Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect & UMA
-
Upload
mike-schwartz -
Category
Technology
-
view
175 -
download
1
Transcript of Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect & UMA
Trust ElevationImplementing an OAuth 2.0 Infrastructure using the OpenID Connect & UMA profiles
[email protected]@GluuFederation
By: Michael Schwartz
What is trust elevation?
“Trust Elevation methods increase the mitigation of risk of false assertion of identity in order to allow the subject to engage in a transaction.”
OASIS Trust-EL TCAuthentication Step-Up Protocol and MetadataVersion 1.0-Draft 3
Don’t use 2FA, unless you have to...
“Civilization advances by extending the number of important operations which we can perform without thinking about them.”
Albert North WhiteheadEnglish Mathematician and Philosopher(1861 - 1947)
Agenda
1. What tools do we have for person identification?
2. OAuth2 for trust elevation?3. Inter-domain trust elevation?4. New challenges!
Who am I:
Founded & Sold ISP: ‘95-’99IAM Integrator: ‘98-’09Founder / CEO Gluu: ‘09 - PresentDad, hacker, pigeon enthusiast
Part I: Identification
electron → meat correlation…
How do we know who is on the other side of that digital transaction?
Contextual Combinations Complicate Relative Scale
● Is the IP address a known hacker? ● Was the device rooted? ● Is a browser cookie present? ● Is the device running virus
protection? ● Is the location recognized? ● When was credential issued? ● What is the time of day?
According to Microsoft research (page 11), every authentication scheme does worse than passwords on deployability.
Pick your poison:
Part II: OAuth2How do apps use all these crazy authentication methods?
● Deployability = cost
● Less Cost = consolidation
● No “one-offs”!
Open Trust Taxonomy for OAuth2 (OTTO)
Enter...