SlideShare une entreprise Scribd logo

Digital Identity

ZendCon
ZendCon

OpenID and Information Cards are two of the most prominent emerging identity technologies. It is important that you understand the benefits, usage and differences between them in order prepare for the future, even when not ready to deploy them. During this presentation we will examine what digital identities are and specifically what each of these technologies is.

Technologie
1  sur  56
Télécharger pour lire hors ligne
Digital Identity Rob Richards September 17, 2008 http://xri.net/=rob.richards
What is a Digital Identity? • Digital representation of claims about an entity – Domain name – email address – username – I-name • Claims can be made by or about the entity • No built-in assumption of trust 2
Who Am I? =rob.richards jbobhick Jimbob Hick ab3544...@nyms.net Rob Richards Caribou, Maine <personal email> <address> <telephone> rob@mashery.com Rob Richards Sr. Software Architect http://rrichards.pip.verisignlabs.com/ 3
What's the Problem? • Username/Password juggling • Information is being stored – Concerns over privacy issues – Security concerns / Identity Theft • User has no idea who/what is using their information • Continual re-invention of authentication mechanisms • Granting access to personal data to another party *** Sep 17th 2008 *** http://www.enews20.com/ news_Norwegian_tax_authority_mistakenly_leaks_sensitive_data_11597.html 4
7 Laws of Identity • User Control and Consent • Minimal Disclosure for a Constrained Use • Justifiable Parties • Directed Identity • Pluralism of Operators and Technologies • Human Integration • Consistent Experience Across Contexts Kim Cameron, quot;Laws of Identityquot;, http://www.identityblog.com/?page_id=354 5
Identity Context Examples • Browsing: self-asserted identity for exploring the Web (giving away no real data)‫‏‬ • Personal: self-asserted identity for sites with which I want an ongoing private relationship (including my name and a long-term e-mail address)‫‏‬ • Community: a public identity for collaborating with others • Professional: a public identity for collaborating issued by my employer • Credit card: an identity issued by my financial institution • Citizen: an identity issued by my government Kim Cameron, quot;Laws of Identityquot;, http://www.identityblog.com/?page_id=354 6
OpenID and Information Cards • Allow for Single Sign On • Decentralized – No one entity in control – User has choice and freedom • User-Centric – User is in control of data – User aware of information exchange • Possible reduction in amount of personal information a remote site would need to store • Potential to increase the Web experience while maintaining User privacy 7
Common Terminology • Subject – Entity referenced by identity • Digital Identity – Set of claims made by one digital subject about itself or another • Relying Party (RP) – Site requesting identity • Identity Provider (IdP) / OpenID Provider (OP) – Service that provides or maintains identity information 8
OpenID • URL based – http://rrichards.pip.verisignlabs.com/ – =rob.richards (http://xri.net/=rob.richards)‫‏‬ • Not Machine Dependent • Based on Simplicity – HTTP/S – URLs • PHP Libraries (There are More . . .)‫‏‬ – PHP OpenID library (http://www.openidenabled.com/php-openid/)‫‏‬ – Zend (http://framework.zend.com/manual/en/zend.openid.html) – OpenID for PHP (http://www.openidforphp.org/) 9
OpenID Interaction Based on OpenID 1.1 Relying Party locates User Submits ID Identity Provider (IP)‫‏‬ Relying Party Relying Party Redirects User to IP Establishes Association User Authenticates IP Redirects back Against IP to Relying Party Relying Party Evaluates Response 10
OpenID Validation Example
12
OpenID Verification 13
User Trust Consent 14
OpenID validated 15
OpenID 2.0 • Extension Support – namespaced extensions • Attribute Exchange Extension – Extensible attribute support – Identity Provider can be asked to store certain attributes • HTTP POST Support – No longer limited to URL length – Larger Requests and Responses • Directed Identity – URL can identity Identity Provider – Identity Provider determines what ID to send to Relying Party • Official i-name Support 16
OpenID: Potential Issues • Phishing / Pharming • Cross-Site Scripting (XSS) / Cross-Site Request Forgery (CSRF) – Feature to trust sites and not require login – Attacker could access sites unbeknownst to user • DNS Poisoning • Web Page Defacement • Realm Spoofing – Open Redirect Servers – XSS exploited • ID recycling • Your provider knows every site you use your id on 17
Information Cards: Identities Identities represented as cards in a wallet – Self Asserted – Managed (Third Party provided)‫‏‬ 18
Information Cards: Selectors CardSpace != Information Cards Information Cards are not Microsoft specific 19
Information Cards • Identifier is unique amongst parties – Distinct digital key for each realm • Protections again Phishing – Visual indicators of previous interactions – x509 certificate checking • Complex Technologies – SAML – WS-Security / WS-Policy / WS-Trust – x509 20
Information Cards: Making Claims 21
Information Cards Interaction Source: David Chappell quot;Introducing Windows CardSpacequot; April 2006 22
Information Card Validation Example 23
Information Card Login 24
Site Information 25
Select or Create Card 26
Preview Information To Be Sent 27
Information Card Validated 28
InfoCard Selector Initiation <form id=quot;infocardquot; method=quot;postquot; action=quot;serendipity_admin.phpquot;> <center> <img src=quot;/infocard/infocard.pngquot; onClick=quot;infocard.submit()quot;/> </center> <OBJECT type=quot;application/x-informationCardquot; name=quot;xmlTokenquot;> <PARAM Name=quot;tokenTypequot; Value=quot;urn:oasis:names:tc:SAML:1.0:assertionquot;> <PARAM Name=quot;requiredClaimsquot; Value=quot;http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressquot; /> </OBJECT> </form> 29
