.Nat Zone

Digital Identity et al.

「 identity 」 一覧

APIDays 2016: Financial Grade OAuth & OpenID Connect

Here is the slide I used in API Days Paris 2016, for the Banking track. Direct link to slideshare: http://www.slideshare.net/nat_sakimura/financial-grade-oauth-openid-connect Hope they are useful.

FAPI Presentation at Open Data in Finance Conference @ London

Here is the presentation file that I used for my 10 minutes OpenID Foundattion Financial API WG presentation at the Open Data in Finance Conference ( June 15, 2016). To join the Working Group, please sign the IPR Contribution agreement online by clicking …

Open Data in Finance Conference: Chair’s Welcome

Here is the script of the Chair’s remark at the opening of the Open Data in Fianance Conference in London (June 15, 2016) 09:00 – 09:10 Chair’s Welcome Nat SakimuraSenior ResearcherNomura Research Institute Hello. Welcome to the Open Data in …

no image

Authorization Delegation: A financial accounts aggregation use case

  2016/01/29    identity, OAuth, OpenID Connect

I have many bank accounts. If I wanted to use a new and shiny graphing service, I have to get authorization from each banks individually. That’s a bit of nuisance. Instead of doing that, if I can instruct each banks …

Code phishing attack on OAuth 2.0 [RFC6749]

Code phishing attack is the attack that the adversary obtains the code and client credentials from the legitimate client and uses them against the honest token endpoint to obtain tokens thereby accessing the protected resources illegitimately. Assumptions There are not much …

Happy New Year!

  2016/01/01    identity, privacy

2015 was a hectic year: Bunch of the specs that I have been working on (JWS [RFC7515], JWT [RFC7519], OAuth PKCE [RFC7636], JWK Thumbprint [RFC7638])got published and the work to convert ISO/IEC 29100 Privacy Framework into Japan Industry Standard started. We had OpenID Summit Tokyo 2015 …

On the XARA vulnerability on MacOS X and iOS

  2015/06/19    identity, OAuth, OpenID Connect ,

Just came across this article: Apple CORED: Boffins reveal password-killer 0-days for iOS and OS X, by The Register. Since the news itself did not explain the nature of the attack well enough, I went onto reading the full paper: Xing, …

JWS, JWT, and others now RFC!

  2015/05/20    identity, OAuth , , , ,

It has taken soooo long [1], but JSON Web Signature (JWS), JSON Web Token (JWT) , together with other JW* suite finally are Standard Track RFC[2] now. They are [RFC7515] and [RFC7519] respectively. For those of you who are not familiar with JWS and …

Making a Javascript OpenID Connect Client in 4 steps

  2014/12/10    identity, OpenID Connect

When John, Breno, and I started the OpenID Connect work, one of the target was to make it as simple as putting two files on the client file system and calling a few functions from the calling page. With OpenID …

Public Review of UMA 0.9 is going on

  2014/06/25    identity, OAuth, privacy, security

June 24: The three main UMA Version 0.9 specifications – UMA Core , OAuth Resource Set Registration , and UMA Claim Profiles  – are out for a45-day public review period ending September 6 at 17:00 Pacific time. This review is in preparation for advancement of these specs as Kantara Initiative …