.Nat Zone

Digital Identity et al.

「 OAuth 」 一覧

Fixing OAuth?

On the 14th and 15th of July, we had the OAuth Security Workshop 2016 at the University of Trier. Further, we had a IETF 96 side meeting on OAuth security at 18:20 in the beautiful Café am Neuen See to further discuss it. …

JWS, JWT, and others now RFC!

  2015/05/20    identity, OAuth , , , ,

It has taken soooo long [1], but JSON Web Signature (JWS), JSON Web Token (JWT) , together with other JW* suite finally are Standard Track RFC[2] now. They are [RFC7515] and [RFC7519] respectively. For those of you who are not familiar with JWS and …

Registered Token Profile for OAuth 2.0

  2012/08/03    identity, OAuth, OpenID Connect , , , ,

So, ID Token in OpenID connect is audience restricted to the client while the OAuth bearer access token is audience restricted to the protected resource. It is a bearer. It can be used by anybody. It is a common model …

The relationship between endpoint responses and response_type, scope pair

So it seems there is a little bit of confusion around what needs to be returned from which endpoint among the readers of OpenID Connect specification. It actually is pretty clear if you understand what OAuth 2.0 response_type parameter is, …

no image

OpenID Connect in a nutshell

When you read the OpenID Connect Specifications, you might feel a little bit intimidated. That’s because they are written in “spec language” and they deal with corner cases, etc.  Yet when you translate them into normal English and just concentrate on a “simple case”, it …

no image

Call for nominations for the Kantara Initiative 2011 IDDY (IDentity Deployment of the Year) Awards

  2010/10/27    identity , , ,

The call for nominations for the 2011 IDDY (IDentity Deployment of the Year) Awards is now open! Kantara Initiative is excited to continue this awards program for the fifth year. We encourage you to refer partners and organizations that could be good candidates …

no image

Identify Conference #7

  2010/06/25    identity , ,

Today, we had the 7th Identity Conference (aka IdCon #7) at Yahoo! Japan. It started at 7pm Japan Time. Detail of the conference is here. (Sorry – only Japanese) and hash tag was #idcon7. You can see the tweets here. …

no image

OpenID TechNight #6

  2010/05/29    identity , , ,

“OpenID TechNight vol.6”, a technical seminar hosted by OpenID Foundation Japan (OIDF-J) took place on May 28, 2010 at NRI. Here is the summary: Introduction – Tatsuya Katsuhara (NRI) Some introduction to Identity and Web Identity Technology, the history of …

no image

OAuth 2.0 Mobile WebApp Flow

  2010/05/26    identity

In February, I have posted an article about oauth_wrap mobile webapp profile. Now that it is unified to OAuth 2.0 drafts, here is another shot: I have further simplified the flow by talking to Breno and John. Here it is: …