SlideShare ist ein Scribd-Unternehmen logo

Introduction to the FAPI Read & Write OAuth Profile

Als PPTX, PDF herunterladen
Nat Sakimura
Nat Sakimura

It the presentation used in APIDays Berlin (2017-11-08) to explain the Financial API Read & Write Security profile's rationale and how it fulfilled the requirements.

Technologie
1 von 40
Nomura Research Institute Nat Sakimura(@_nat_en) Introduction to the FAPI Read & Write OAuth Profile • OpenID® is a registered trademark of the OpenID Foundation. • *Unless otherwise noted, all the photos and vector images are licensed by GraphicStocks. 2017-11-08 Foundation Research FellowChairman of the board
© 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 2 Using iTunes? Using Android? Using Google? Using MS Office 365? … 2
© 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 3 Over 3 Billion served. 3
© 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 4 International standards 4 OpenID Connect JSON Web Token (JWT) JSON Web Signature (JWS) OAuth PKCE(RFC7636) OAuth JAR (RFC TBD) ISO/IEC 29184 ISO/IEC 29100 AMD1 JIS X 9250 Etc.
© 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 5 An international standardization expert and a protocol designer on identity, access management, and privacy 5
Copyright(C) Nomura Research Institute, Ltd. All rights reserved. 6 Nat Sakimura (Co-)Author of: OpenID Connect Core 1.0 JSON Web Token [RFC7519] JSON Web Signature [7515] OAuth PKCE [RFC7636] OAuth JAR [IETF Last Call] Etc. (Co-)Editor of: ISO/IEC 29184 Guidelines for online notice and consent ISO/IEC 29100 AMD: Privacy Framework – Amendment 1 ISO/IEC 27551 Requirements for attribute based unlinkable entity authentication Etc. • Chairman, OpenID Foundation • Chair, Financial API WG • Head of delegate from Japanese National Body to ISO/IEC JTC 1/SC 27/WG5 • WG5〜OECD/SPDE Liaison • Research Fellow @ Nomura Research Institute (NRI) • https://www.sakimura.org • https://nat.sakimura.org • @_nat_en (English) • @_nat (Japanese) • https://www.linkedin.com/in/ natsakimura • https://ja.wikipedia.org/wiki/ 崎村夏彦 6
© 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 7 FAPI Updates
Copyright(C) Nomura Research Institute, Ltd. All rights reserved. A year ago in APIDays Paris Introduced FAPI WG
© 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 9 OAuth is a framework – needs to be profiled  This framework was designed with the clear expectation that future  work will define prescriptive profiles and extensions necessary to  achieve full web-scale interoperability.
© 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 10 Which OAuth?
© 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 1111
© 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 12 That creates specification to take care of medium to high risk API access security. 12 Valueoftheresource Environment control levelHigh Low High Low Social sharing Closed circuit Factory application Financial API – Read & Write e.g., Basic choices ok. Bearer token Not OK Basic choices NOT OK No need to satisfy all the security requirments by OAuth Financial API – Read only
© 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 13 That can serve all financial transactions including PSD2, but not limited to.
© 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 14 FAPI Security Profile is a general purpose higher security API protection mechanism based on OAuth framework. 14
© 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 15 It has been adopted by Open Banking UK 15
© 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 16 9 Major banks in UK goes live on January, 2018 (Source) Chris Mitchel, “Banking is now more open”, Identify 2017
© 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 17 It is also recommended by the Japanese Banker’s association 17 (source) https://www.zenginkyo.or.jp/fileadmin/res/news/news290713_1.pdf
© 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 18 US FS-ISAC aligning their security requirements 18
© 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 19 … and major IAM vendors are implementing it 19
Copyright(C) Nomura Research Institute, Ltd. All rights reserved. 20 II. What is OpenID Foundation A WG can be spun up by more than three members proposing and by the approval by the Specs Council and the Board review (2 weeks). Specs Council is composed by the current editors of the specs and checks the overlaps with other WGs or SDOs. The board checks that it will not cause IPR threats to the foundation. It has been developed within OpenID Foundation 20
© 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 21 II. What is OpenID Foundation At FAPI WG since there are right people, IPR, and structure • All the authors of OAuth, JWT, JWS, OpenID Connect are here. Right People • Loyalty free, mutual non-assert IPR: •  Anyone can freely implement. Right IPR • No fee for joining a WG (Sponsors welcome) • WTO TBT Treaty compliant process. Right Structure 21
© 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 22 II. What is OpenID Foundation Working Together 22 OpenID FAPI (Chair) (Co-Chair)(Co-Chair) (UK OBIE Liaison) Liaison Organizations TC 68 JTC 1/SC 27/WG 5 Nat Sakimura Tony NadalinAnoop Saxena fido 2.0 WG Chair W3C Web Authn WG Chair
© 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 23 II. What is OpenID Foundation The work progresses with a weekly tele-conferences, mailing list discussions and project repository (https://bitbucket.org/openid/fapi/ ) 23 Issue Tracker Meeting notes Commit History Pull Requests Draft Text
© 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 24 We have issued two implementer’s drafts Valueoftheresource Environment control levelHigh Low High Low Social sharing Closed circuit Factory application Financial API – Read & Write e.g., Basic choices ok. Financial API – Read only
© 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 25 Which are redirect approach Part 1: Read Only Security Profile Part 2: Read and Write Security Profile 25 Redirect Approach Decoupled Approach Embedded Approach
© 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 26 While RFC6749 is not complete with source, destination, and message authentication, UA Clien t AS TLS Protected TLS ProtectedTLS Protected TLS Terminated Sender AuthN Receiver AuthN Message AuthN AuthZ Req Indirect None None AuthZ Res None None None Token Req Weak Good Good Token Res Good Good Good
© 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 27  By using OpenID Connect’s Hybrid Flow and Request Object, you are pretty well covered. FAPI Part 2 is complete with source, destination, and message authentication. 27 Sender AuthN Receiver AuthN Message AuthN AuthZ Req Request Object Request Object Request object AuthZ Res Hybrid Flow Hybrid Flow Hybrid Flow Token Req Good Good Good Token Res Good Good Good
© 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 28 Tokens are Sender Constrained instead of being bearer Security Levels Token Types Notes Sender Constrained Token Only the entity that was issued can used the token. Bearer Token Stolen tokens can also be used
© 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 29 These are in the form of check lists. (source) https://bitbucket.org/openid/fapi/src/master/Financial_API_WD_002.md
© 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 30 Crypto Requirements are tightened for interoperability and security (source) https://bitbucket.org/openid/fapi/src/master/Financial_API_WD_002.md
© 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 31 And now working on the decoupled approach … CIBA (client initiated backchannel authentication) profile. 31 Redirect Approach Decoupled Approach Embedded Approach https://bitbucket.org/openid/fapi/src/master/Financial_API_WD_CIBA.md
© 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 32 We are not working on Embedded Approach Since we do not know how it can be phishing resistant  W3C Web Authentication will not work. Come to the WG if you know how ▪ IPR release is necessary though. GDPR explicit consent for third party data transfer? What would be the liability implications? 32 Redirect Approach Decoupled Approach Embedded Approach
© 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 33 We have other works as well… E.g. The OpenBanking OpenID Dynamic Client Registration Specification 33
© 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 34 How can we tell that the implementation conforms to the specification? 34
© 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 35 II. What is OpenID Foundation Once it passes the test, the implementer can self-certify and publish. • That gets the implementers under the premise of the article 5 of the FTC Act. • The log will be openly available so others can also find out false claims. See http://openid.net/certification/ for details OpenID Foundation provides the online test environment for the implementers to test their conformance. 35
© 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 36
© 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 3737
© 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 3838 * Not Invented Here
© 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 39 But work together in the open, IPR safe environment. 39
© 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 40 uestions? 40