InfoCard: PHP Code http://www.cdatazone.org/index.php?/pages/source.html • My own code – xmlseclibs.php • XMLDSig / XMLENC – infocard-lib.php • Decrypts submitted XML Token • Verifies Signed SAML Token • Parses Assertions • Zend_Infocard – http://framework.zend.com/manual/en/zend.infocard.html – Included with 1.5 release 30
Submitted Token <enc:EncryptedData xmlns:enc=quot;...xmlenc#quot; Type=quot;...xmlenc#Elementquot;> <enc:EncryptionMethod Algorithm=quot;...xmlenc#aes256-cbcquot; /> <ds:KeyInfo xmlns:ds=quot;http://www.w3.org/2000/09/xmldsig#quot;> <enc:EncryptedKey> <enc:EncryptionMethod Algorithm=quot;...xmlenc#rsa-oaep-mgf1pquot;> <ds:DigestMethod Algorithm=quot;...xmldsig#sha1quot; /> </enc:EncryptionMethod> <ds:KeyInfo> <wsse:SecurityTokenReference xmlns:wsse=quot;...ssecurity-secext-1.0.xsdquot;> <wsse:KeyIdentifier ValueType=quot;. . .#ThumbprintSHA1quot; EncodingType=quot;. . .#Base64Binaryquot;>7SSj. . .</wsse:KeyIdentifier> </wsse:SecurityTokenReference> </ds:KeyInfo> <enc:CipherData> . . .</enc:CipherData> </enc:EncryptedKey> </ds:KeyInfo> <enc:CipherData>. . .</enc:CipherData> </enc:EncryptedData> 31
Decrypted Self-Asserted Card <saml:Attribute AttributeName=quot;emailaddressquot; AttributeNamespace=quot;. . ./identity/claimsquot;> <saml:AttributeValue>rrichards@php.net</saml:AttributeValue> </saml:Attribute> <saml:Attribute AttributeName=quot;givennamequot; AttributeNamespace=quot;http://schemas.xmlsoap.org/ws/2005/05/identity/claimsquot;> <saml:AttributeValue>Rob</saml:AttributeValue> </saml:Attribute> <saml:Attribute AttributeName=quot;surnamequot; AttributeNamespace=quot;. . ./identity/claimsquot;> <saml:AttributeValue>Richards</saml:AttributeValue> </saml:Attribute> <saml:Attribute AttributeName=quot;privatepersonalidentifierquot; AttributeNamespace=quot;. . ./ identity/claimsquot;> <saml:AttributeValue>mzhu+UCL. . .</saml:AttributeValue> </saml:Attribute> 32
Information Cards: Into The Future 33
Information Card Issues • Still in infancy – Few number of selectors – Differing functionality between selectors – Small numbers in production • CardStore not easily transportable • Third party applications required for non Windows systems • Third party applications/plugins required • More difficult to implement than most Identity technologies 34
Digital Identity: What Are You Using It For? • Identity for public or private use? • Is it a part of a reputation? • How valuable is the data to be protected? • What are the individual privacy concerns? • Consequences if a users identity is compromised? 35
OAuth
OAuth API Authorization Delegation 37
OAuth: The Problem 38
OAuth: The Problem Stop Asking For My User Credentials! 39
OAuth: What Is It? Allows a User to grant access to private resources to another entity without giving away the keys to the Kingdom Master Key User Service Provider Consumer 40
OAuth • OAuth Is Not OpenID – Shares common technologies – Workflow Appears similar • Consumer needs to be known to Service Provider • Token Based – Tokens identify the consumer – Tokens identify the combination of user and consumer – Tokens can be given a lifespan – Tokens can be revoked 41
OAuth Security • Requests are signed – Plaintext – HMAC-SHA1 – RSA-SHA1 • Tokens are passed – No sharing of username/password – Tokens can be revoked • Requests pass timestamps – Provides validity timeframe – Can help prevent replay attacks • Nonce can be used – prevent replay attacks 42
OAuth: Access Protected Resource http://api.getsatisfaction.com/me AccessDeniedError 43
OAuth: Consumer Registration • Consumer provides information to Service Provider – Name – URL – Description • Consumer receives unique identifier (Consumer Key) • Information for Signature is shared – Shared secrect (Consumer Secret) – Consumer Public Key for use in RSA-SHA1 verification • Request and Access token endpoints made known 44
OAuth: Consumer Registration 45
OAuth: Consumer Registration 46
OAuth: Get Request Token http://getsatisfaction.com/api/request_token? oauth_consumer_key=qw0xx50kxx29 &oauth_nonce=15865e53dbe0c4d4f13d9c2296c49fd8ba7384 &oauth_signature=kwwh%2BMO21uExLTAn25jFwLhZfys%3D &oauth_signature_method=HMAC-SHA1 &oauth_timestamp=1221478575 &oauth_version=1.0 47
OAuth: Get Request Token (SP Response) oauth_token=2147xxxxvz0i &oauth_token_secret=xuxxtmxxxxxxx60bbn8worxxxxxxxcr1 48
OAuth: User Authorization http://getsatisfaction.com/api/authorize? oauth_token=pspiu7gw5faq &oauth_callback=http%3A%2F%2Fcdatazone.org %2Fexample%2Ftest.php 49
OAuth: User Authorization 50
OAuth: User Authorization (SP Redirect) http://www.cdatazone.org/example/test.php? oauth_token=pspiu7gw5faq 51
OAuth: Get Access Token http://getsatisfaction.com/api/access_token? oauth_consumer_key=qw0xx50kxx29 &oauth_nonce=be2ca738ccd024a9524d4eb090c1375b9953 &oauth_signature=2jSjj%2BjqlrxEbvbrxy0HboHrhr0%3D &oauth_signature_method=HMAC-SHA1 &oauth_timestamp=1221480066 &oauth_token=pspiu7gw5faq &oauth_version=1.0 52
OAuth: Get Access Token (SP Response) oauth_token=s8xxxjxixxxu &oauth_token_secret=powxhxxxxxxxw9m457xxxxxxxjom2o 53
OAuth: Access Protected Resource http://api.getsatisfaction.com/me? oauth_consumer_key=qw0xx50kxx29 &oauth_nonce=33cc986c57ee57689665ef331058cacacda6ab &oauth_signature=cWVX7QHX9FedI29fGiw99msSPfA%3D &oauth_signature_method=HMAC-SHA1 &oauth_timestamp=1221480525 &oauth_token=s8xxxjxixxxu &oauth_version=1.0 54
OAuth: Access Protected Resource 55
Questions? Digital Identity Rob Richards http://xri.net/=rob.richards www.cdatazone.org

