I have many bank accounts. If I wanted to use a new and shiny graphing service, I have to get authorization from each banks individually.…
View More Authorization Delegation: A financial accounts aggregation use caseCategory: identity
Code phishing attack on OAuth 2.0 [RFC6749]
Code phishing attack is the attack that the adversary obtains the code and client credentials from the legitimate client and uses them against the honest token…
View More Code phishing attack on OAuth 2.0 [RFC6749]
Happy New Year!
2015 was a hectic year: Bunch of the specs that I have been working on (JWS [RFC7515], JWT [RFC7519], OAuth PKCE [RFC7636], JWK Thumbprint [RFC7638])got published and the work to convert…
View More Happy New Year!
On the XARA vulnerability on MacOS X and iOS
Just came across this article: Apple CORED: Boffins reveal password-killer 0-days for iOS and OS X, by The Register. Since the news itself did not explain…
View More On the XARA vulnerability on MacOS X and iOS
JWS, JWT, and others now RFC!
It has taken soooo long [1], but JSON Web Signature (JWS), JSON Web Token (JWT) , together with other JW* suite finally are Standard Track…
View More JWS, JWT, and others now RFC!
Making a Javascript OpenID Connect Client in 4 steps
When John, Breno, and I started the OpenID Connect work, one of the target was to make it as simple as putting two files on…
View More Making a Javascript OpenID Connect Client in 4 steps
Public Review of UMA 0.9 is going on
June 24: The three main UMA Version 0.9 specifications – UMA Core , OAuth Resource Set Registration , and UMA Claim Profiles – are out for a45-day public review period ending September 6 at 17:00…
View More Public Review of UMA 0.9 is going on
OpenID Connect is here! – An Identity Layer on the internet
Celebrate! OpenID Connect 1.0 Final is here! After four and half years, or six years if we include the time needed to start the working…
View More OpenID Connect is here! – An Identity Layer on the internet
Identity Management TechDay
Invitation to the Identity Management TechDayon March 20, 2014 in Darmstadt, Germany Dear colleagues, We are pleased to invite you to the Customer…
View More Identity Management TechDay
Password tax to cope with negative externalities
A Japanese newspaper run a article that 60% of the people uses same password over different web sites . In fact, it is hardly a…
View More Password tax to cope with negative externalities
You must be logged in to post a comment.