Fixing OAuth?

On the 14th and 15th of July, we had the OAuth Security Workshop 2016 at the University of Trier. Further, we had a IETF 96 side meeting on OAuth security at 18:20 in the beautiful Café am Neuen See to further discuss it. Below is the summery of what I got as the take  away of these meetings. […]

JWS, JWT, and others now RFC!

It has taken soooo long [1], but JSON Web Signature (JWS), JSON Web Token (JWT) , together with other JW* suite finally are Standard Track RFC[2] now. They are [RFC7515] and [RFC7519] respectively. For those of you who are not familiar with JWS and JWT: JWS is a digital signature standard for JSON, a JSON version of XML Signature […]

OpenID Connect in a nutshell

When you read the OpenID Connect Specifications, you might feel a little bit intimidated. That’s because they are written in “spec language” and they deal with corner cases, etc.  Yet when you translate them into normal English and just concentrate on a “simple case”, it becomes quite simple. So, here we go! (OK, much of the text is the same […]

Identify Conference #7

Today, we had the 7th Identity Conference (aka IdCon #7) at Yahoo! Japan. It started at 7pm Japan Time. Detail of the conference is here. (Sorry – only Japanese) and hash tag was #idcon7. You can see the tweets here. (Again, sorry for being only in Japanese.) We had talks on OAuth 2.0(=ritou), OpenID/AB(=nat), Twitter […]

OpenID TechNight #6

“OpenID TechNight vol.6”, a technical seminar hosted by OpenID Foundation Japan (OIDF-J) took place on May 28, 2010 at NRI. Here is the summary: Introduction – Tatsuya Katsuhara (NRI) Some introduction to Identity and Web Identity Technology, the history of OpenID and OAuth etc. OpenID Sessions OpenID and Extensions: Nobu Matake, Chair, OIDF-J Translation/Education […]