Recommandé

Codemash-2017
Codemash-2017Codemash-2017
Codemash-2017Kevin Cody
 
Stateless token-based authentication for pure front-end applications
Stateless token-based authentication for pure front-end applicationsStateless token-based authentication for pure front-end applications
Stateless token-based authentication for pure front-end applicationsAlvaro Sanchez-Mariscal
 
CIS14: Working with OAuth and OpenID Connect
CIS14: Working with OAuth and OpenID ConnectCIS14: Working with OAuth and OpenID Connect
CIS14: Working with OAuth and OpenID ConnectCloudIDSummit
 
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tkOAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tkNov Matake
 
Bitcoins
BitcoinsBitcoins
BitcoinsTushant sharma
 
OpenID Connect - An Emperor or Just New Cloths?
OpenID Connect - An Emperor or Just New Cloths?OpenID Connect - An Emperor or Just New Cloths?
OpenID Connect - An Emperor or Just New Cloths?Oliver Pfaff
 
Bitcoins
BitcoinsBitcoins
BitcoinsTushant sharma
 
DDD Melbourne 2019 : Modern Authentication 101
DDD Melbourne 2019 : Modern Authentication 101DDD Melbourne 2019 : Modern Authentication 101
DDD Melbourne 2019 : Modern Authentication 101Dasith Wijesiriwardena
 

Recommandé

Codemash-2017
Codemash-2017Codemash-2017
Codemash-2017Kevin Cody
 
Stateless token-based authentication for pure front-end applications
Stateless token-based authentication for pure front-end applicationsStateless token-based authentication for pure front-end applications
Stateless token-based authentication for pure front-end applicationsAlvaro Sanchez-Mariscal
 
CIS14: Working with OAuth and OpenID Connect
CIS14: Working with OAuth and OpenID ConnectCIS14: Working with OAuth and OpenID Connect
CIS14: Working with OAuth and OpenID ConnectCloudIDSummit
 
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tkOAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tkNov Matake
 
Bitcoins
BitcoinsBitcoins
BitcoinsTushant sharma
 
OpenID Connect - An Emperor or Just New Cloths?
OpenID Connect - An Emperor or Just New Cloths?OpenID Connect - An Emperor or Just New Cloths?
OpenID Connect - An Emperor or Just New Cloths?Oliver Pfaff
 
Bitcoins
BitcoinsBitcoins
BitcoinsTushant sharma
 
DDD Melbourne 2019 : Modern Authentication 101
DDD Melbourne 2019 : Modern Authentication 101DDD Melbourne 2019 : Modern Authentication 101
DDD Melbourne 2019 : Modern Authentication 101Dasith Wijesiriwardena
 
KYC using Blockchain
KYC using BlockchainKYC using Blockchain
KYC using Blockchainijtsrd
 
OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)Torsten Lodderstedt
 
Understanding OpenID
Understanding OpenIDUnderstanding OpenID
Understanding OpenIDPrabath Siriwardena
 
Getting Started with FIDO2
Getting Started with FIDO2Getting Started with FIDO2
Getting Started with FIDO2FIDO Alliance
 
NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security Recommendations NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security Recommendations Torsten Lodderstedt
 
Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2Justin Richer
 
A Storage Story #ChefConf2013
A Storage Story #ChefConf2013A Storage Story #ChefConf2013
A Storage Story #ChefConf2013Kyle Bader
 
Oracle Compute Cloud Service介绍
Oracle Compute Cloud Service介绍Oracle Compute Cloud Service介绍
Oracle Compute Cloud Service介绍Zhaoyang Wang
 
Zend_Tool: Practical use and Extending
Zend_Tool: Practical use and ExtendingZend_Tool: Practical use and Extending
Zend_Tool: Practical use and ExtendingZendCon
 
PHP on IBM i Tutorial
PHP on IBM i TutorialPHP on IBM i Tutorial
PHP on IBM i TutorialZendCon
 
MySQL in your laptop
MySQL in your laptopMySQL in your laptop
MySQL in your laptopGiuseppe Maxia
 
Why MySQL High Availability Matters
Why MySQL High Availability MattersWhy MySQL High Availability Matters
Why MySQL High Availability MattersMark Swarbrick
 
Oracle cloud ravello介绍及测试账户申请
Oracle cloud ravello介绍及测试账户申请Oracle cloud ravello介绍及测试账户申请
Oracle cloud ravello介绍及测试账户申请Zhaoyang Wang
 
Tiery Eyed
Tiery EyedTiery Eyed
Tiery EyedZendCon
 
Framework Shootout
Framework ShootoutFramework Shootout
Framework ShootoutZendCon
 
PHP and Platform Independance in the Cloud
PHP and Platform Independance in the CloudPHP and Platform Independance in the Cloud
PHP and Platform Independance in the CloudZendCon
 
Zend Core on IBM i - Security Considerations
Zend Core on IBM i - Security ConsiderationsZend Core on IBM i - Security Considerations
Zend Core on IBM i - Security ConsiderationsZendCon
 
Oracle cloud 使用云市场快速搭建小型电商网站
Oracle cloud 使用云市场快速搭建小型电商网站Oracle cloud 使用云市场快速搭建小型电商网站
Oracle cloud 使用云市场快速搭建小型电商网站Zhaoyang Wang
 
Solving the C20K problem: Raising the bar in PHP Performance and Scalability
Solving the C20K problem: Raising the bar in PHP Performance and ScalabilitySolving the C20K problem: Raising the bar in PHP Performance and Scalability
Solving the C20K problem: Raising the bar in PHP Performance and ScalabilityZendCon
 
MySQL Manchester TT - Security
MySQL Manchester TT - SecurityMySQL Manchester TT - Security
MySQL Manchester TT - SecurityMark Swarbrick
 
MySQL Optimizer Overview
MySQL Optimizer OverviewMySQL Optimizer Overview
MySQL Optimizer OverviewOlav Sandstå
 
MySQL Manchester TT - Replication Features
MySQL Manchester TT - Replication FeaturesMySQL Manchester TT - Replication Features
MySQL Manchester TT - Replication FeaturesMark Swarbrick
 

Contenu connexe

Tendances

KYC using Blockchain
KYC using BlockchainKYC using Blockchain
KYC using Blockchainijtsrd
 
OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)Torsten Lodderstedt
 
Getting Started with FIDO2
Getting Started with FIDO2Getting Started with FIDO2
Getting Started with FIDO2FIDO Alliance
 
NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security Recommendations NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security Recommendations Torsten Lodderstedt
 
Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2Justin Richer
 

Tendances (6)

KYC using Blockchain
KYC using BlockchainKYC using Blockchain
KYC using Blockchain
 
OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)
 
Understanding OpenID
Understanding OpenIDUnderstanding OpenID
Understanding OpenID
 
Getting Started with FIDO2
Getting Started with FIDO2Getting Started with FIDO2
Getting Started with FIDO2
 
NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security Recommendations NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security Recommendations
 
Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2
 

En vedette

A Storage Story #ChefConf2013
A Storage Story #ChefConf2013A Storage Story #ChefConf2013
A Storage Story #ChefConf2013Kyle Bader
 
Oracle Compute Cloud Service介绍
Oracle Compute Cloud Service介绍Oracle Compute Cloud Service介绍
Oracle Compute Cloud Service介绍Zhaoyang Wang
 
Zend_Tool: Practical use and Extending
Zend_Tool: Practical use and ExtendingZend_Tool: Practical use and Extending
Zend_Tool: Practical use and ExtendingZendCon
 