Empfohlen

Introduction to 
the FAPI Read & Write OAuth Profile - Jan 2018 Updates
Introduction to 
the FAPI Read & Write OAuth Profile - Jan 2018 UpdatesIntroduction to 
the FAPI Read & Write OAuth Profile - Jan 2018 Updates
Introduction to 
the FAPI Read & Write OAuth Profile - Jan 2018 UpdatesNat Sakimura
 
OpenID Foundation FAPI WG: June 2017 Update
OpenID Foundation FAPI WG: June 2017 UpdateOpenID Foundation FAPI WG: June 2017 Update
OpenID Foundation FAPI WG: June 2017 UpdateNat Sakimura
 
Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the applic...
Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the applic...Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the applic...
Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the applic...Nat Sakimura
 
OpenID Foundation Workshop at EIC 2018 - Introduction to the FAPI Read & Writ...
OpenID Foundation Workshop at EIC 2018 - Introduction to the FAPI Read & Writ...OpenID Foundation Workshop at EIC 2018 - Introduction to the FAPI Read & Writ...
OpenID Foundation Workshop at EIC 2018 - Introduction to the FAPI Read & Writ...MikeLeszcz
 
Modern Authentication for ASP.NET Core with IdentityServer 4 (Progressive .NE...
Modern Authentication for ASP.NET Core with IdentityServer 4 (Progressive .NE...Modern Authentication for ASP.NET Core with IdentityServer 4 (Progressive .NE...
Modern Authentication for ASP.NET Core with IdentityServer 4 (Progressive .NE...Scott Brady
 
Implementing PII Encryption with PDX Serialization
Implementing PII Encryption with PDX SerializationImplementing PII Encryption with PDX Serialization
Implementing PII Encryption with PDX SerializationVMware Tanzu
 
Implementing WebAuthn & FAPI supports on Keycloak
Implementing WebAuthn & FAPI supports on KeycloakImplementing WebAuthn & FAPI supports on Keycloak
Implementing WebAuthn & FAPI supports on KeycloakYuichi Nakamura
 
OSCON 2018 Getting Started with Hyperledger Indy
OSCON 2018 Getting Started with Hyperledger IndyOSCON 2018 Getting Started with Hyperledger Indy
OSCON 2018 Getting Started with Hyperledger IndyTracy Kuhrt
 

Empfohlen

Introduction to 
the FAPI Read & Write OAuth Profile - Jan 2018 Updates
Introduction to 
the FAPI Read & Write OAuth Profile - Jan 2018 UpdatesIntroduction to 
the FAPI Read & Write OAuth Profile - Jan 2018 Updates
Introduction to 
the FAPI Read & Write OAuth Profile - Jan 2018 UpdatesNat Sakimura
 
OpenID Foundation FAPI WG: June 2017 Update
OpenID Foundation FAPI WG: June 2017 UpdateOpenID Foundation FAPI WG: June 2017 Update
OpenID Foundation FAPI WG: June 2017 UpdateNat Sakimura
 
Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the applic...
Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the applic...Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the applic...
Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the applic...Nat Sakimura
 
OpenID Foundation Workshop at EIC 2018 - Introduction to the FAPI Read & Writ...
OpenID Foundation Workshop at EIC 2018 - Introduction to the FAPI Read & Writ...OpenID Foundation Workshop at EIC 2018 - Introduction to the FAPI Read & Writ...
OpenID Foundation Workshop at EIC 2018 - Introduction to the FAPI Read & Writ...MikeLeszcz
 
Modern Authentication for ASP.NET Core with IdentityServer 4 (Progressive .NE...
Modern Authentication for ASP.NET Core with IdentityServer 4 (Progressive .NE...Modern Authentication for ASP.NET Core with IdentityServer 4 (Progressive .NE...
Modern Authentication for ASP.NET Core with IdentityServer 4 (Progressive .NE...Scott Brady
 
Implementing PII Encryption with PDX Serialization
Implementing PII Encryption with PDX SerializationImplementing PII Encryption with PDX Serialization
Implementing PII Encryption with PDX SerializationVMware Tanzu
 
Implementing WebAuthn & FAPI supports on Keycloak
Implementing WebAuthn & FAPI supports on KeycloakImplementing WebAuthn & FAPI supports on Keycloak
Implementing WebAuthn & FAPI supports on KeycloakYuichi Nakamura
 
