.Nat Zone | Digital Identity et al.

.Nat Zone Digital Identity et al.

: Attack Vectors on Modern Cars – Side Effects of Automotive Digitalization

2017/05/10 security automotive, CAN Bus, eic17, IoT

The keynote presentation at the #EIC17 by Stephan Gerhager was an intriguing one. It amply told us that the security model around cars is really scary. I do not feel good driving a connected car after hearing it. It is a …

: APIDays 2016: Financial Grade OAuth & OpenID Connect

2016/12/14 Financial API, identity, OAuth, OpenID Connect, OpenID Foundation, security API, APIdays, Open Banking, PSD2

Here is the slide I used in API Days Paris 2016, for the Banking track. Direct link to slideshare: http://www.slideshare.net/nat_sakimura/financial-grade-oauth-openid-connect Hope they are useful.

: Season’s greetings through Ave Verum Corpus K.618

2016/12/06 Music Ave Verum Corpus, flute, Mozart

Season’s greetings 2016 This year, we have decided to record Wolfgang Amadeus Mozart’s Ave Verum Corpus (KV.618) as our original greeting card. It is only 46 bars but is one of the most profound music that Mozart wrote in his …

: Fixing OAuth?

2016/07/20 Financial API, OAuth, security cut-n-paste, FAPI, mix-up attack, OAuth, RFC6749, RFC6750

On the 14th and 15th of July, we had the OAuth Security Workshop 2016 at the University of Trier. Further, we had a IETF 96 side meeting on OAuth security at 18:20 in the beautiful Café am Neuen See to further discuss it. …

: Why is internet openness important? #OECDDigitalMX

2016/06/21 privacy, security #OECDDigitalMX, 4th Industrial Revolution, Digital Deflation, Ethics, ITAC, OECD, TUAC

(Following is the transcript of my speech at the TUAC Forum at the 2016 OECD Ministerial on the Digital Economy) Q. Why is access to an open internet important? Simply put, it is because the open access to the internet is …

: FAPI Presentation at Open Data in Finance Conference @ London

2016/06/15 identity, OAuth, OpenID Connect, OpenID Foundation, privacy, security #odf, FAPI, Fianncial API, PSD2

Here is the presentation file that I used for my 10 minutes OpenID Foundattion Financial API WG presentation at the Open Data in Finance Conference ( June 15, 2016). To join the Working Group, please sign the IPR Contribution agreement online by clicking …

: Open Data in Finance Conference: Chair’s Welcome

2016/06/15 Financial API, identity, OAuth, OpenID Connect, OpenID Foundation, security

Here is the script of the Chair’s remark at the opening of the Open Data in Fianance Conference in London (June 15, 2016) 09:00 – 09:10 Chair’s Welcome Nat SakimuraSenior ResearcherNomura Research Institute Hello. Welcome to the Open Data in …

: GSA 18F’s unauthorized Slack use caused breach of 100 GSA Google Drives?

2016/05/14 security data breach, oath2, slack

@JamieXML pinged me about the @18F breach that I completely missed. I quickly googled it and found this article. IG report:18F’s unauthorized Slack use caused breach of 100 GSA Google Drives It refers to “MANAGEMENT ALERT REPORT:GSA Data Breach” [JE16-004], …

: Authorization Delegation: A financial accounts aggregation use case

2016/01/29 identity, OAuth, OpenID Connect

I have many bank accounts. If I wanted to use a new and shiny graphing service, I have to get authorization from each banks individually. That’s a bit of nuisance. Instead of doing that, if I can instruct each banks …

: Cut and pasted code attack in OAuth 2.0 [RFC6749]

2016/01/25 OAuth, OpenID Connect, security

The so called ‘cut and pasted code attack’ also known as ‘Frankenstein Monster Attack’ is an attack that the adversary swaps the ‘code’ in the authorization response with the victim’s ‘code’ that the adversary has gotten hold of somehow. It can …

1 2 … 19 Next »