PHP on IBM i Tutorial
PHP on IBM i TutorialPHP on IBM i Tutorial
PHP on IBM i TutorialZendCon
 
Why MySQL High Availability Matters
Why MySQL High Availability MattersWhy MySQL High Availability Matters
Why MySQL High Availability MattersMark Swarbrick
 
Oracle cloud ravello介绍及测试账户申请
Oracle cloud ravello介绍及测试账户申请Oracle cloud ravello介绍及测试账户申请
Oracle cloud ravello介绍及测试账户申请Zhaoyang Wang
 
Tiery Eyed
Tiery EyedTiery Eyed
Tiery EyedZendCon
 
Framework Shootout
Framework ShootoutFramework Shootout
Framework ShootoutZendCon
 
PHP and Platform Independance in the Cloud
PHP and Platform Independance in the CloudPHP and Platform Independance in the Cloud
PHP and Platform Independance in the CloudZendCon
 
Zend Core on IBM i - Security Considerations
Zend Core on IBM i - Security ConsiderationsZend Core on IBM i - Security Considerations
Zend Core on IBM i - Security ConsiderationsZendCon
 
Oracle cloud 使用云市场快速搭建小型电商网站
Oracle cloud 使用云市场快速搭建小型电商网站Oracle cloud 使用云市场快速搭建小型电商网站
Oracle cloud 使用云市场快速搭建小型电商网站Zhaoyang Wang
 
Solving the C20K problem: Raising the bar in PHP Performance and Scalability
Solving the C20K problem: Raising the bar in PHP Performance and ScalabilitySolving the C20K problem: Raising the bar in PHP Performance and Scalability
Solving the C20K problem: Raising the bar in PHP Performance and ScalabilityZendCon
 
MySQL Manchester TT - Security
MySQL Manchester TT - SecurityMySQL Manchester TT - Security
MySQL Manchester TT - SecurityMark Swarbrick
 
MySQL Optimizer Overview
MySQL Optimizer OverviewMySQL Optimizer Overview
MySQL Optimizer OverviewOlav Sandstå
 
MySQL Manchester TT - Replication Features
MySQL Manchester TT - Replication FeaturesMySQL Manchester TT - Replication Features
MySQL Manchester TT - Replication FeaturesMark Swarbrick
 
Oracle Compute Cloud Service快速实践
Oracle Compute Cloud Service快速实践Oracle Compute Cloud Service快速实践
Oracle Compute Cloud Service快速实践Zhaoyang Wang
 
MySQL Tech Tour 2015 - 5.7 Connector/J/Net
MySQL Tech Tour 2015 - 5.7 Connector/J/NetMySQL Tech Tour 2015 - 5.7 Connector/J/Net
MySQL Tech Tour 2015 - 5.7 Connector/J/NetMark Swarbrick
 
PHP on Windows - What's New
PHP on Windows - What's NewPHP on Windows - What's New
PHP on Windows - What's NewZendCon
 

En vedette (20)

A Storage Story #ChefConf2013
A Storage Story #ChefConf2013A Storage Story #ChefConf2013
A Storage Story #ChefConf2013
 
Oracle Compute Cloud Service介绍
Oracle Compute Cloud Service介绍Oracle Compute Cloud Service介绍
Oracle Compute Cloud Service介绍
 
Zend_Tool: Practical use and Extending
Zend_Tool: Practical use and ExtendingZend_Tool: Practical use and Extending
Zend_Tool: Practical use and Extending
 
PHP on IBM i Tutorial
PHP on IBM i TutorialPHP on IBM i Tutorial
PHP on IBM i Tutorial
 
MySQL in your laptop
MySQL in your laptopMySQL in your laptop
MySQL in your laptop
 
Why MySQL High Availability Matters
Why MySQL High Availability MattersWhy MySQL High Availability Matters
Why MySQL High Availability Matters
 
Oracle cloud ravello介绍及测试账户申请
Oracle cloud ravello介绍及测试账户申请Oracle cloud ravello介绍及测试账户申请
Oracle cloud ravello介绍及测试账户申请
 
Tiery Eyed
Tiery EyedTiery Eyed
Tiery Eyed
 
Framework Shootout
Framework ShootoutFramework Shootout
Framework Shootout
 
PHP and Platform Independance in the Cloud
PHP and Platform Independance in the CloudPHP and Platform Independance in the Cloud
PHP and Platform Independance in the Cloud
 
Zend Core on IBM i - Security Considerations
Zend Core on IBM i - Security ConsiderationsZend Core on IBM i - Security Considerations
Zend Core on IBM i - Security Considerations
 
Oracle cloud 使用云市场快速搭建小型电商网站
Oracle cloud 使用云市场快速搭建小型电商网站Oracle cloud 使用云市场快速搭建小型电商网站
Oracle cloud 使用云市场快速搭建小型电商网站
 
Solving the C20K problem: Raising the bar in PHP Performance and Scalability
Solving the C20K problem: Raising the bar in PHP Performance and ScalabilitySolving the C20K problem: Raising the bar in PHP Performance and Scalability
Solving the C20K problem: Raising the bar in PHP Performance and Scalability
 
MySQL Manchester TT - Security
MySQL Manchester TT - SecurityMySQL Manchester TT - Security
MySQL Manchester TT - Security
 
MySQL Optimizer Overview
MySQL Optimizer OverviewMySQL Optimizer Overview
MySQL Optimizer Overview
 
MySQL Manchester TT - Replication Features
MySQL Manchester TT - Replication FeaturesMySQL Manchester TT - Replication Features
MySQL Manchester TT - Replication Features
 
Oracle Compute Cloud Service快速实践
Oracle Compute Cloud Service快速实践Oracle Compute Cloud Service快速实践
Oracle Compute Cloud Service快速实践
 
Script it
Script itScript it
Script it
 
MySQL Tech Tour 2015 - 5.7 Connector/J/Net
MySQL Tech Tour 2015 - 5.7 Connector/J/NetMySQL Tech Tour 2015 - 5.7 Connector/J/Net
MySQL Tech Tour 2015 - 5.7 Connector/J/Net
 
PHP on Windows - What's New
PHP on Windows - What's NewPHP on Windows - What's New
PHP on Windows - What's New
 

Similaire à Digital Identity

OpenID Tutorials
OpenID TutorialsOpenID Tutorials
OpenID TutorialsNao Haida
 
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer
 
TrustBearer - CTST 2009 - OpenID & Strong Authentication
TrustBearer - CTST 2009 - OpenID & Strong AuthenticationTrustBearer - CTST 2009 - OpenID & Strong Authentication
TrustBearer - CTST 2009 - OpenID & Strong AuthenticationTrustBearer
 