OSCON 2018 Getting Started with Hyperledger Indy
OSCON 2018 Getting Started with Hyperledger IndyOSCON 2018 Getting Started with Hyperledger Indy
OSCON 2018 Getting Started with Hyperledger IndyTracy Kuhrt
 
Learn about the Trust Over IP (ToIP) stack
Learn about the Trust Over IP (ToIP) stackLearn about the Trust Over IP (ToIP) stack
Learn about the Trust Over IP (ToIP) stackSSIMeetup
 
W3C Web Authentication - #idcon vol.24
W3C Web Authentication - #idcon vol.24W3C Web Authentication - #idcon vol.24
W3C Web Authentication - #idcon vol.24Nov Matake
 
04 - Blockchain Technology - Hyperledger Fabric
04 - Blockchain Technology - Hyperledger Fabric04 - Blockchain Technology - Hyperledger Fabric
04 - Blockchain Technology - Hyperledger FabricITROOS
 
Hyperledger fabric
Hyperledger fabricHyperledger fabric
Hyperledger fabricCeline George
 
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...Hitachi, Ltd. OSS Solution Center.
 
Code on the chain! An introduction in writing smart contracts and tooling for...
Code on the chain! An introduction in writing smart contracts and tooling for...Code on the chain! An introduction in writing smart contracts and tooling for...
Code on the chain! An introduction in writing smart contracts and tooling for...Codemotion
 
Top 10 Blockchain Professionals Course And Training
Top 10 Blockchain Professionals Course And TrainingTop 10 Blockchain Professionals Course And Training
Top 10 Blockchain Professionals Course And TrainingBlockchain Council
 
Hyperledger Fabric Architecture
Hyperledger Fabric ArchitectureHyperledger Fabric Architecture
Hyperledger Fabric Architecture상문 오
 
Hyperledger introduction
Hyperledger introductionHyperledger introduction
Hyperledger introductionpoznanblockchainmeetup
 
PresentationV_1
PresentationV_1PresentationV_1
PresentationV_1Dias Lonappan
 
OAuth and OpenID Connect for Microservices
OAuth and OpenID Connect for MicroservicesOAuth and OpenID Connect for Microservices
OAuth and OpenID Connect for MicroservicesTwobo Technologies
 
Top 10 interview question for corda expert
Top 10 interview question for corda expertTop 10 interview question for corda expert
Top 10 interview question for corda expertBlockchain Council
 
Double Server Public Key Encryption with Keyword Search for Secure Cloud Storage
Double Server Public Key Encryption with Keyword Search for Secure Cloud StorageDouble Server Public Key Encryption with Keyword Search for Secure Cloud Storage
Double Server Public Key Encryption with Keyword Search for Secure Cloud Storageijtsrd
 
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...Hitachi, Ltd. OSS Solution Center.
 
Comprehensive overview FAPI 1 and 2
Comprehensive overview FAPI 1 and 2Comprehensive overview FAPI 1 and 2
Comprehensive overview FAPI 1 and 2Torsten Lodderstedt
 
Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203
Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203
Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203Arnaud Le Hors
 
FIWARE-IoT-Broker-introduction
FIWARE-IoT-Broker-introductionFIWARE-IoT-Broker-introduction
FIWARE-IoT-Broker-introductiongesslers
 
Hyperledger vs ethereum a dubious choice (1)
Hyperledger vs ethereum a dubious choice (1)Hyperledger vs ethereum a dubious choice (1)
Hyperledger vs ethereum a dubious choice (1)Blockchain Council
 
Secure 3 kany-vanda
Secure 3 kany-vandaSecure 3 kany-vanda
Secure 3 kany-vandaVanda KANY
 
Describe how corda works
Describe how corda works Describe how corda works
Describe how corda works Blockchain Council
 
Financial Grade OAuth & OpenID Connect
Financial Grade OAuth & OpenID ConnectFinancial Grade OAuth & OpenID Connect
Financial Grade OAuth & OpenID ConnectNat Sakimura
 
API Days 2016 Day 1: OpenID Financial API WG
API Days 2016 Day 1: OpenID Financial API WGAPI Days 2016 Day 1: OpenID Financial API WG
API Days 2016 Day 1: OpenID Financial API WGNat Sakimura
 

Weitere ähnliche Inhalte

Was ist angesagt?

Learn about the Trust Over IP (ToIP) stack
Learn about the Trust Over IP (ToIP) stackLearn about the Trust Over IP (ToIP) stack
Learn about the Trust Over IP (ToIP) stackSSIMeetup
 
W3C Web Authentication - #idcon vol.24
W3C Web Authentication - #idcon vol.24W3C Web Authentication - #idcon vol.24
W3C Web Authentication - #idcon vol.24Nov Matake
 
04 - Blockchain Technology - Hyperledger Fabric
04 - Blockchain Technology - Hyperledger Fabric04 - Blockchain Technology - Hyperledger Fabric
04 - Blockchain Technology - Hyperledger FabricITROOS
 
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...Hitachi, Ltd. OSS Solution Center.
 
Code on the chain! An introduction in writing smart contracts and tooling for...
Code on the chain! An introduction in writing smart contracts and tooling for...Code on the chain! An introduction in writing smart contracts and tooling for...
Code on the chain! An introduction in writing smart contracts and tooling for...Codemotion
 
Top 10 Blockchain Professionals Course And Training
Top 10 Blockchain Professionals Course And TrainingTop 10 Blockchain Professionals Course And Training
Top 10 Blockchain Professionals Course And TrainingBlockchain Council
 
Hyperledger Fabric Architecture
Hyperledger Fabric ArchitectureHyperledger Fabric Architecture
Hyperledger Fabric Architecture상문 오
 
OAuth and OpenID Connect for Microservices
OAuth and OpenID Connect for MicroservicesOAuth and OpenID Connect for Microservices
OAuth and OpenID Connect for MicroservicesTwobo Technologies
 
Top 10 interview question for corda expert
Top 10 interview question for corda expertTop 10 interview question for corda expert
Top 10 interview question for corda expertBlockchain Council
 
Double Server Public Key Encryption with Keyword Search for Secure Cloud Storage
Double Server Public Key Encryption with Keyword Search for Secure Cloud StorageDouble Server Public Key Encryption with Keyword Search for Secure Cloud Storage
Double Server Public Key Encryption with Keyword Search for Secure Cloud Storageijtsrd
 
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...Hitachi, Ltd. OSS Solution Center.
 
