So, what encoding should a URI in OpenID Connect and OAuth discovery document use for an internationalized domain name such as “müsik.example.com”? . One option is…
View More What encoding should a URI in OpenID and OAuth discovery document use for an internationalized domain name (IDN)?Category: OpenID Connect
Blockchain Use cases and Identity
I just came across with Don Tapscott’s TED Talk titled “How the blockchain is changing money and business” . In it, he talks about 5 potential…
View More Blockchain Use cases and IdentityAPI Days Berlin 2017 Presentation
Here is the slide I used for APIDays Berlin 2017: Banking APIs and PSD2 — The finish line for PSD2 and Open Banking. A couple of…
View More API Days Berlin 2017 PresentationAPIDays 2016: Financial Grade OAuth & OpenID Connect
Here is the slide I used in API Days Paris 2016, for the Banking track. Direct link to slideshare: http://www.slideshare.net/nat_sakimura/financial-grade-oauth-openid-connect Hope they are useful.
View More APIDays 2016: Financial Grade OAuth & OpenID ConnectFAPI Presentation at Open Data in Finance Conference @ London
Here is the presentation file that I used for my 10 minutes OpenID Foundattion Financial API WG presentation at the Open Data in Finance Conference ( June 15,…
View More FAPI Presentation at Open Data in Finance Conference @ LondonOpen Data in Finance Conference: Chair’s Welcome
Here is the script of the Chair’s remark at the opening of the Open Data in Fianance Conference in London (June 15, 2016) 09:00 –…
View More Open Data in Finance Conference: Chair’s WelcomeAuthorization Delegation: A financial accounts aggregation use case
I have many bank accounts. If I wanted to use a new and shiny graphing service, I have to get authorization from each banks individually.…
View More Authorization Delegation: A financial accounts aggregation use caseCut and pasted code attack in OAuth 2.0 [RFC6749]
The so called ‘cut and pasted code attack’ also known as ‘Frankenstein Monster Attack’ is an attack that the adversary swaps the ‘code’ in the…
View More Cut and pasted code attack in OAuth 2.0 [RFC6749]Code phishing attack on OAuth 2.0 [RFC6749]
Code phishing attack is the attack that the adversary obtains the code and client credentials from the legitimate client and uses them against the honest token…
View More Code phishing attack on OAuth 2.0 [RFC6749]IdP Mix-up Attack on OAuth [RFC6749]
On Sunday 10, 2016, OAuth Security Advisory: Authorization Server Mix-Up was issued. Nov Matake wrote an excellent article about it in Japanese. To help understand the…
View More IdP Mix-up Attack on OAuth [RFC6749]
You must be logged in to post a comment.