#OSSPARIS19 - MicroServices authentication and authorization with LemonLDAP::...
#OSSPARIS19 - MicroServices authentication and authorization with LemonLDAP::...#OSSPARIS19 - MicroServices authentication and authorization with LemonLDAP::...
#OSSPARIS19 - MicroServices authentication and authorization with LemonLDAP::...Paris Open Source Summit
 
[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG
[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG
[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NGWorteks
 
Gates Toorcon X New School Information Gathering
Gates Toorcon X New School Information GatheringGates Toorcon X New School Information Gathering
Gates Toorcon X New School Information GatheringChris Gates
 
Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...
Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...
Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...Kaliya "Identity Woman" Young
 
Returning to Online Privacy - W3C/ANU Future of the Web Roadshow 20190221
Returning to Online Privacy - W3C/ANU Future of the Web Roadshow 20190221Returning to Online Privacy - W3C/ANU Future of the Web Roadshow 20190221
Returning to Online Privacy - W3C/ANU Future of the Web Roadshow 20190221David Wood
 
Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon Kaliya "Identity Woman" Young
 
Re-using existing PKIs for online Identity Management
Re-using existing PKIs for online Identity ManagementRe-using existing PKIs for online Identity Management
Re-using existing PKIs for online Identity ManagementMartijn Oostdijk
 
FIDO Technical Specifications Overview
FIDO Technical Specifications OverviewFIDO Technical Specifications Overview
FIDO Technical Specifications OverviewFIDO Alliance
 
Xfocus xcon 2008_aks_oknock
Xfocus xcon 2008_aks_oknockXfocus xcon 2008_aks_oknock
Xfocus xcon 2008_aks_oknockownerkhan
 
Raising the dead to save the living
Raising the dead to save the livingRaising the dead to save the living
Raising the dead to save the livingJaredPeck
 
Building the Social Web with OpenID
Building the Social Web with OpenIDBuilding the Social Web with OpenID
Building the Social Web with OpenIDSimon Willison
 
Smart card emv for dummies
Smart card emv for dummiesSmart card emv for dummies
Smart card emv for dummiesBACKSEATRIDER
 
Is your mobile app as secure as you think?
Is your mobile app as secure as you think?Is your mobile app as secure as you think?
Is your mobile app as secure as you think?Matt Lacey
 
Authentication without Authentication - Peerlyst meetup
Authentication without Authentication - Peerlyst meetupAuthentication without Authentication - Peerlyst meetup
Authentication without Authentication - Peerlyst meetupSoluto
 
Practical Federated Identity
Practical Federated Identity Practical Federated Identity
Practical Federated Identity WSO2
 
TrialPay Security Tech Talk at Stanford ACM
TrialPay Security Tech Talk at Stanford ACMTrialPay Security Tech Talk at Stanford ACM
TrialPay Security Tech Talk at Stanford ACMhackingtrialpay
 
Authentication Without Authentication
Authentication Without AuthenticationAuthentication Without Authentication
Authentication Without AuthenticationSoluto
 

Similaire à Digital Identity (20)

OpenID Tutorials
OpenID TutorialsOpenID Tutorials
OpenID Tutorials
 
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
 
TrustBearer - CTST 2009 - OpenID & Strong Authentication
TrustBearer - CTST 2009 - OpenID & Strong AuthenticationTrustBearer - CTST 2009 - OpenID & Strong Authentication
TrustBearer - CTST 2009 - OpenID & Strong Authentication
 
#OSSPARIS19 - MicroServices authentication and authorization with LemonLDAP::...
#OSSPARIS19 - MicroServices authentication and authorization with LemonLDAP::...#OSSPARIS19 - MicroServices authentication and authorization with LemonLDAP::...
#OSSPARIS19 - MicroServices authentication and authorization with LemonLDAP::...
 
[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG
[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG
[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG
 
Gates Toorcon X New School Information Gathering
Gates Toorcon X New School Information GatheringGates Toorcon X New School Information Gathering
Gates Toorcon X New School Information Gathering
 
Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...
Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...
Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...
 
Returning to Online Privacy - W3C/ANU Future of the Web Roadshow 20190221
Returning to Online Privacy - W3C/ANU Future of the Web Roadshow 20190221Returning to Online Privacy - W3C/ANU Future of the Web Roadshow 20190221
Returning to Online Privacy - W3C/ANU Future of the Web Roadshow 20190221
 
Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon
 
Re-using existing PKIs for online Identity Management
Re-using existing PKIs for online Identity ManagementRe-using existing PKIs for online Identity Management
Re-using existing PKIs for online Identity Management
 
FIDO Technical Specifications Overview
FIDO Technical Specifications OverviewFIDO Technical Specifications Overview
FIDO Technical Specifications Overview
 
Xfocus xcon 2008_aks_oknock
Xfocus xcon 2008_aks_oknockXfocus xcon 2008_aks_oknock
Xfocus xcon 2008_aks_oknock
 
Raising the dead to save the living
Raising the dead to save the livingRaising the dead to save the living
Raising the dead to save the living
 
Building the Social Web with OpenID
Building the Social Web with OpenIDBuilding the Social Web with OpenID
Building the Social Web with OpenID
 
Smart card emv for dummies
Smart card emv for dummiesSmart card emv for dummies
Smart card emv for dummies
 
Is your mobile app as secure as you think?
Is your mobile app as secure as you think?Is your mobile app as secure as you think?
Is your mobile app as secure as you think?
 
Authentication without Authentication - Peerlyst meetup
Authentication without Authentication - Peerlyst meetupAuthentication without Authentication - Peerlyst meetup
Authentication without Authentication - Peerlyst meetup
 
Practical Federated Identity
Practical Federated Identity Practical Federated Identity
Practical Federated Identity
 
TrialPay Security Tech Talk at Stanford ACM
TrialPay Security Tech Talk at Stanford ACMTrialPay Security Tech Talk at Stanford ACM
TrialPay Security Tech Talk at Stanford ACM
 
Authentication Without Authentication
Authentication Without AuthenticationAuthentication Without Authentication
Authentication Without Authentication
 

Plus de ZendCon

I18n with PHP 5.3
I18n with PHP 5.3I18n with PHP 5.3
I18n with PHP 5.3ZendCon
 
Cloud Computing: The Hard Problems Never Go Away
Cloud Computing: The Hard Problems Never Go AwayCloud Computing: The Hard Problems Never Go Away
Cloud Computing: The Hard Problems Never Go AwayZendCon
 