Comprehensive overview FAPI 1 and 2
Comprehensive overview FAPI 1 and 2Comprehensive overview FAPI 1 and 2
Comprehensive overview FAPI 1 and 2Torsten Lodderstedt
 
Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203
Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203
Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203Arnaud Le Hors
 
FIWARE-IoT-Broker-introduction
FIWARE-IoT-Broker-introductionFIWARE-IoT-Broker-introduction
FIWARE-IoT-Broker-introductiongesslers
 
Hyperledger vs ethereum a dubious choice (1)
Hyperledger vs ethereum a dubious choice (1)Hyperledger vs ethereum a dubious choice (1)
Hyperledger vs ethereum a dubious choice (1)Blockchain Council
 
Secure 3 kany-vanda
Secure 3 kany-vandaSecure 3 kany-vanda
Secure 3 kany-vandaVanda KANY
 

Was ist angesagt? (20)

Learn about the Trust Over IP (ToIP) stack
Learn about the Trust Over IP (ToIP) stackLearn about the Trust Over IP (ToIP) stack
Learn about the Trust Over IP (ToIP) stack
 
W3C Web Authentication - #idcon vol.24
W3C Web Authentication - #idcon vol.24W3C Web Authentication - #idcon vol.24
W3C Web Authentication - #idcon vol.24
 
04 - Blockchain Technology - Hyperledger Fabric
04 - Blockchain Technology - Hyperledger Fabric04 - Blockchain Technology - Hyperledger Fabric
04 - Blockchain Technology - Hyperledger Fabric
 
Hyperledger fabric
Hyperledger fabricHyperledger fabric
Hyperledger fabric
 
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...
 
Code on the chain! An introduction in writing smart contracts and tooling for...
Code on the chain! An introduction in writing smart contracts and tooling for...Code on the chain! An introduction in writing smart contracts and tooling for...
Code on the chain! An introduction in writing smart contracts and tooling for...
 
Top 10 Blockchain Professionals Course And Training
Top 10 Blockchain Professionals Course And TrainingTop 10 Blockchain Professionals Course And Training
Top 10 Blockchain Professionals Course And Training
 
Hyperledger Fabric Architecture
Hyperledger Fabric ArchitectureHyperledger Fabric Architecture
Hyperledger Fabric Architecture
 
Hyperledger introduction
Hyperledger introductionHyperledger introduction
Hyperledger introduction
 
PresentationV_1
PresentationV_1PresentationV_1
PresentationV_1
 
OAuth and OpenID Connect for Microservices
OAuth and OpenID Connect for MicroservicesOAuth and OpenID Connect for Microservices
OAuth and OpenID Connect for Microservices
 
Top 10 interview question for corda expert
Top 10 interview question for corda expertTop 10 interview question for corda expert
Top 10 interview question for corda expert
 
Double Server Public Key Encryption with Keyword Search for Secure Cloud Storage
Double Server Public Key Encryption with Keyword Search for Secure Cloud StorageDouble Server Public Key Encryption with Keyword Search for Secure Cloud Storage
Double Server Public Key Encryption with Keyword Search for Secure Cloud Storage
 
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
 
Comprehensive overview FAPI 1 and 2
Comprehensive overview FAPI 1 and 2Comprehensive overview FAPI 1 and 2
Comprehensive overview FAPI 1 and 2
 
Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203
Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203
Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203
 
FIWARE-IoT-Broker-introduction
FIWARE-IoT-Broker-introductionFIWARE-IoT-Broker-introduction
FIWARE-IoT-Broker-introduction
 
Hyperledger vs ethereum a dubious choice (1)
Hyperledger vs ethereum a dubious choice (1)Hyperledger vs ethereum a dubious choice (1)
Hyperledger vs ethereum a dubious choice (1)
 
Secure 3 kany-vanda
Secure 3 kany-vandaSecure 3 kany-vanda
Secure 3 kany-vanda
 
Describe how corda works
Describe how corda works Describe how corda works
Describe how corda works
 

Ähnlich wie Introduction to the FAPI Read & Write OAuth Profile

Financial Grade OAuth & OpenID Connect
Financial Grade OAuth & OpenID ConnectFinancial Grade OAuth & OpenID Connect
Financial Grade OAuth & OpenID ConnectNat Sakimura
 
API Days 2016 Day 1: OpenID Financial API WG
API Days 2016 Day 1: OpenID Financial API WGAPI Days 2016 Day 1: OpenID Financial API WG
API Days 2016 Day 1: OpenID Financial API WGNat Sakimura
 
OpenID Foundation Foundation Financial API (FAPI) WG
OpenID Foundation Foundation Financial API (FAPI) WGOpenID Foundation Foundation Financial API (FAPI) WG
OpenID Foundation Foundation Financial API (FAPI) WGNat Sakimura
 
OpenID Foundation Foundation Financial API (FAPI) WG
OpenID Foundation Foundation Financial API (FAPI) WGOpenID Foundation Foundation Financial API (FAPI) WG
OpenID Foundation Foundation Financial API (FAPI) WGNat Sakimura
 
Blockchain: Strategies for Moving From Hype to Realities of Deployment
Blockchain: Strategies for Moving From Hype to Realities of DeploymentBlockchain: Strategies for Moving From Hype to Realities of Deployment
Blockchain: Strategies for Moving From Hype to Realities of DeploymentCA Technologies
 
Intellectual property and licensing
Intellectual property and licensingIntellectual property and licensing
Intellectual property and licensingiText Group nv
 
Open source: an introduction to IP and Legal
Open source: an introduction to IP and LegalOpen source: an introduction to IP and Legal
Open source: an introduction to IP and LegalBruno Lowagie
 
