 
Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...
Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...
Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...Black Duck by Synopsys
 

Ähnlich wie IIW 27 Wednesday Session 3 (20)

Security_PPT.pptx
Security_PPT.pptxSecurity_PPT.pptx
Security_PPT.pptx
 
Infocom Security
Infocom SecurityInfocom Security
Infocom Security
 
Malware goes to the movies
Malware goes to the moviesMalware goes to the movies
Malware goes to the movies
 
Zoom: Privacy and Security - A case study
Zoom: Privacy and Security - A case studyZoom: Privacy and Security - A case study
Zoom: Privacy and Security - A case study
 
web 3 poerpoint presentation in simple words and the evolution of web
web 3 poerpoint presentation in simple words and the evolution of webweb 3 poerpoint presentation in simple words and the evolution of web
web 3 poerpoint presentation in simple words and the evolution of web
 
Tik tok owner to use blockchain technology
Tik tok owner to use blockchain technologyTik tok owner to use blockchain technology
Tik tok owner to use blockchain technology
 
A4.1Proceedings of Student-Faculty Research Day, CSIS, Pa.docx
A4.1Proceedings of Student-Faculty Research Day, CSIS, Pa.docx A4.1Proceedings of Student-Faculty Research Day, CSIS, Pa.docx
A4.1Proceedings of Student-Faculty Research Day, CSIS, Pa.docx
 
2010 Exemptions for the DMCA: What's New
2010 Exemptions for the DMCA: What's New2010 Exemptions for the DMCA: What's New
2010 Exemptions for the DMCA: What's New
 
Facebook
FacebookFacebook
Facebook
 
How the Tubes are Strangling Their Owners: Consumer Rights Bill 2014
How the Tubes are Strangling Their Owners: Consumer Rights Bill 2014How the Tubes are Strangling Their Owners: Consumer Rights Bill 2014
How the Tubes are Strangling Their Owners: Consumer Rights Bill 2014
 
Privacy on the internet presentation_kf_final
Privacy on the internet presentation_kf_finalPrivacy on the internet presentation_kf_final
Privacy on the internet presentation_kf_final
 
Social Media Application Development
Social Media Application DevelopmentSocial Media Application Development
Social Media Application Development
 
Security presentation
Security presentationSecurity presentation
Security presentation
 
Certes webinar securing the frictionless enterprise
Certes webinar securing the frictionless enterpriseCertes webinar securing the frictionless enterprise
Certes webinar securing the frictionless enterprise
 
Why Building Your Ship (Application) with Raw Materials is a Bad Idea!.pptx
Why Building Your Ship (Application) with Raw Materials is a Bad Idea!.pptxWhy Building Your Ship (Application) with Raw Materials is a Bad Idea!.pptx
Why Building Your Ship (Application) with Raw Materials is a Bad Idea!.pptx
 
Insecure trends in web technologies 2009
Insecure trends in web technologies 2009Insecure trends in web technologies 2009
Insecure trends in web technologies 2009
 
VOCI Final Presentation
VOCI Final PresentationVOCI Final Presentation
VOCI Final Presentation
 
Written-Articles
Written-ArticlesWritten-Articles
Written-Articles
 
Facebook Fights Fake News Shop Talk
Facebook Fights Fake News Shop TalkFacebook Fights Fake News Shop Talk
Facebook Fights Fake News Shop Talk
 
Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...
Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...
Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...
 

Mehr von Bjorn Hjelm

MODRNA WG Update - Oct 2023
MODRNA WG Update - Oct 2023MODRNA WG Update - Oct 2023
MODRNA WG Update - Oct 2023Bjorn Hjelm
 
MODRNA WG Update - Apr 2023
MODRNA WG Update - Apr 2023MODRNA WG Update - Apr 2023
MODRNA WG Update - Apr 2023Bjorn Hjelm
 
MODRNA WG Update - Nov 2022
MODRNA WG Update - Nov 2022MODRNA WG Update - Nov 2022
MODRNA WG Update - Nov 2022Bjorn Hjelm
 
MODRNA WG update - OpenID Foundation Workshop at EIC 2022
MODRNA WG update - OpenID Foundation Workshop at EIC 2022MODRNA WG update - OpenID Foundation Workshop at EIC 2022
MODRNA WG update - OpenID Foundation Workshop at EIC 2022Bjorn Hjelm
 
MODRNA WG Update - Apr. 2022
MODRNA WG Update - Apr. 2022MODRNA WG Update - Apr. 2022
MODRNA WG Update - Apr. 2022Bjorn Hjelm
 
MODRNA WG update - OpenID Foundation Workshop at EIC 2021
MODRNA WG update - OpenID Foundation Workshop at EIC 2021 MODRNA WG update - OpenID Foundation Workshop at EIC 2021
MODRNA WG update - OpenID Foundation Workshop at EIC 2021 Bjorn Hjelm
 