Planning for Synchronization with Browser-Local Databases
Planning for Synchronization with Browser-Local DatabasesPlanning for Synchronization with Browser-Local Databases
Planning for Synchronization with Browser-Local DatabasesZendCon
 
Magento - a Zend Framework Application
Magento - a Zend Framework ApplicationMagento - a Zend Framework Application
Magento - a Zend Framework ApplicationZendCon
 
Enterprise-Class PHP Security
Enterprise-Class PHP SecurityEnterprise-Class PHP Security
Enterprise-Class PHP SecurityZendCon
 
PHP and IBM i - Database Alternatives
PHP and IBM i - Database AlternativesPHP and IBM i - Database Alternatives
PHP and IBM i - Database AlternativesZendCon
 
Application Diagnosis with Zend Server Tracing
Application Diagnosis with Zend Server TracingApplication Diagnosis with Zend Server Tracing
Application Diagnosis with Zend Server TracingZendCon
 
Insights from the Experts: How PHP Leaders Are Transforming High-Impact PHP A...
Insights from the Experts: How PHP Leaders Are Transforming High-Impact PHP A...Insights from the Experts: How PHP Leaders Are Transforming High-Impact PHP A...
Insights from the Experts: How PHP Leaders Are Transforming High-Impact PHP A...ZendCon
 
Joe Staner Zend Con 2008
Joe Staner Zend Con 2008Joe Staner Zend Con 2008
Joe Staner Zend Con 2008ZendCon
 
Make your PHP Application Software-as-a-Service (SaaS) Ready with the Paralle...
Make your PHP Application Software-as-a-Service (SaaS) Ready with the Paralle...Make your PHP Application Software-as-a-Service (SaaS) Ready with the Paralle...
Make your PHP Application Software-as-a-Service (SaaS) Ready with the Paralle...ZendCon
 
DB2 Storage Engine for MySQL and Open Source Applications Session
DB2 Storage Engine for MySQL and Open Source Applications SessionDB2 Storage Engine for MySQL and Open Source Applications Session
DB2 Storage Engine for MySQL and Open Source Applications SessionZendCon
 
Modernizing i5 Applications
Modernizing i5 ApplicationsModernizing i5 Applications
Modernizing i5 ApplicationsZendCon
 
Lesser Known Security Problems in PHP Applications
Lesser Known Security Problems in PHP ApplicationsLesser Known Security Problems in PHP Applications
Lesser Known Security Problems in PHP ApplicationsZendCon
 
Architecting for PHP5 - Why "Runs on PHP5" is not "Written for PHP5"
Architecting for PHP5 - Why "Runs on PHP5" is not "Written for PHP5"Architecting for PHP5 - Why "Runs on PHP5" is not "Written for PHP5"
Architecting for PHP5 - Why "Runs on PHP5" is not "Written for PHP5"ZendCon
 
SQL Query Tuning: The Legend of Drunken Query Master
SQL Query Tuning: The Legend of Drunken Query MasterSQL Query Tuning: The Legend of Drunken Query Master
SQL Query Tuning: The Legend of Drunken Query MasterZendCon
 
ZendCon 2008 Closing Keynote
ZendCon 2008 Closing KeynoteZendCon 2008 Closing Keynote
ZendCon 2008 Closing KeynoteZendCon
 
Top Zend Studio Secrets
Top Zend Studio SecretsTop Zend Studio Secrets
Top Zend Studio SecretsZendCon
 
VIM for (PHP) Programmers
VIM for (PHP) ProgrammersVIM for (PHP) Programmers
VIM for (PHP) ProgrammersZendCon
 
Test Driven Development
Test Driven DevelopmentTest Driven Development
Test Driven DevelopmentZendCon
 
Rickroll To Go With PHP, WURFL, and Other Open Source Tools
Rickroll To Go With PHP, WURFL, and Other Open Source ToolsRickroll To Go With PHP, WURFL, and Other Open Source Tools
Rickroll To Go With PHP, WURFL, and Other Open Source ToolsZendCon
 

Plus de ZendCon (20)

I18n with PHP 5.3
I18n with PHP 5.3I18n with PHP 5.3
I18n with PHP 5.3
 
Cloud Computing: The Hard Problems Never Go Away
Cloud Computing: The Hard Problems Never Go AwayCloud Computing: The Hard Problems Never Go Away
Cloud Computing: The Hard Problems Never Go Away
 
Planning for Synchronization with Browser-Local Databases
Planning for Synchronization with Browser-Local DatabasesPlanning for Synchronization with Browser-Local Databases
Planning for Synchronization with Browser-Local Databases
 
Magento - a Zend Framework Application
Magento - a Zend Framework ApplicationMagento - a Zend Framework Application
Magento - a Zend Framework Application
 
Enterprise-Class PHP Security
Enterprise-Class PHP SecurityEnterprise-Class PHP Security
Enterprise-Class PHP Security
 
PHP and IBM i - Database Alternatives
PHP and IBM i - Database AlternativesPHP and IBM i - Database Alternatives
PHP and IBM i - Database Alternatives
 
Application Diagnosis with Zend Server Tracing
Application Diagnosis with Zend Server TracingApplication Diagnosis with Zend Server Tracing
Application Diagnosis with Zend Server Tracing
 
Insights from the Experts: How PHP Leaders Are Transforming High-Impact PHP A...
Insights from the Experts: How PHP Leaders Are Transforming High-Impact PHP A...Insights from the Experts: How PHP Leaders Are Transforming High-Impact PHP A...
Insights from the Experts: How PHP Leaders Are Transforming High-Impact PHP A...
 
Joe Staner Zend Con 2008
Joe Staner Zend Con 2008Joe Staner Zend Con 2008
Joe Staner Zend Con 2008
 
Make your PHP Application Software-as-a-Service (SaaS) Ready with the Paralle...
Make your PHP Application Software-as-a-Service (SaaS) Ready with the Paralle...Make your PHP Application Software-as-a-Service (SaaS) Ready with the Paralle...
Make your PHP Application Software-as-a-Service (SaaS) Ready with the Paralle...
 