Cisco Connect Vancouver 2017 - Cisco's Digital Network Architecture - deeper ...
Cisco Connect Vancouver 2017 - Cisco's Digital Network Architecture - deeper ...Cisco Connect Vancouver 2017 - Cisco's Digital Network Architecture - deeper ...
Cisco Connect Vancouver 2017 - Cisco's Digital Network Architecture - deeper ...Cisco Canada
 
Issues towards Open Banking ecosystem and how OpenID Foundation tackles them ...
Issues towards Open Banking ecosystem and how OpenID Foundation tackles them ...Issues towards Open Banking ecosystem and how OpenID Foundation tackles them ...
Issues towards Open Banking ecosystem and how OpenID Foundation tackles them ...FinTechLabs.io
 
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...apidays
 
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...AWS Summits
 
Interconnect_Blockchain One Year On
Interconnect_Blockchain One Year OnInterconnect_Blockchain One Year On
Interconnect_Blockchain One Year OnKathryn Harrison
 
ISTA 2017 - Blockchain, beyond Bitcoin
ISTA 2017 - Blockchain, beyond BitcoinISTA 2017 - Blockchain, beyond Bitcoin
ISTA 2017 - Blockchain, beyond BitcoinVladimir Savchenko
 
Cisco Managed Private Cloud in Your Data Center: Public cloud experience on ...
Cisco Managed Private Cloud in Your Data Center: Public cloud experience on ...Cisco Managed Private Cloud in Your Data Center: Public cloud experience on ...
Cisco Managed Private Cloud in Your Data Center: Public cloud experience on ...Cisco DevNet
 
Cisco Connect Toronto 2017 - Your time is now
Cisco Connect Toronto 2017 - Your time is nowCisco Connect Toronto 2017 - Your time is now
Cisco Connect Toronto 2017 - Your time is nowCisco Canada
 
Cisco connect winnipeg 2018 unlocking business value with network programma...
Cisco connect winnipeg 2018 unlocking business value with network programma...Cisco connect winnipeg 2018 unlocking business value with network programma...
Cisco connect winnipeg 2018 unlocking business value with network programma...Cisco Canada
 
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...Amazon Web Services
 
Internet of Things Security & Privacy
Internet of Things Security & PrivacyInternet of Things Security & Privacy
Internet of Things Security & PrivacyChris Adriaensen
 
Sitecore might be secure, but your site isn't
Sitecore might be secure, but your site isn'tSitecore might be secure, but your site isn't
Sitecore might be secure, but your site isn'tBas Lijten
 
Open Source SW Business
Open Source SW Business Open Source SW Business
Open Source SW Business SANGHEE SHIN
 

Ähnlich wie Introduction to the FAPI Read & Write OAuth Profile (20)

Financial Grade OAuth & OpenID Connect
Financial Grade OAuth & OpenID ConnectFinancial Grade OAuth & OpenID Connect
Financial Grade OAuth & OpenID Connect
 
API Days 2016 Day 1: OpenID Financial API WG
API Days 2016 Day 1: OpenID Financial API WGAPI Days 2016 Day 1: OpenID Financial API WG
API Days 2016 Day 1: OpenID Financial API WG
 
OpenID Foundation Foundation Financial API (FAPI) WG
OpenID Foundation Foundation Financial API (FAPI) WGOpenID Foundation Foundation Financial API (FAPI) WG
OpenID Foundation Foundation Financial API (FAPI) WG
 
OpenID Foundation Foundation Financial API (FAPI) WG
OpenID Foundation Foundation Financial API (FAPI) WGOpenID Foundation Foundation Financial API (FAPI) WG
OpenID Foundation Foundation Financial API (FAPI) WG
 
Blockchain: Strategies for Moving From Hype to Realities of Deployment
Blockchain: Strategies for Moving From Hype to Realities of DeploymentBlockchain: Strategies for Moving From Hype to Realities of Deployment
Blockchain: Strategies for Moving From Hype to Realities of Deployment
 
Intellectual property and licensing
Intellectual property and licensingIntellectual property and licensing
Intellectual property and licensing
 
Open source: an introduction to IP and Legal
Open source: an introduction to IP and LegalOpen source: an introduction to IP and Legal
Open source: an introduction to IP and Legal
 
Cisco Connect Vancouver 2017 - Cisco's Digital Network Architecture - deeper ...
Cisco Connect Vancouver 2017 - Cisco's Digital Network Architecture - deeper ...Cisco Connect Vancouver 2017 - Cisco's Digital Network Architecture - deeper ...
Cisco Connect Vancouver 2017 - Cisco's Digital Network Architecture - deeper ...
 
Issues towards Open Banking ecosystem and how OpenID Foundation tackles them ...
Issues towards Open Banking ecosystem and how OpenID Foundation tackles them ...Issues towards Open Banking ecosystem and how OpenID Foundation tackles them ...
Issues towards Open Banking ecosystem and how OpenID Foundation tackles them ...
 
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...
 
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...
 
Interconnect_Blockchain One Year On
Interconnect_Blockchain One Year OnInterconnect_Blockchain One Year On
Interconnect_Blockchain One Year On
 
ISTA 2017 - Blockchain, beyond Bitcoin
ISTA 2017 - Blockchain, beyond BitcoinISTA 2017 - Blockchain, beyond Bitcoin
ISTA 2017 - Blockchain, beyond Bitcoin
 
Cisco Managed Private Cloud in Your Data Center: Public cloud experience on ...
Cisco Managed Private Cloud in Your Data Center: Public cloud experience on ...Cisco Managed Private Cloud in Your Data Center: Public cloud experience on ...
Cisco Managed Private Cloud in Your Data Center: Public cloud experience on ...
 
Cisco Connect Toronto 2017 - Your time is now
Cisco Connect Toronto 2017 - Your time is nowCisco Connect Toronto 2017 - Your time is now
Cisco Connect Toronto 2017 - Your time is now
 
Cisco connect winnipeg 2018 unlocking business value with network programma...
Cisco connect winnipeg 2018 unlocking business value with network programma...Cisco connect winnipeg 2018 unlocking business value with network programma...
Cisco connect winnipeg 2018 unlocking business value with network programma...
 