MODRNA WG Update - Dec 2021
MODRNA WG Update - Dec 2021MODRNA WG Update - Dec 2021
MODRNA WG Update - Dec 2021Bjorn Hjelm
 
MODRNA WG Update - April 2021
MODRNA WG Update - April 2021MODRNA WG Update - April 2021
MODRNA WG Update - April 2021Bjorn Hjelm
 
MODRNA WG Overview - October 2020
MODRNA WG Overview - October 2020MODRNA WG Overview - October 2020
MODRNA WG Overview - October 2020Bjorn Hjelm
 
OpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG UpdateOpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG UpdateBjorn Hjelm
 
OpenID Foundation MODRNA WG Overview
OpenID Foundation MODRNA WG OverviewOpenID Foundation MODRNA WG Overview
OpenID Foundation MODRNA WG OverviewBjorn Hjelm
 
Development of 5G IAM Architecture
Development of 5G IAM ArchitectureDevelopment of 5G IAM Architecture
Development of 5G IAM ArchitectureBjorn Hjelm
 
OpenID Foundation MODRNA WG overview at EIC 2019
OpenID Foundation MODRNA WG overview at EIC 2019OpenID Foundation MODRNA WG overview at EIC 2019
OpenID Foundation MODRNA WG overview at EIC 2019Bjorn Hjelm
 
Development of 5G IAM Architecture
Development of 5G IAM ArchitectureDevelopment of 5G IAM Architecture
Development of 5G IAM ArchitectureBjorn Hjelm
 
OpenID Foundation MODRNA WG Overview (Apr. 2019)
OpenID Foundation MODRNA WG Overview (Apr. 2019)OpenID Foundation MODRNA WG Overview (Apr. 2019)
OpenID Foundation MODRNA WG Overview (Apr. 2019)Bjorn Hjelm
 
An Overview of the interface of MODRNA and GSMA Mobile Connect
An Overview of the interface of MODRNA and GSMA Mobile ConnectAn Overview of the interface of MODRNA and GSMA Mobile Connect
An Overview of the interface of MODRNA and GSMA Mobile ConnectBjorn Hjelm
 
Overview of the OpenID Foundation's Mobile Profile of OpenID Connect MODRNA WG
Overview of the OpenID Foundation's Mobile Profile of OpenID Connect MODRNA WGOverview of the OpenID Foundation's Mobile Profile of OpenID Connect MODRNA WG
Overview of the OpenID Foundation's Mobile Profile of OpenID Connect MODRNA WGBjorn Hjelm
 
OpenID Connect: The Mobile Profile
OpenID Connect: The Mobile ProfileOpenID Connect: The Mobile Profile
OpenID Connect: The Mobile ProfileBjorn Hjelm
 
Mobile Network Operators and Identity – Crossing the Chasm
Mobile Network Operators and Identity – Crossing the ChasmMobile Network Operators and Identity – Crossing the Chasm
Mobile Network Operators and Identity – Crossing the ChasmBjorn Hjelm
 
NSTIC Panel on Mobile-based Identity and Access Management
NSTIC Panel on Mobile-based Identity and Access ManagementNSTIC Panel on Mobile-based Identity and Access Management
NSTIC Panel on Mobile-based Identity and Access ManagementBjorn Hjelm
 

Mehr von Bjorn Hjelm (20)

MODRNA WG Update - Oct 2023
MODRNA WG Update - Oct 2023MODRNA WG Update - Oct 2023
MODRNA WG Update - Oct 2023
 
MODRNA WG Update - Apr 2023
MODRNA WG Update - Apr 2023MODRNA WG Update - Apr 2023
MODRNA WG Update - Apr 2023
 
MODRNA WG Update - Nov 2022
MODRNA WG Update - Nov 2022MODRNA WG Update - Nov 2022
MODRNA WG Update - Nov 2022
 
MODRNA WG update - OpenID Foundation Workshop at EIC 2022
MODRNA WG update - OpenID Foundation Workshop at EIC 2022MODRNA WG update - OpenID Foundation Workshop at EIC 2022
MODRNA WG update - OpenID Foundation Workshop at EIC 2022
 
MODRNA WG Update - Apr. 2022
MODRNA WG Update - Apr. 2022MODRNA WG Update - Apr. 2022
MODRNA WG Update - Apr. 2022
 
MODRNA WG update - OpenID Foundation Workshop at EIC 2021
MODRNA WG update - OpenID Foundation Workshop at EIC 2021 MODRNA WG update - OpenID Foundation Workshop at EIC 2021
MODRNA WG update - OpenID Foundation Workshop at EIC 2021
 
MODRNA WG Update - Dec 2021
MODRNA WG Update - Dec 2021MODRNA WG Update - Dec 2021
MODRNA WG Update - Dec 2021
 