DB2 Storage Engine for MySQL and Open Source Applications Session
DB2 Storage Engine for MySQL and Open Source Applications SessionDB2 Storage Engine for MySQL and Open Source Applications Session
DB2 Storage Engine for MySQL and Open Source Applications Session
 
Modernizing i5 Applications
Modernizing i5 ApplicationsModernizing i5 Applications
Modernizing i5 Applications
 
Lesser Known Security Problems in PHP Applications
Lesser Known Security Problems in PHP ApplicationsLesser Known Security Problems in PHP Applications
Lesser Known Security Problems in PHP Applications
 
Architecting for PHP5 - Why "Runs on PHP5" is not "Written for PHP5"
Architecting for PHP5 - Why "Runs on PHP5" is not "Written for PHP5"Architecting for PHP5 - Why "Runs on PHP5" is not "Written for PHP5"
Architecting for PHP5 - Why "Runs on PHP5" is not "Written for PHP5"
 
SQL Query Tuning: The Legend of Drunken Query Master
SQL Query Tuning: The Legend of Drunken Query MasterSQL Query Tuning: The Legend of Drunken Query Master
SQL Query Tuning: The Legend of Drunken Query Master
 
ZendCon 2008 Closing Keynote
ZendCon 2008 Closing KeynoteZendCon 2008 Closing Keynote
ZendCon 2008 Closing Keynote
 
Top Zend Studio Secrets
Top Zend Studio SecretsTop Zend Studio Secrets
Top Zend Studio Secrets
 
VIM for (PHP) Programmers
VIM for (PHP) ProgrammersVIM for (PHP) Programmers
VIM for (PHP) Programmers
 
Test Driven Development
Test Driven DevelopmentTest Driven Development
Test Driven Development
 
Rickroll To Go With PHP, WURFL, and Other Open Source Tools
Rickroll To Go With PHP, WURFL, and Other Open Source ToolsRickroll To Go With PHP, WURFL, and Other Open Source Tools
Rickroll To Go With PHP, WURFL, and Other Open Source Tools
 

Dernier

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 

Dernier (20)