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
 
Internet of Things Security & Privacy
Internet of Things Security & PrivacyInternet of Things Security & Privacy
Internet of Things Security & Privacy
 
Sitecore might be secure, but your site isn't
Sitecore might be secure, but your site isn'tSitecore might be secure, but your site isn't
Sitecore might be secure, but your site isn't
 
Open Source SW Business
Open Source SW Business Open Source SW Business
Open Source SW Business
 

Mehr von Nat Sakimura

FAPI and beyond - よりよいセキュリティのために
FAPI and beyond - よりよいセキュリティのためにFAPI and beyond - よりよいセキュリティのために
FAPI and beyond - よりよいセキュリティのためにNat Sakimura
 
OpenID in the Digital ID Landscape: A Perspective From the Past to the Future
OpenID in the Digital ID Landscape: A Perspective From the Past to the FutureOpenID in the Digital ID Landscape: A Perspective From the Past to the Future
OpenID in the Digital ID Landscape: A Perspective From the Past to the FutureNat Sakimura
 
170724 JP/UK Open Banking Summit English Translation
170724 JP/UK Open Banking Summit English Translation170724 JP/UK Open Banking Summit English Translation
170724 JP/UK Open Banking Summit English TranslationNat Sakimura
 
金融 API 時代のセキュリティ: OpenID Financial API (FAPI) WG
金融 API 時代のセキュリティ: OpenID Financial API (FAPI) WG金融 API 時代のセキュリティ: OpenID Financial API (FAPI) WG
金融 API 時代のセキュリティ: OpenID Financial API (FAPI) WGNat Sakimura
 
ブロックチェーン〜信頼の源泉の民主化のもたらす変革
ブロックチェーン〜信頼の源泉の民主化のもたらす変革ブロックチェーン〜信頼の源泉の民主化のもたらす変革
ブロックチェーン〜信頼の源泉の民主化のもたらす変革Nat Sakimura
 
車輪は丸くなったか?~デジタル・アイデンティティの標準化動向とそのゴール
車輪は丸くなったか?~デジタル・アイデンティティの標準化動向とそのゴール車輪は丸くなったか?~デジタル・アイデンティティの標準化動向とそのゴール
車輪は丸くなったか?~デジタル・アイデンティティの標準化動向とそのゴールNat Sakimura
 
OAuth SPOP @ IETF 91
OAuth SPOP @ IETF 91OAuth SPOP @ IETF 91
OAuth SPOP @ IETF 91Nat Sakimura
 
Oidc how it solves your problems
Oidc how it solves your problemsOidc how it solves your problems
Oidc how it solves your problemsNat Sakimura
 
Transient client secret extension
Transient client secret extensionTransient client secret extension
Transient client secret extensionNat Sakimura
 
Introduction to OpenID Connect
Introduction to OpenID Connect Introduction to OpenID Connect
Introduction to OpenID Connect Nat Sakimura
 
Nc 30 sakimura-distribution_0604
Nc 30 sakimura-distribution_0604Nc 30 sakimura-distribution_0604
Nc 30 sakimura-distribution_0604Nat Sakimura
 
Smartphone Native Application OP
Smartphone Native Application OPSmartphone Native Application OP
Smartphone Native Application OPNat Sakimura
 
Open idとcyber空間
Open idとcyber空間Open idとcyber空間
Open idとcyber空間Nat Sakimura
 
サイバー空間上の信頼フレームワークとパーソナルデータ経済
サイバー空間上の信頼フレームワークとパーソナルデータ経済サイバー空間上の信頼フレームワークとパーソナルデータ経済
サイバー空間上の信頼フレームワークとパーソナルデータ経済Nat Sakimura
 
20110706 PIDSプロジェクト中間報告
20110706 PIDSプロジェクト中間報告20110706 PIDSプロジェクト中間報告
20110706 PIDSプロジェクト中間報告Nat Sakimura
 
Open id specifications_work_update-tokyo_2011
Open id specifications_work_update-tokyo_2011Open id specifications_work_update-tokyo_2011
Open id specifications_work_update-tokyo_2011Nat Sakimura
 
国民ID制度とトラスト・フレームワーク
国民ID制度とトラスト・フレームワーク国民ID制度とトラスト・フレームワーク
国民ID制度とトラスト・フレームワークNat Sakimura
 
Introduction to OpenID TX proposed extension
Introduction to OpenID TX proposed extensionIntroduction to OpenID TX proposed extension
Introduction to OpenID TX proposed extensionNat Sakimura
 
Sharing the Success of OpenID Japan Success
Sharing the Success of OpenID Japan SuccessSharing the Success of OpenID Japan Success
Sharing the Success of OpenID Japan SuccessNat Sakimura
 

Mehr von Nat Sakimura (20)

FAPI and beyond - よりよいセキュリティのために
FAPI and beyond - よりよいセキュリティのためにFAPI and beyond - よりよいセキュリティのために
FAPI and beyond - よりよいセキュリティのために
 
OpenID in the Digital ID Landscape: A Perspective From the Past to the Future
OpenID in the Digital ID Landscape: A Perspective From the Past to the FutureOpenID in the Digital ID Landscape: A Perspective From the Past to the Future
OpenID in the Digital ID Landscape: A Perspective From the Past to the Future
 
170724 JP/UK Open Banking Summit English Translation
170724 JP/UK Open Banking Summit English Translation170724 JP/UK Open Banking Summit English Translation
170724 JP/UK Open Banking Summit English Translation
 
金融 API 時代のセキュリティ: OpenID Financial API (FAPI) WG
金融 API 時代のセキュリティ: OpenID Financial API (FAPI) WG金融 API 時代のセキュリティ: OpenID Financial API (FAPI) WG
金融 API 時代のセキュリティ: OpenID Financial API (FAPI) WG
 
ブロックチェーン〜信頼の源泉の民主化のもたらす変革
ブロックチェーン〜信頼の源泉の民主化のもたらす変革ブロックチェーン〜信頼の源泉の民主化のもたらす変革
ブロックチェーン〜信頼の源泉の民主化のもたらす変革
 
