Auflistung nach Schlagwort "OpenID Connect"
1 - 5 von 5
Treffer pro Seite
Sortieroptionen
- KonferenzbeitragIntegration of Self-Sovereign Identity into Conventional Software using Established IAM Protocols: A Survey(Open Identity Summit 2022, 2022) Kuperberg, Michael; Klemens, RobinSelf-Sovereign Identity (SSI) is an approach based on asymmetric cryptography and on decentralized, user-controlled exchange of signed assertions. Most SSI implementations are not based on hierarchic certification schemas, but rather on the peer-to-peer and distributed “web of trust” without root or intermediate CAs. As SSI is a nascent technology, the adoption of vendor-independent SSI standards into existing software landscapes is at an early stage. Conventional enterprise-grade IAM implementations and cloud-based Identity Providers rely on widely established pre-SSI standards, and both will not be replaced by SSI offerings in the next few years. The contribution of this paper is an analysis of patterns and products to bridge unmodified pre-SSI applications and conventional IAM with SSI implementations. Our analysis covers 40+ SSI implementations and major authentication protocols such as OpenID Connect and LDAP.
- KonferenzbeitragOIDC-Agent: Managing OpenID Connect Tokens on the Command Line(SKILL 2018 - Studierendenkonferenz Informatik, 2018) Zachmann, GabrielOpenID Connect is widely used in Authentication and Authorization Infrastructures including the infrastructures of multiple EU projects like INDIGO -DataCloud, the Human Brain Project or the European Open Science Cloud. Due to their nature, OpenID Connect Access Tokens are currently not straightforward to use from the command line. They have a high character count and are short lived. Therefore, they de facto have to be copied from a source providing the access token, most likely a web service. Considering this insufficient usability from the command line, our goal was to overcome this by developing a tool to manage OpenID Connect tokens. We present the design of this tool named oidc-agent and possible usages. The design is oriented at the ssh-agent, providing the user a familiar way to handle OpenID Connect tokens. By splitting the whole service into multiple components we also ensure privilege separation. We implemented a daemon to manage OpenID Connect tokens (oidc-agent), a tool for generating agent account conĄgurations (oidc-gen) and a tool for loading and unloading these configurations from the agent (oidc-add). Additionally, we provide application programming interfaces for agent clients through C and UNIX domain sockets. We also provide an example agent client (oidc-token) that can be used to easily get an access token from oidc-agent using the command line. Therefore, users do not need to handle long, unhandy access tokens, but the application can obtain an access-token through oidc-agent when needed. All components can be freely used and are available on GitHub under the MIT license.
- TextdokumentTowards Privacy-Preserving and User-Centric Identity Management as a Service(Open Identity Summit 2017, 2017) Dash, Pritam; Rabensteiner, Christof; Hörandner, Felix; Roth, SimonIdentification, authentication and the exchange of users’ identity information are key factors in protecting access to online services. Especially cost-effectiveness is a considerable incentive to move identity management models into the public cloud. As cloud environments are not fully trusted, the users’ sensitive attributes must not be stored or transmitted in plain, while it still has to be possible to share them. One approach is to employ proxy re-encryption, which enables the identity provider to transform a user’s encrypted attributes into ciphertext for an authorized service provider. However, for adoption, the user’s perspective must not be neglected. In this paper, we propose a user-friendly and user-centric identity management solution that employs cryptographic mechanisms to protect the users’ privacy and keep them in control of the data sharing process. We integrate proxy re-encryption into the widely-adopted OpenID Connect protocol to achieve end-to-end confidentiality. To make this concept user-friendly, we introduce a mobile app that handles the involved cryptographic operations which rely on keys securely stored in a trusted execution environment.
- TextdokumentTowards secure and standard-compliant implementations of the PSD2 Directive(Open Identity Summit 2017, 2017) Wich, Tobias; Nemmert, Daniel; Hühnlein, DetlefThe present article provides a compact overview of the most important requirements of the so-called “Payment Services Directive 2” (PSD2) [Di15], together with the related Regulatory Technical Standard on authentication and communication [Eu17] according to Article 98, and outlines how the pivotal “Access-to-Account-Interface” can be securely implemented based on widely acknowledged international standards.
- KonferenzbeitragTowards Universal Login(Open Identity Summit 2020, 2020) Hühnlein, Detlef; Hühnlein, Tina; Hornung, Gerrit; Strack, HermannThe present paper provides an overview of existing protocols and infrastructures for Identity Management on the Internet and discusses potential paths towards integrating the different approaches in a user centric manner into a “Universal Login” infrastructure, which allows Users to manage their authentication preferences and Service Providers to integrate with Identity Providers in an easy manner.