CIS14: Bringing Crypto Back: Web Authentication without Bearer Tokens

28

description

Dirk Balfanz and Adam Dawes, Google A discussion of two efforts at Google, both designed to incrementally add public-key cryptography to existing authentication mechanisms—one aimed at cookies, and one aimed at passwords—that offer the security of public-key-based challenge-response protocols without getting rid of cookies or passwords.

Transcript of CIS14: Bringing Crypto Back: Web Authentication without Bearer Tokens

Page 1: CIS14: Bringing Crypto Back: Web Authentication without Bearer Tokens
Page 2: CIS14: Bringing Crypto Back: Web Authentication without Bearer Tokens
Page 3: CIS14: Bringing Crypto Back: Web Authentication without Bearer Tokens
Page 4: CIS14: Bringing Crypto Back: Web Authentication without Bearer Tokens
Page 5: CIS14: Bringing Crypto Back: Web Authentication without Bearer Tokens
Page 6: CIS14: Bringing Crypto Back: Web Authentication without Bearer Tokens
Page 7: CIS14: Bringing Crypto Back: Web Authentication without Bearer Tokens
Page 8: CIS14: Bringing Crypto Back: Web Authentication without Bearer Tokens
Page 9: CIS14: Bringing Crypto Back: Web Authentication without Bearer Tokens
Page 10: CIS14: Bringing Crypto Back: Web Authentication without Bearer Tokens
Page 11: CIS14: Bringing Crypto Back: Web Authentication without Bearer Tokens
Page 12: CIS14: Bringing Crypto Back: Web Authentication without Bearer Tokens
Page 13: CIS14: Bringing Crypto Back: Web Authentication without Bearer Tokens
Page 14: CIS14: Bringing Crypto Back: Web Authentication without Bearer Tokens
Page 15: CIS14: Bringing Crypto Back: Web Authentication without Bearer Tokens
Page 16: CIS14: Bringing Crypto Back: Web Authentication without Bearer Tokens
Page 17: CIS14: Bringing Crypto Back: Web Authentication without Bearer Tokens
Page 18: CIS14: Bringing Crypto Back: Web Authentication without Bearer Tokens
Page 19: CIS14: Bringing Crypto Back: Web Authentication without Bearer Tokens
Page 20: CIS14: Bringing Crypto Back: Web Authentication without Bearer Tokens
Page 21: CIS14: Bringing Crypto Back: Web Authentication without Bearer Tokens
Page 22: CIS14: Bringing Crypto Back: Web Authentication without Bearer Tokens
Page 23: CIS14: Bringing Crypto Back: Web Authentication without Bearer Tokens
Page 24: CIS14: Bringing Crypto Back: Web Authentication without Bearer Tokens
Page 25: CIS14: Bringing Crypto Back: Web Authentication without Bearer Tokens
Page 26: CIS14: Bringing Crypto Back: Web Authentication without Bearer Tokens
Page 27: CIS14: Bringing Crypto Back: Web Authentication without Bearer Tokens
Page 28: CIS14: Bringing Crypto Back: Web Authentication without Bearer Tokens

Google OAuth 2.0 Quick Start Guide - dl.sockettools.com · Google OAuth 2.0 Quick Start Guide This guide will show you how to obtain OAuth 2.0 bearer tokens (also called access tokens)

Google OAuth 2.0 Quick Start Guide - dl.sockettools.com · Google OAuth 2.0 Quick Start Guide This guide will show you how to obtain OAuth 2.0 bearer tokens (also called access tokens)

CIS14: Physical and Logical Access Control Convergence

CIS14: Physical and Logical Access Control Convergence

CIS14: From Card to Mobile—Evolving Identity Credentials

CIS14: From Card to Mobile—Evolving Identity Credentials

CIS14: User-Managed Access

CIS14: User-Managed Access

Hard Tokens vs. Soft Tokens - Home | NetIQ Tokens vs. Soft Tokens: Why Soft Tokens Are the Better Option Shortcomings of Hard Tokens: Limited deployments Device and management costs

Hard Tokens vs. Soft Tokens - Home | NetIQ Tokens vs. Soft Tokens: Why Soft Tokens Are the Better Option Shortcomings of Hard Tokens: Limited deployments Device and management costs

CIS14: PingAccess in Action

CIS14: PingAccess in Action

CIS14: Implementing MITREid

CIS14: Implementing MITREid

CIS14: Google's Identity Toolkit

CIS14: Google's Identity Toolkit

CIS14: Identity in OpenStack Icehouse

CIS14: Identity in OpenStack Icehouse

CIS14: I Left My JWT in San JOSE

CIS14: I Left My JWT in San JOSE

CIS14: OAuth and OpenID Connect in Action

CIS14: OAuth and OpenID Connect in Action

CIS14: PingOne IDaaS: What You Need to Know

CIS14: PingOne IDaaS: What You Need to Know

CIS14: Developing with OAuth and OIDC Connect

CIS14: Developing with OAuth and OIDC Connect

CIS14: Identity Management for the Cloud

CIS14: Identity Management for the Cloud

CIS14: Global Trends in BYOID

CIS14: Global Trends in BYOID

CIS14: Kantara Open Stand Overview

CIS14: Kantara Open Stand Overview

CIS14: Early Peek at PingFederate Administrative REST API

CIS14: Early Peek at PingFederate Administrative REST API

CIS14: Human Identity and the IoT “Jungle”

CIS14: Human Identity and the IoT “Jungle”

CIS14: NIST and NSTIC (New Directions in Identity)

CIS14: NIST and NSTIC (New Directions in Identity)

CIS14: Building Blocks for Mobile Authentication and Security

CIS14: Building Blocks for Mobile Authentication and Security