車輪は丸くなったか?~デジタル・アイデンティティの標準化動向とそのゴール
車輪は丸くなったか?~デジタル・アイデンティティの標準化動向とそのゴール車輪は丸くなったか?~デジタル・アイデンティティの標準化動向とそのゴール
車輪は丸くなったか?~デジタル・アイデンティティの標準化動向とそのゴール
 
OAuth SPOP @ IETF 91
OAuth SPOP @ IETF 91OAuth SPOP @ IETF 91
OAuth SPOP @ IETF 91
 
Oidc how it solves your problems
Oidc how it solves your problemsOidc how it solves your problems
Oidc how it solves your problems
 
Transient client secret extension
Transient client secret extensionTransient client secret extension
Transient client secret extension
 
Introduction to OpenID Connect
Introduction to OpenID Connect Introduction to OpenID Connect
Introduction to OpenID Connect
 
Nc 30 sakimura-distribution_0604
Nc 30 sakimura-distribution_0604Nc 30 sakimura-distribution_0604
Nc 30 sakimura-distribution_0604
 
Smartphone Native Application OP
Smartphone Native Application OPSmartphone Native Application OP
Smartphone Native Application OP
 
Open idとcyber空間
Open idとcyber空間Open idとcyber空間
Open idとcyber空間
 
サイバー空間上の信頼フレームワークとパーソナルデータ経済
サイバー空間上の信頼フレームワークとパーソナルデータ経済サイバー空間上の信頼フレームワークとパーソナルデータ経済
サイバー空間上の信頼フレームワークとパーソナルデータ経済
 
Closing Note
Closing NoteClosing Note
Closing Note
 
20110706 PIDSプロジェクト中間報告
20110706 PIDSプロジェクト中間報告20110706 PIDSプロジェクト中間報告
20110706 PIDSプロジェクト中間報告
 
Open id specifications_work_update-tokyo_2011
Open id specifications_work_update-tokyo_2011Open id specifications_work_update-tokyo_2011
Open id specifications_work_update-tokyo_2011
 
国民ID制度とトラスト・フレームワーク
国民ID制度とトラスト・フレームワーク国民ID制度とトラスト・フレームワーク
国民ID制度とトラスト・フレームワーク
 
Introduction to OpenID TX proposed extension
Introduction to OpenID TX proposed extensionIntroduction to OpenID TX proposed extension
Introduction to OpenID TX proposed extension
 
Sharing the Success of OpenID Japan Success
Sharing the Success of OpenID Japan SuccessSharing the Success of OpenID Japan Success
Sharing the Success of OpenID Japan Success
 

Kürzlich hochgeladen

MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024SynarionITSolutions
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 

Kürzlich hochgeladen (20)

MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 

Introduction to the FAPI Read & Write OAuth Profile

  • 1. Nomura Research Institute Nat Sakimura(@_nat_en) Introduction to the FAPI Read & Write OAuth Profile • OpenID® is a registered trademark of the OpenID Foundation. • *Unless otherwise noted, all the photos and vector images are licensed by GraphicStocks. 2017-11-08 Foundation Research FellowChairman of the board
  • 2. © 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 2 Using iTunes? Using Android? Using Google? Using MS Office 365? … 2
  • 3. © 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 3 Over 3 Billion served. 3
  • 4. © 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 4 International standards 4 OpenID Connect JSON Web Token (JWT) JSON Web Signature (JWS) OAuth PKCE(RFC7636) OAuth JAR (RFC TBD) ISO/IEC 29184 ISO/IEC 29100 AMD1 JIS X 9250 Etc.
  • 5. © 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 5 An international standardization expert and a protocol designer on identity, access management, and privacy 5
  • 6. Copyright(C) Nomura Research Institute, Ltd. All rights reserved. 6 Nat Sakimura (Co-)Author of: OpenID Connect Core 1.0 JSON Web Token [RFC7519] JSON Web Signature [7515] OAuth PKCE [RFC7636] OAuth JAR [IETF Last Call] Etc. (Co-)Editor of: ISO/IEC 29184 Guidelines for online notice and consent ISO/IEC 29100 AMD: Privacy Framework – Amendment 1 ISO/IEC 27551 Requirements for attribute based unlinkable entity authentication Etc. • Chairman, OpenID Foundation • Chair, Financial API WG • Head of delegate from Japanese National Body to ISO/IEC JTC 1/SC 27/WG5 • WG5〜OECD/SPDE Liaison • Research Fellow @ Nomura Research Institute (NRI) • https://www.sakimura.org • https://nat.sakimura.org • @_nat_en (English) • @_nat (Japanese) • https://www.linkedin.com/in/ natsakimura • https://ja.wikipedia.org/wiki/ 崎村夏彦 6
  • 7. © 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 7 FAPI Updates
  • 8. Copyright(C) Nomura Research Institute, Ltd. All rights reserved. A year ago in APIDays Paris Introduced FAPI WG
  • 9. © 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 9 OAuth is a framework – needs to be profiled  This framework was designed with the clear expectation that future  work will define prescriptive profiles and extensions necessary to  achieve full web-scale interoperability.
  • 10. © 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 10 Which OAuth?
  • 11. © 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 1111
  • 12. © 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 12 That creates specification to take care of medium to high risk API access security. 12 Valueoftheresource Environment control levelHigh Low High Low Social sharing Closed circuit Factory application Financial API – Read & Write e.g., Basic choices ok. Bearer token Not OK Basic choices NOT OK No need to satisfy all the security requirments by OAuth Financial API – Read only
  • 13. © 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 13 That can serve all financial transactions including PSD2, but not limited to.
  • 14. © 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 14 FAPI Security Profile is a general purpose higher security API protection mechanism based on OAuth framework. 14
  • 15. © 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 15 It has been adopted by Open Banking UK 15
  • 16. © 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 16 9 Major banks in UK goes live on January, 2018 (Source) Chris Mitchel, “Banking is now more open”, Identify 2017
  • 17. © 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 17 It is also recommended by the Japanese Banker’s association 17 (source) https://www.zenginkyo.or.jp/fileadmin/res/news/news290713_1.pdf
  • 18. © 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 18 US FS-ISAC aligning their security requirements 18
  • 19. © 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 19 … and major IAM vendors are implementing it 19
  • 20. Copyright(C) Nomura Research Institute, Ltd. All rights reserved. 20 II. What is OpenID Foundation A WG can be spun up by more than three members proposing and by the approval by the Specs Council and the Board review (2 weeks). Specs Council is composed by the current editors of the specs and checks the overlaps with other WGs or SDOs. The board checks that it will not cause IPR threats to the foundation. It has been developed within OpenID Foundation 20
  • 21. © 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 21 II. What is OpenID Foundation At FAPI WG since there are right people, IPR, and structure • All the authors of OAuth, JWT, JWS, OpenID Connect are here. Right People • Loyalty free, mutual non-assert IPR: •  Anyone can freely implement. Right IPR • No fee for joining a WG (Sponsors welcome) • WTO TBT Treaty compliant process. Right Structure 21
  • 22. © 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 22 II. What is OpenID Foundation Working Together 22 OpenID FAPI (Chair) (Co-Chair)(Co-Chair) (UK OBIE Liaison) Liaison Organizations TC 68 JTC 1/SC 27/WG 5 Nat Sakimura Tony NadalinAnoop Saxena fido 2.0 WG Chair W3C Web Authn WG Chair
  • 23. © 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 23 II. What is OpenID Foundation The work progresses with a weekly tele-conferences, mailing list discussions and project repository (https://bitbucket.org/openid/fapi/ ) 23 Issue Tracker Meeting notes Commit History Pull Requests Draft Text
  • 24. © 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 24 We have issued two implementer’s drafts Valueoftheresource Environment control levelHigh Low High Low Social sharing Closed circuit Factory application Financial API – Read & Write e.g., Basic choices ok. Financial API – Read only
  • 25. © 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 25 Which are redirect approach Part 1: Read Only Security Profile Part 2: Read and Write Security Profile 25 Redirect Approach Decoupled Approach Embedded Approach
  • 26. © 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 26 While RFC6749 is not complete with source, destination, and message authentication, UA Clien t AS TLS Protected TLS ProtectedTLS Protected TLS Terminated Sender AuthN Receiver AuthN Message AuthN AuthZ Req Indirect None None AuthZ Res None None None Token Req Weak Good Good Token Res Good Good Good
  • 27. © 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 27  By using OpenID Connect’s Hybrid Flow and Request Object, you are pretty well covered. FAPI Part 2 is complete with source, destination, and message authentication. 27 Sender AuthN Receiver AuthN Message AuthN AuthZ Req Request Object Request Object Request object AuthZ Res Hybrid Flow Hybrid Flow Hybrid Flow Token Req Good Good Good Token Res Good Good Good
  • 28. © 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 28 Tokens are Sender Constrained instead of being bearer Security Levels Token Types Notes Sender Constrained Token Only the entity that was issued can used the token. Bearer Token Stolen tokens can also be used
  • 29. © 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 29 These are in the form of check lists. (source) https://bitbucket.org/openid/fapi/src/master/Financial_API_WD_002.md
  • 30. © 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 30 Crypto Requirements are tightened for interoperability and security (source) https://bitbucket.org/openid/fapi/src/master/Financial_API_WD_002.md
  • 31. © 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 31 And now working on the decoupled approach … CIBA (client initiated backchannel authentication) profile. 31 Redirect Approach Decoupled Approach Embedded Approach https://bitbucket.org/openid/fapi/src/master/Financial_API_WD_CIBA.md
  • 32. © 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 32 We are not working on Embedded Approach Since we do not know how it can be phishing resistant  W3C Web Authentication will not work. Come to the WG if you know how ▪ IPR release is necessary though. GDPR explicit consent for third party data transfer? What would be the liability implications? 32 Redirect Approach Decoupled Approach Embedded Approach
  • 33. © 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 33 We have other works as well… E.g. The OpenBanking OpenID Dynamic Client Registration Specification 33
  • 34. © 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 34 How can we tell that the implementation conforms to the specification? 34
  • 35. © 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 35 II. What is OpenID Foundation Once it passes the test, the implementer can self-certify and publish. • That gets the implementers under the premise of the article 5 of the FTC Act. • The log will be openly available so others can also find out false claims. See http://openid.net/certification/ for details OpenID Foundation provides the online test environment for the implementers to test their conformance. 35
  • 36. © 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 36
  • 37. © 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 3737
  • 38. © 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 3838 * Not Invented Here
  • 39. © 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 39 But work together in the open, IPR safe environment. 39
  • 40. © 2017 by Nat Sakimura. CC-BY-SA. Copyright © 2016 Nat Sakimura. All Rights Reserved. 40 uestions? 40

Hinweis der Redaktion

  1. Hi, I’m Nat Sakimura, the chairman of the OpenID Foundation and a research fellow at Nomura Research Institute. I am honored to be invited here to talk about OpenID Connect and the potential collaboration with AGL, but before going into the main topics, let me introduce myself briefly.
  2. How many of you use iTunes? Can you raise your hand? Android? Google? MS Office 365? That’s pretty much everybody, right? If you do, then you are using the specs that I wrote.
  3. I have never counted it myself but people say that over 3 billion people are using the specifications that I co-wrote. They include
  4. … and so on.
  5. I am an iS expert on …
  6. Beside being co-editor of many of the well used specs, I ware many other hats. Like I said before, I am the chairman of the board of a US based organization, OpenID Foundation, and chair Fiancial API WG there, I am the head of delegate from JP NB to ISO.., Liaison officer from OECD to ISO, and Research Fellow @ NRI. While I am completely new to AGL, NRI is not quite.
  7. One of the problem of just using RFC6749 is the integrity protection of the authorization request and response. OAuth relies heavily on TLS for its security, but TLS gets terminated in the User Agent (UA). The exposes attack surface. In this table, I have … You can see that there are problems with them. There is another perspective as well.
  8. By using OpenID Connect’s Hybrid Flow and Request Object, you are pretty well covered. In fact, all these are written down as part of the Financial API Security Profile – the name says Financial, but there is not much financial in it as it only talks about the security. So, you might want to have a look at it.