The hype and hysteria around blockchain, blockchain identity and Facebook/Cambridge Analytica scandal have been quite interesting to watch. It did and is still showing a…
View More Facebook, mydata, and Self Sovereign IdentityCategory: identity
Blockchain Use cases and Identity
I just came across with Don Tapscott’s TED Talk titled “How the blockchain is changing money and business” . In it, he talks about 5 potential…
View More Blockchain Use cases and IdentityAPIDays 2016: Financial Grade OAuth & OpenID Connect
Here is the slide I used in API Days Paris 2016, for the Banking track. [slideshare id=70131130&doc=1601214-financialgradeoauth-00-161214112956] Direct link to slideshare: http://www.slideshare.net/nat_sakimura/financial-grade-oauth-openid-connect Hope they are useful.
View More APIDays 2016: Financial Grade OAuth & OpenID ConnectFAPI Presentation at Open Data in Finance Conference @ London
Here is the presentation file that I used for my 10 minutes OpenID Foundattion Financial API WG presentation at the Open Data in Finance Conference ( June 15,…
View More FAPI Presentation at Open Data in Finance Conference @ LondonOpen Data in Finance Conference: Chair’s Welcome
Here is the script of the Chair’s remark at the opening of the Open Data in Fianance Conference in London (June 15, 2016) 09:00 –…
View More Open Data in Finance Conference: Chair’s WelcomeAuthorization Delegation: A financial accounts aggregation use case
I have many bank accounts. If I wanted to use a new and shiny graphing service, I have to get authorization from each banks individually.…
View More Authorization Delegation: A financial accounts aggregation use caseCode phishing attack on OAuth 2.0 [RFC6749]
Code phishing attack is the attack that the adversary obtains the code and client credentials from the legitimate client and uses them against the honest token…
View More Code phishing attack on OAuth 2.0 [RFC6749]Happy New Year!
2015 was a hectic year: Bunch of the specs that I have been working on (JWS [RFC7515], JWT [RFC7519], OAuth PKCE [RFC7636], JWK Thumbprint [RFC7638])got published and the work to convert…
View More Happy New Year!On the XARA vulnerability on MacOS X and iOS
Just came across this article: Apple CORED: Boffins reveal password-killer 0-days for iOS and OS X, by The Register. Since the news itself did not explain…
View More On the XARA vulnerability on MacOS X and iOSJWS, JWT, and others now RFC!
It has taken soooo long [1], but JSON Web Signature (JWS), JSON Web Token (JWT) , together with other JW* suite finally are Standard Track…
View More JWS, JWT, and others now RFC!