Torsten Lodderstedt’s excellent blog titled “Transaction Authorization or why we need to re-think OAuth scopes” has been floating around for a few weeks. I always meant to have
On the 14th and 15th of July, we had the OAuth Security Workshop 2016 at the University of Trier. Further, we had a IETF 96 side meeting on OAuth security
It has taken soooo long [1], but JSON Web Signature (JWS), JSON Web Token (JWT) , together with other JW* suite finally are Standard Track RFC[2] now. They are [RFC7515] and [RFC7519]
So, ID Token in OpenID connect is audience restricted to the client while the OAuth bearer access token is audience restricted to the protected resource. It is a
So it seems there is a little bit of confusion around what needs to be returned from which endpoint among the readers of OpenID Connect specification. It actually
When you read the OpenID Connect Specifications, you might feel a little bit intimidated. That’s because they are written in “spec language” and they deal with corner cases, etc. Yet when
The call for nominations for the 2011 IDDY (IDentity Deployment of the Year) Awards is now open! Kantara Initiative is excited to continue this awards program for the fifth year.
Today, we had the 7th Identity Conference (aka IdCon #7) at Yahoo! Japan. It started at 7pm Japan Time. Detail of the conference is here. (Sorry – only
“OpenID TechNight vol.6”, a technical seminar hosted by OpenID Foundation Japan (OIDF-J) took place on May 28, 2010 at NRI. Here is the summary: Introduction – Tatsuya Katsuhara
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok
