.Nat Zone

Digital Identity et al.

「 OpenID Connect 」 一覧

draft 02 of OpenID 2.0 to Connect Migration is now available

  2014/08/07    OpenID Connect

OpenID 2.0 to OpenID Connect Migration (aka OID2 to OIDC Migration) is a spec that allows RPs to associate the old OpenID 2.0 identifiers to the new OpenID Connect identifiers without user intervention or extra round trip. The spec has …

no image

Covert Redirect is not new but.. A risk analysis and recommendations

So, there has been a flurry of worries induced by the CNET and other articles [1] about “Covert Redirect”. Like Leandro Boffi wrote in his blog post [2], this is not a new attack. It is an attack that has been …

OpenID Connect is here! – An Identity Layer on the internet

Celebrate! OpenID Connect 1.0 Final is here! After four and half years, or six years if we include the time needed to start the working group, finally, OpenID Connect is released as final. Like I have been explaining many times …

Guidance on which grant / flow to use for OpenID Connect

  2013/10/30    OpenID Connect

Many people seem to ask for the guidance on which grant / flow to use in OpenID Connect. Here is my straw-man answer. Conditions / Requirement code grant implicit grant hybrid grant Server is not directly reachable from the client …

Refactoring OpenID Connect Drafts

  2013/08/27    identity, OpenID Connect

After the Berlin OpenID AB/C WG F2F meeting, I have been trying to refactor the Connect suites into more palatable form. I am supposed to create two sets of the refactored version. One for a granular split version and the …

What to read when you want to build OpenID Connect

  2013/07/28    OpenID Connect

OpenID Connect has many components. Sometimes, it seems confusing what to read for a new reader, or worse, intimidating. Here is a flow chart I created as a guide to a new reader. Hope this is going to be useful. …

Write an OpenID Connect server in three simple steps

An OpenID Connect server is just an OAuth 2.0 server on steroids. What it does it to return the ID Token, which contains information about the authentication event for the user at the door, in addition to the Access Token. …

Identity, Authentication + OAuth = OpenID Connect

  2013/07/05    identity, OAuth, OpenID Connect, privacy

Explicit Consent – Turning Internet Dog into Pavlov’s Dog

People like me who is working on internet identity space is trying to solve so called “Internet Dog Problem.” You surely must have seen this picture — InternetDog.jpg : On the internet, nobody knows you’re a dog. This is a …

no image

Alice to Bob resource sharing

  2013/03/01    identity, OAuth, OpenID Connect

So I was in UMA call today and that reminded me of this use case. How does Alice share her protected resources (like medical test result) to Bob? I may have bloged in the past, but here is another try. …