Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Was ist angesagt? (20)
Andere mochten auch
Andere mochten auch (20)
Ähnlich wie OpenID Connect 101 @ OpenID TechNight vol.11
Ähnlich wie OpenID Connect 101 @ OpenID TechNight vol.11 (20)
Mehr von Nov Matake
Mehr von Nov Matake (20)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
OpenID Connect 101 @ OpenID TechNight vol.11
- 1. ♥ OpenID Connect 101 Copyright 2013 OpenID Foundation Japan - All Rights Reserved.
- 2. Nov Matake OpenID Foundation Japan Evangelist 初号機 翻訳WG Leader OAuth.jp Idcon Rubyist fb_graph, rack-oauth2, openid_connect etc. Copyright 2013 OpenID Foundation Japan - All Rights Reserved.
- 5. パスワード漏洩例 Copyright 2013 OpenID Foundation Japan - All Rights Reserved.
- 6. パスワードリストアタック被害例 …next ? Copyright 2013 OpenID Foundation Japan - All Rights Reserved.
- 8. 2段階認証 有効化する人1%以下 + 75%は2週間でやめる Copyright 2013 OpenID Foundation Japan - All Rights Reserved.
- 9. リスクベース認証
- 11. Copyright 2013 OpenID Foundation Japan - All Rights Reserved.
- 12. セキュリティ専任スタッフが 100人未満しかいないサービス にパスワードを預けるのは、 自殺行為である。 Eric Sachs, Google Copyright 2013 OpenID Foundation Japan - All Rights Reserved.
- 13. パスワード、ちゃんとハッシュ化してる? まさかパスワード数字だけなんてことは… 定期的にメールアドレス生存確認してる? あやしいユーザー行動、常に監視してる? 2段階認証提供すれば、後はユーザー責任? Copyright 2013 OpenID Foundation Japan - All Rights Reserved.
- 14. 御社はどうですか? Copyright 2013 OpenID Foundation Japan - All Rights Reserved.
- 15. Copyright 2013 OpenID Foundation Japan - All Rights Reserved.
- 16. 「○○ ID でログイン」 Copyright 2013 OpenID Foundation Japan - All Rights Reserved. http://klout.com
- 17. v.s Copyright 2013 OpenID Foundation Japan - All Rights Reserved.
- 18. Copyright 2013 OpenID Foundation Japan - All Rights Reserved.
- 19. Copyright 2013 OpenID Foundation Japan - All Rights Reserved. https://developers.facebook.com/products/login/
- 20. Copyright 2013 OpenID Foundation Japan - All Rights Reserved.
- 21. ♥ OpenID Connect OAuth 2.0 + Identity Layer Copyright 2013 OpenID Foundation Japan - All Rights Reserved.
- 22. Copyright 2013 OpenID Foundation Japan - All Rights Reserved.
- 24. 2011~ Copyright 2013 OpenID Foundation Japan - All Rights Reserved.
- 26. ID Provider 向け
- 27. Basic Client Implementation Guide + Implicit Client Implementation Guide Copyright 2013 OpenID Foundation Japan - All Rights Reserved.
- 28. Basic Client Implementer's Guide 1.0 は, OAuth 2.0 Code Flow を利用して Web ベース の Relying Party を実装する為の実装ガイド Implicit Client Implementer's Guide 1.0 は, OAuth 2.0 Implicit Flowを利用してWebベー スの Relying Party を実装する為の実装ガイド 翻訳済 → http://j.mp/openid-trans Copyright 2013 OpenID Foundation Japan - All Rights Reserved.
- 29. Basic Client Copyright 2013 OpenID Foundation Japan - All Rights Reserved.
- 30. Implicit Client Copyright 2013 OpenID Foundation Japan - All Rights Reserved.
- 31. Code Flow - OpenID Connect End User Relying Party OpenID Provider Initiate Request Authorization Authenticate & Authorize Authorization Code Authorization Code Access Token + ID Token Copyright 2013 OpenID Foundation Japan - All Rights Reserved.
