In the previous post, I wrote about HAL enhanced OAuth. Similar thing can be achieved by using JSON Schema. Many people claim that OAuth 2.0…
View More JSON Schema enhanced OAuthCategory: identity
HAL enhanced OAuth 2.0 response – Making OAuth 2.0 slightly more RESTful
Many people claim that OAuth 2.0 is JSON and REST. Well, yes, it is RESTish, but not quite REST. It notably misses the hyperlink capability.…
View More HAL enhanced OAuth 2.0 response – Making OAuth 2.0 slightly more RESTfulRegistered Token Profile for OAuth 2.0
So, ID Token in OpenID connect is audience restricted to the client while the OAuth bearer access token is audience restricted to the protected resource.…
View More Registered Token Profile for OAuth 2.0Requirements to Digital Identity back in 2004
To prepare for the panel discussion at the Cloud Identity Summit 2012, I was looking back to my old blog posts. Then, I found this…
View More Requirements to Digital Identity back in 2004Some of the OpenID Foundation Summit July 2012 videos available
On July 16, 2012, we had OpenID Connect Interop and OpenID Foundation Summit in conjunction with the Cloud Identity Summit 2012, in Vale, Co. Both…
View More Some of the OpenID Foundation Summit July 2012 videos availableAnalyzing Yahoo! Voices Password Leakage
Lot’s of articles appeared on the Yahoo! Voices’ password leakage on the 11th. Many people seem to be assuming that Yahoo!s password has been leaked,…
View More Analyzing Yahoo! Voices Password LeakageTrusted Federal Systems now the NSTIC ID Ecosystem Steering Group Secretariat
I just got this message from NIST 20 minutes ago. Identity Ecosystem Steering Group’s secretariat was awarded to Trusted Federal Systems (TFS). The first in-person meeting…
View More Trusted Federal Systems now the NSTIC ID Ecosystem Steering Group SecretariatIs Facebook “Like” button tracking you?
Since I am using it on this blog also, I probably should not talk loudly, but I feel creepy about the Facebook “Like” button. If…
View More Is Facebook “Like” button tracking you?Comments on Wang-Chen-Wang paper on OpenID Implementation Vulnerability
In the paper titled “Signing Me onto Your Accounts through Facebook and Google: a Traffic-Guided Security Study of Commercially Deployed Single-Sign-On Web Services“, Rui Wang,…
View More Comments on Wang-Chen-Wang paper on OpenID Implementation VulnerabilityOpenID Connect IdP on iPhone
As part of the exercise to see if OpenID Connect Messages 1.0 were written appropriately so that other bindings can be produced, Jun Eijima and…
View More OpenID Connect IdP on iPhone
You must be logged in to post a comment.