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 

Digital Identity

  • 1. Digital Identity Rob Richards September 17, 2008 http://xri.net/=rob.richards
  • 2. What is a Digital Identity? • Digital representation of claims about an entity – Domain name – email address – username – I-name • Claims can be made by or about the entity • No built-in assumption of trust 2
  • 3. Who Am I? =rob.richards jbobhick Jimbob Hick ab3544...@nyms.net Rob Richards Caribou, Maine <personal email> <address> <telephone> rob@mashery.com Rob Richards Sr. Software Architect http://rrichards.pip.verisignlabs.com/ 3
  • 4. What's the Problem? • Username/Password juggling • Information is being stored – Concerns over privacy issues – Security concerns / Identity Theft • User has no idea who/what is using their information • Continual re-invention of authentication mechanisms • Granting access to personal data to another party *** Sep 17th 2008 *** http://www.enews20.com/ news_Norwegian_tax_authority_mistakenly_leaks_sensitive_data_11597.html 4
  • 5. 7 Laws of Identity • User Control and Consent • Minimal Disclosure for a Constrained Use • Justifiable Parties • Directed Identity • Pluralism of Operators and Technologies • Human Integration • Consistent Experience Across Contexts Kim Cameron, quot;Laws of Identityquot;, http://www.identityblog.com/?page_id=354 5
  • 6. Identity Context Examples • Browsing: self-asserted identity for exploring the Web (giving away no real data)‫‏‬ • Personal: self-asserted identity for sites with which I want an ongoing private relationship (including my name and a long-term e-mail address)‫‏‬ • Community: a public identity for collaborating with others • Professional: a public identity for collaborating issued by my employer • Credit card: an identity issued by my financial institution • Citizen: an identity issued by my government Kim Cameron, quot;Laws of Identityquot;, http://www.identityblog.com/?page_id=354 6
  • 7. OpenID and Information Cards • Allow for Single Sign On • Decentralized – No one entity in control – User has choice and freedom • User-Centric – User is in control of data – User aware of information exchange • Possible reduction in amount of personal information a remote site would need to store • Potential to increase the Web experience while maintaining User privacy 7
  • 8. Common Terminology • Subject – Entity referenced by identity • Digital Identity – Set of claims made by one digital subject about itself or another • Relying Party (RP) – Site requesting identity • Identity Provider (IdP) / OpenID Provider (OP) – Service that provides or maintains identity information 8
  • 9. OpenID • URL based – http://rrichards.pip.verisignlabs.com/ – =rob.richards (http://xri.net/=rob.richards)‫‏‬ • Not Machine Dependent • Based on Simplicity – HTTP/S – URLs • PHP Libraries (There are More . . .)‫‏‬ – PHP OpenID library (http://www.openidenabled.com/php-openid/)‫‏‬ – Zend (http://framework.zend.com/manual/en/zend.openid.html) – OpenID for PHP (http://www.openidforphp.org/) 9
  • 10. OpenID Interaction Based on OpenID 1.1 Relying Party locates User Submits ID Identity Provider (IP)‫‏‬ Relying Party Relying Party Redirects User to IP Establishes Association User Authenticates IP Redirects back Against IP to Relying Party Relying Party Evaluates Response 10
  • 12. 12
  • 16. OpenID 2.0 • Extension Support – namespaced extensions • Attribute Exchange Extension – Extensible attribute support – Identity Provider can be asked to store certain attributes • HTTP POST Support – No longer limited to URL length – Larger Requests and Responses • Directed Identity – URL can identity Identity Provider – Identity Provider determines what ID to send to Relying Party • Official i-name Support 16
  • 17. OpenID: Potential Issues • Phishing / Pharming • Cross-Site Scripting (XSS) / Cross-Site Request Forgery (CSRF) – Feature to trust sites and not require login – Attacker could access sites unbeknownst to user • DNS Poisoning • Web Page Defacement • Realm Spoofing – Open Redirect Servers – XSS exploited • ID recycling • Your provider knows every site you use your id on 17
  • 18. Information Cards: Identities Identities represented as cards in a wallet – Self Asserted – Managed (Third Party provided)‫‏‬ 18
  • 19. Information Cards: Selectors CardSpace != Information Cards Information Cards are not Microsoft specific 19
  • 20. Information Cards • Identifier is unique amongst parties – Distinct digital key for each realm • Protections again Phishing – Visual indicators of previous interactions – x509 certificate checking • Complex Technologies – SAML – WS-Security / WS-Policy / WS-Trust – x509 20
  • 22. Information Cards Interaction Source: David Chappell quot;Introducing Windows CardSpacequot; April 2006 22
  • 26. Select or Create Card 26
  • 29. InfoCard Selector Initiation <form id=quot;infocardquot; method=quot;postquot; action=quot;serendipity_admin.phpquot;> <center> <img src=quot;/infocard/infocard.pngquot; onClick=quot;infocard.submit()quot;/> </center> <OBJECT type=quot;application/x-informationCardquot; name=quot;xmlTokenquot;> <PARAM Name=quot;tokenTypequot; Value=quot;urn:oasis:names:tc:SAML:1.0:assertionquot;> <PARAM Name=quot;requiredClaimsquot; Value=quot;http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressquot; /> </OBJECT> </form> 29
  • 30. InfoCard: PHP Code http://www.cdatazone.org/index.php?/pages/source.html • My own code – xmlseclibs.php • XMLDSig / XMLENC – infocard-lib.php • Decrypts submitted XML Token • Verifies Signed SAML Token • Parses Assertions • Zend_Infocard – http://framework.zend.com/manual/en/zend.infocard.html – Included with 1.5 release 30
  • 31. Submitted Token <enc:EncryptedData xmlns:enc=quot;...xmlenc#quot; Type=quot;...xmlenc#Elementquot;> <enc:EncryptionMethod Algorithm=quot;...xmlenc#aes256-cbcquot; /> <ds:KeyInfo xmlns:ds=quot;http://www.w3.org/2000/09/xmldsig#quot;> <enc:EncryptedKey> <enc:EncryptionMethod Algorithm=quot;...xmlenc#rsa-oaep-mgf1pquot;> <ds:DigestMethod Algorithm=quot;...xmldsig#sha1quot; /> </enc:EncryptionMethod> <ds:KeyInfo> <wsse:SecurityTokenReference xmlns:wsse=quot;...ssecurity-secext-1.0.xsdquot;> <wsse:KeyIdentifier ValueType=quot;. . .#ThumbprintSHA1quot; EncodingType=quot;. . .#Base64Binaryquot;>7SSj. . .</wsse:KeyIdentifier> </wsse:SecurityTokenReference> </ds:KeyInfo> <enc:CipherData> . . .</enc:CipherData> </enc:EncryptedKey> </ds:KeyInfo> <enc:CipherData>. . .</enc:CipherData> </enc:EncryptedData> 31
  • 32. Decrypted Self-Asserted Card <saml:Attribute AttributeName=quot;emailaddressquot; AttributeNamespace=quot;. . ./identity/claimsquot;> <saml:AttributeValue>rrichards@php.net</saml:AttributeValue> </saml:Attribute> <saml:Attribute AttributeName=quot;givennamequot; AttributeNamespace=quot;http://schemas.xmlsoap.org/ws/2005/05/identity/claimsquot;> <saml:AttributeValue>Rob</saml:AttributeValue> </saml:Attribute> <saml:Attribute AttributeName=quot;surnamequot; AttributeNamespace=quot;. . ./identity/claimsquot;> <saml:AttributeValue>Richards</saml:AttributeValue> </saml:Attribute> <saml:Attribute AttributeName=quot;privatepersonalidentifierquot; AttributeNamespace=quot;. . ./ identity/claimsquot;> <saml:AttributeValue>mzhu+UCL. . .</saml:AttributeValue> </saml:Attribute> 32
  • 33. Information Cards: Into The Future 33
  • 34. Information Card Issues • Still in infancy – Few number of selectors – Differing functionality between selectors – Small numbers in production • CardStore not easily transportable • Third party applications required for non Windows systems • Third party applications/plugins required • More difficult to implement than most Identity technologies 34
  • 35. Digital Identity: What Are You Using It For? • Identity for public or private use? • Is it a part of a reputation? • How valuable is the data to be protected? • What are the individual privacy concerns? • Consequences if a users identity is compromised? 35
  • 36. OAuth
  • 39. OAuth: The Problem Stop Asking For My User Credentials! 39
  • 40. OAuth: What Is It? Allows a User to grant access to private resources to another entity without giving away the keys to the Kingdom Master Key User Service Provider Consumer 40
  • 41. OAuth • OAuth Is Not OpenID – Shares common technologies – Workflow Appears similar • Consumer needs to be known to Service Provider • Token Based – Tokens identify the consumer – Tokens identify the combination of user and consumer – Tokens can be given a lifespan – Tokens can be revoked 41
  • 42. OAuth Security • Requests are signed – Plaintext – HMAC-SHA1 – RSA-SHA1 • Tokens are passed – No sharing of username/password – Tokens can be revoked • Requests pass timestamps – Provides validity timeframe – Can help prevent replay attacks • Nonce can be used – prevent replay attacks 42
  • 43. OAuth: Access Protected Resource http://api.getsatisfaction.com/me AccessDeniedError 43
  • 44. OAuth: Consumer Registration • Consumer provides information to Service Provider – Name – URL – Description • Consumer receives unique identifier (Consumer Key) • Information for Signature is shared – Shared secrect (Consumer Secret) – Consumer Public Key for use in RSA-SHA1 verification • Request and Access token endpoints made known 44
  • 47. OAuth: Get Request Token http://getsatisfaction.com/api/request_token? oauth_consumer_key=qw0xx50kxx29 &oauth_nonce=15865e53dbe0c4d4f13d9c2296c49fd8ba7384 &oauth_signature=kwwh%2BMO21uExLTAn25jFwLhZfys%3D &oauth_signature_method=HMAC-SHA1 &oauth_timestamp=1221478575 &oauth_version=1.0 47
  • 48. OAuth: Get Request Token (SP Response) oauth_token=2147xxxxvz0i &oauth_token_secret=xuxxtmxxxxxxx60bbn8worxxxxxxxcr1 48
  • 51. OAuth: User Authorization (SP Redirect) http://www.cdatazone.org/example/test.php? oauth_token=pspiu7gw5faq 51
  • 52. OAuth: Get Access Token http://getsatisfaction.com/api/access_token? oauth_consumer_key=qw0xx50kxx29 &oauth_nonce=be2ca738ccd024a9524d4eb090c1375b9953 &oauth_signature=2jSjj%2BjqlrxEbvbrxy0HboHrhr0%3D &oauth_signature_method=HMAC-SHA1 &oauth_timestamp=1221480066 &oauth_token=pspiu7gw5faq &oauth_version=1.0 52
  • 53. OAuth: Get Access Token (SP Response) oauth_token=s8xxxjxixxxu &oauth_token_secret=powxhxxxxxxxw9m457xxxxxxxjom2o 53
  • 54. OAuth: Access Protected Resource http://api.getsatisfaction.com/me? oauth_consumer_key=qw0xx50kxx29 &oauth_nonce=33cc986c57ee57689665ef331058cacacda6ab &oauth_signature=cWVX7QHX9FedI29fGiw99msSPfA%3D &oauth_signature_method=HMAC-SHA1 &oauth_timestamp=1221480525 &oauth_token=s8xxxjxixxxu &oauth_version=1.0 54
  • 55. OAuth: Access Protected Resource 55
  • 56. Questions? Digital Identity Rob Richards http://xri.net/=rob.richards www.cdatazone.org