- 32. Code Flow - OpenID Connect End User Relying Party OpenID Provider Initiate Request Authorization Authenticate & Authorize Authorization Code Authorization Code Access Token + ID Token Copyright 2013 OpenID Foundation Japan - All Rights Reserved.
- 33. Code Flow - OpenID Connect End User Relying Party OpenID Provider Initiate Request Authorization Authenticate & Authorize client_id=...& response_type=code& Authorization Code redirect_uri=https://...& scope=openid+email Authorization Code Access Token + ID Token Copyright 2013 OpenID Foundation Japan - All Rights Reserved.
- 34. Code Flow - OpenID Connect End User Relying Party OpenID Provider Initiate Request Authorization Authenticate & Authorize Authorization Code Authorization Code Access Token + ID Token Copyright 2013 OpenID Foundation Japan - All Rights Reserved.
- 35. Code Flow - OpenID Connect End User Relying Party OpenID Provider Initiate Request Authorization Authenticate & Authorize Authorization Code Authorization Code Access Token + ID Token Copyright 2013 OpenID Foundation Japan - All Rights Reserved.
- 36. Code Flow - OpenID Connect End User Relying Party OpenID Provider Initiate Request Authorization code=...& client_id=...& Authenticate & Authorize client_secret=...& grant_type=authorization_code& Authorization Code redirect_uri=https://... Authorization Code Access Token + ID Token Copyright 2013 OpenID Foundation Japan - All Rights Reserved.
- 37. OpenID Connect = OAuth 2.0 + Identity Layer Copyright 2013 OpenID Foundation Japan - All Rights Reserved.
- 38. OpenID Connect Scopes openid → OpenID Connect Request を明示 profile → 氏名, ニックネーム, プロフィール画像 etc. email → メールアドレス, 検証済 Flag address → 住所 phone → 電話番号, 検証済 Flag offline_access → Refresh Token 取得用 Copyright 2013 OpenID Foundation Japan - All Rights Reserved.
- 39. ID Token
- 40. ID Token - 署名アルゴリズム 公開 暗号 (RSA-SHA256 etc) OpenID Provider の公開 Native App に秘密 共通 公開 で署名検証 埋め込まなくても OK 暗号 (HMAC-SHA256 etc) 暗号が苦手なエンジニア多い? でも Native App だと秘密 Copyright 2013 OpenID Foundation Japan - All Rights Reserved. 漏れちゃう…
- 41. ID Token - 認証イベントMetadata 誰が (issuer = OpenID Provider) 誰を (subject = End-User) 誰のために (audience = Relying Party) いつ (Issued At) 認証したのか Copyright 2013 OpenID Foundation Japan - All Rights Reserved.
- 43. 検証方法は翻訳ドキュメントを
- 44. UserInfo API Standardized JSON Format Copyright 2013 OpenID Foundation Japan - All Rights Reserved.
- 46. OpenID Connect Discovery Copyright 2013 OpenID Foundation Japan - All Rights Reserved.
- 47. Developerサイト読まなくても 必要なエンドポイント情報等 すべて分かる Copyright 2013 OpenID Foundation Japan - All Rights Reserved.
- 48. GET /.well-known/webfinger Copyright 2013 OpenID Foundation Japan - All Rights Reserved.
- 49. GET /.well-known/openid-configuration Copyright 2013 OpenID Foundation Japan - All Rights Reserved.
- 50. OpenID Connect Dynamic Client Registration Copyright 2013 OpenID Foundation Japan - All Rights Reserved.
- 51. Developerサイトのフォームから アプリ (=Client) 登録しなくても 動的にClient登録できる Copyright 2013 OpenID Foundation Japan - All Rights Reserved.
- 52. Copyright 2013 OpenID Foundation Japan - All Rights Reserved.
- 53. Static Client Registration Copyright 2013 OpenID Foundation Japan - All Rights Reserved.
- 54. Dynamic Client Registration Copyright 2013 OpenID Foundation Japan - All Rights Reserved.
- 55. twitter.com/nov slideshare.net/matake github.com/nov openid-foundation-japan.github.io Copyright 2013 OpenID Foundation Japan - All Rights Reserved.