MODRNA WG Update - April 2021
MODRNA WG Update - April 2021MODRNA WG Update - April 2021
MODRNA WG Update - April 2021
 
MODRNA WG Overview - October 2020
MODRNA WG Overview - October 2020MODRNA WG Overview - October 2020
MODRNA WG Overview - October 2020
 
OpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG UpdateOpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG Update
 
OpenID Foundation MODRNA WG Overview
OpenID Foundation MODRNA WG OverviewOpenID Foundation MODRNA WG Overview
OpenID Foundation MODRNA WG Overview
 
Development of 5G IAM Architecture
Development of 5G IAM ArchitectureDevelopment of 5G IAM Architecture
Development of 5G IAM Architecture
 
OpenID Foundation MODRNA WG overview at EIC 2019
OpenID Foundation MODRNA WG overview at EIC 2019OpenID Foundation MODRNA WG overview at EIC 2019
OpenID Foundation MODRNA WG overview at EIC 2019
 
Development of 5G IAM Architecture
Development of 5G IAM ArchitectureDevelopment of 5G IAM Architecture
Development of 5G IAM Architecture
 
OpenID Foundation MODRNA WG Overview (Apr. 2019)
OpenID Foundation MODRNA WG Overview (Apr. 2019)OpenID Foundation MODRNA WG Overview (Apr. 2019)
OpenID Foundation MODRNA WG Overview (Apr. 2019)
 
An Overview of the interface of MODRNA and GSMA Mobile Connect
An Overview of the interface of MODRNA and GSMA Mobile ConnectAn Overview of the interface of MODRNA and GSMA Mobile Connect
An Overview of the interface of MODRNA and GSMA Mobile Connect
 
Overview of the OpenID Foundation's Mobile Profile of OpenID Connect MODRNA WG
Overview of the OpenID Foundation's Mobile Profile of OpenID Connect MODRNA WGOverview of the OpenID Foundation's Mobile Profile of OpenID Connect MODRNA WG
Overview of the OpenID Foundation's Mobile Profile of OpenID Connect MODRNA WG
 
OpenID Connect: The Mobile Profile
OpenID Connect: The Mobile ProfileOpenID Connect: The Mobile Profile
OpenID Connect: The Mobile Profile
 
Mobile Network Operators and Identity – Crossing the Chasm
Mobile Network Operators and Identity – Crossing the ChasmMobile Network Operators and Identity – Crossing the Chasm
Mobile Network Operators and Identity – Crossing the Chasm
 
NSTIC Panel on Mobile-based Identity and Access Management
NSTIC Panel on Mobile-based Identity and Access ManagementNSTIC Panel on Mobile-based Identity and Access Management
NSTIC Panel on Mobile-based Identity and Access Management
 

Kürzlich hochgeladen

WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)Delhi Call girls
 
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...SUHANI PANDEY
 
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Bookingdharasingh5698
 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...tanu pandey
 
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...nilamkumrai
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...Escorts Call Girls
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Call Girls in Nagpur High Profile
 
Enjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort ServiceDelhi Call girls
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...Neha Pandey
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Servicegwenoracqe6
 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...tanu pandey
 
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort ServiceBusty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort ServiceDelhi Call girls
 
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...SUHANI PANDEY
 
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Bookingdharasingh5698
 
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...SUHANI PANDEY
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableSeo
 

Kürzlich hochgeladen (20)

WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
 
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
 
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
 
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
 
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
 
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in DubaiRussian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
 
Enjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort Service
 
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
 
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort ServiceBusty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
 
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
 
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
 
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
 
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 

IIW 27 Wednesday Session 3

  • 1. Best Practices for Managing (OAuth 2.0) Access Tokens Or How to Avoid Being the Next Victim after Facebook Bjorn Hjelm
  • 2. Background The Facebook data breach reported end of this September involved attackers obtaining access tokens for Facebook users. According to Facebook1, the vulnerability was the result of the interaction of the following three bugs: • First: For one type of composer (enabling people to wish their friends happy birthday) View As incorrectly provided the opportunity to post a video. • Second: The video uploader incorrectly generated an access token that had the permissions of the Facebook mobile app. • Third: When the video uploader appeared as part of View As, it generated the access token not for you as the viewer, but for the user that you were looking up. 1https://newsroom.fb.com/news/2018/09/security-update/#details
  • 3. Discussion • What are the best practices for when designing and granting Access Tokens? • Guidance from “Access Token Privilege Restriction” in IETF draft “OAuth 2.0 Security Best Current Practice”2? • “The privileges associated with an access token SHOULD be restricted to the minimum required for the particular application or use case. This prevents clients from exceeding the privileges authorized by the resource owner. It also prevents users from exceeding their privileges authorized by the respective security policy.“ • Other or additional suggestions or proposals? 2 draft-ietf-oauth-security-topics, https://datatracker.ietf.org/doc/draft-ietf-oauth-security-topics/