用於 OAuth 用戶端授權許可的 JSON Web 記號 (JWT)

https://www.ibm.com/support/knowledgecenter/zh-tw/SSD28V_9.0.0/com.ibm.websphere.wlp.core.doc/ae/cwlp_jwttoken.html

張貼在 未分類 | 發表留言

oauth jwt bearer 12

https://tools.ietf.org/html/draft-ietf-oauth-jwt-bearer-12

張貼在 未分類 | 發表留言

OAuth2 Framework Initiative

OAuth2 Framework Initiative

This project aims to provide all the necessary elements for the creation of an authorization server based on the OAuth2 protocol.

Below is a list of components available to you:

Access Token Management :
Access Token based on Json Web Tokens (JWT)
Access Token based on a random string
Possibility of using another manager
Types of Tokens:
Bearer Access Token ( RFC6750 )
MAC Access Token ( IETF draft 02 only ) – Implementation is stopped. It will be preferable to use the POP Access Tokens as soon as they are available
Possibility of using another type of Tokens
[X] Scopes Manager ( RFC6749, Section 3.3 )
Application of policy if no scope is requested
Doing nothing
Issue an error
Assign default scope (s)
Possibility to use a customized policy
Client Manager:
Public Clients ( RFC6749, Section 2.1 ) – Seenone
Clients with Password ( RFC6749, Section 2.3.1 )
HTTP Basic Authentication ( RFC2617 and RFC7617 ) – Seeclient_secret_basic
JWT Assertion Authentication (the password as a shared key) ( OpenID Connect Core ) – Seeclient_secret_jwt
Password Authentication in the Query Body – Seeclient_secret_post
Customers with assertion SAML ( RFC7521 and RFC7522 )
Customers with assertion JWT ( RFC7521 and RFC7523 ) – Seeprivate_key_jwt
Possibility of using other authentication mechanisms
Entry Points:
Authorization ( RFC6749, Section 3.1 )
Token ( RFC6749, Section 3.2 )
Token Revocation ( RFC7009 )
Token Introspection ( RFC7662 )
Dynamic Customer Registration ( RFC7591 )
Dynamic Client Configuration ( RFC7592 )
metadata
Signature / encryption keys
User information ( Userinfo)
IFrame for managing the user session
Issuer Discovery
Authorization:

Authorization Code ( RFC6749, Section 4.1 )
Proof Key for Code Exchange by OAuth Public Clients ( RFC7636 )
Plain
S256
Possibility of using other methods
Implicit ( RFC6749, Section 4.2 )
Resource Owner Password Credentials ( RFC6749, Section 4.3 )
Client credentials ( RFC6749, Section 4.4 )
Refresh Token ( RFC6749, Section 6 )
SAML Bearer Token ( RFC7521 and RFC7522 )
JWT Bearer Token ( RFC7521 and RFC7523 )
Possibility of using other authorization flows
Partial implementation:

Threat Model and Security Consideration ( RFC6819 )
Planned integration:

POP Access Token ( Proof-of-Possession (PoP) Security Architecture , Proof-of-Possession: Authorization Server to Client Key Distribution and Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs )
A Method for Signing an HTTP Requests for OAuth
Token Exchange: An STS for the REST of Us

張貼在 未分類 | 發表留言

Information Security Updates September 20, 2016

https://www.bis.doc.gov/informationsecurity2016-updates

張貼在 未分類 | 發表留言

OpenID Connect

https://wiki.mozilla.org/Security/Guidelines/OpenID_Connect

張貼在 未分類 | 發表留言

vr tracker

https://hackaday.io/project/8853-vr-tracker

張貼在 未分類 | 發表留言

building an app using amazon cognito and an openid connect identity provider

https://aws.amazon.com/tw/blogs/security/building-an-app-using-amazon-cognito-and-an-openid-connect-identity-provider/

張貼在 未分類 | 發表留言