SlideShare a Scribd company logo

OpenID Foundation Workshop at EIC 2018 - OpenID Enhanced Authentication Profile (EAP) Working Group Update

M
MikeLeszcz

The OpenID Enhanced Authentication Profile (EAP) Working Group, chaired by Brian Campbell and Mike Jones, is focused on creating a security and privacy profile for OpenID Connect specifications to facilitate strong user authentication. This includes the development of two specifications: Token Bound Authentication and EAP ACR Values, which provide definitions for authentication mechanisms designed to resist phishing attacks. The working group remains active with biweekly calls and is currently preparing for interoperability testing of token binding implementations.

Technology
1 of 6
Download to read offline
1
2
3
4
5
6
OpenID Enhanced Authentication Profile (EAP) Working Group May 15, 2018 Dr. Michael B. Jones Identity Standards Architect – Microsoft
What is the EAP WG? • Working group description at http://openid.net/wg/eap/ • Chartered to: – “Develop a security and privacy profile of the OpenID Connect specifications that enable users to authenticate to OpenID Providers using strong authentication specifications. The resulting profile will enable • use of IETF Token Binding specifications with OpenID Connect and • integration with FIDO relying parties and/or other strong authentication technologies.”
Two EAP Specifications • Token Bound Authentication – Defines how to apply Token Binding to OpenID Connect ID Tokens – http://openid.net/specs/openid-connect-token-bound- authentication-1_0.html • EAP ACR Values – Defines “acr” values strong authentication profiles – http://openid.net/specs/openid-connect-eap-acr-values-1_0.html
Token Binding Update • IETF Token Binding specs went to IESG telechat May 10, 2018 – IESG review the last step before going to the RFC Editor • OAuth Token Binding spec – https://tools.ietf.org/html/draft-ietf-oauth-token-binding – Defines Token Binding of OAuth 2.0 access tokens, refresh tokens, authorization codes, JWT authorization grants, and JWT client authentication • OpenID Connect Token Binding spec – http://openid.net/specs/openid-connect-token-bound-authentication-1_0.html – Defines Binding of OpenID Connect ID Tokens • Continuing to define metadata about Token Binding implementations • Implementation available for interop testing – Created by Brian Campbell – See https://www.ietf.org/mail-archive/web/unbearable/current/msg01332.html
Two ACR Values Defined • “phr” – Phishing-Resistant – An authentication mechanism where a party potentially under the control of the Relying Party cannot gain sufficient information to be able to successfully authenticate to the End User's OpenID Provider as if that party were the End User • “phrh” – Phishing-Resistant Hardware Protected – An authentication mechanism meeting the requirements for phishing-resistant authentication above in which additionally information needed to be able to successfully authenticate to the End User's OpenID Provider as if that party were the End User is held in a hardware-protected device or component • Phishing-Resistant definition based on 2008 OpenID Provider Authentication Policy Extension (PAPE) specification
Status • Working group active – Chairs Brian Campbell and Mike Jones • Calls scheduled every two weeks on Thursdays • For more information, see the working group page – http://openid.net/wg/eap/

More Related Content

What's hot (20)

PDF
OpenID Foundation Workshop at EIC 2018 - OpenID Certification Update
MikeLeszcz
 
PDF
OIDF Workshop at Verizon Media -- 9/30/2019 -- Browser Changes Impacting Iden...
OpenIDFoundation
 
PPTX
OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group Update
OpenIDFoundation
 
PDF
OpenID Foundation/Open Banking Workshop - OpenID Foundation Overview
MikeLeszcz
 
PDF
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect for Identity As...
OpenIDFoundation
 
PPTX
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Certification Program U...
OpenIDFoundation
 
PPTX
OpenID Foundation FastFed Working Group Update - 2017-10-16
MikeLeszcz
 
PDF
OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- OpenID Cer...
OpenIDFoundation
 
PDF
OpenID Foundation Connect Working Group Update - October 22, 2018
OpenIDFoundation
 
PDF
OpenID Foundation Workshop at EIC 2018 - Mobile Driver's License Presentantion
MikeLeszcz
 
PDF
OpenID Certification Program Update - 2017-10-16
MikeLeszcz
 
PDF
OpenID Certification Program Update - 2018-04-02
MikeLeszcz
 
PPTX
MODRNA WG Update - April 2021
Bjorn Hjelm
 
PPTX
OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAut...
Brian Campbell
 
PPTX
OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- FAPI Certi...
OpenIDFoundation
 
PDF
Gravitee.io
Knoldus Inc.
 
PPTX
OpenID Connect and Single Sign-On for Beginners
Salesforce Developers
 
PDF
Enterprise Security Requirements
WSO2
 
PDF
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
apidays
 
PPTX
OpenAM - An Introduction
ForgeRock
 
OpenID Foundation Workshop at EIC 2018 - OpenID Certification Update
MikeLeszcz
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- Browser Changes Impacting Iden...
OpenIDFoundation
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group Update
OpenIDFoundation
 
OpenID Foundation/Open Banking Workshop - OpenID Foundation Overview
MikeLeszcz
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect for Identity As...
OpenIDFoundation
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Certification Program U...
OpenIDFoundation
 
OpenID Foundation FastFed Working Group Update - 2017-10-16
MikeLeszcz
 
OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- OpenID Cer...
OpenIDFoundation
 
OpenID Foundation Connect Working Group Update - October 22, 2018
OpenIDFoundation
 
OpenID Foundation Workshop at EIC 2018 - Mobile Driver's License Presentantion
MikeLeszcz
 
OpenID Certification Program Update - 2017-10-16
MikeLeszcz
 
OpenID Certification Program Update - 2018-04-02
MikeLeszcz
 
MODRNA WG Update - April 2021
Bjorn Hjelm
 
OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAut...
Brian Campbell
 
OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- FAPI Certi...
OpenIDFoundation
 
Gravitee.io
Knoldus Inc.
 
OpenID Connect and Single Sign-On for Beginners
Salesforce Developers
 
Enterprise Security Requirements
WSO2
 
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
apidays
 
OpenAM - An Introduction
ForgeRock
 

Similar to OpenID Foundation Workshop at EIC 2018 - OpenID Enhanced Authentication Profile (EAP) Working Group Update (20)

PDF
OpenID Connect "101" Introduction -- October 23, 2018
OpenIDFoundation
 
PPTX
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Working Group U...
OpenIDFoundation
 
PDF
FIWARE Identity Management and Access Control
FIWARE
 
PDF
NIST 800-63 Guidance & FIDO Authentication
FIDO Alliance
 
PDF
FIWARE Training: Identity Management and Access Control
FIWARE
 
PPTX
How to write secure code
Flaskdata.io
 
PDF
Hyperledger Fabric update Meetup 20181101
Arnaud Le Hors
 
PPTX
OpenId Connect Protocol
Michael Furman
 
PDF
Enterprise Blockchain & Data Sovereignty. Carlo Ferrarini, IBM
Data Driven Innovation
 
PPT
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Information Security Awareness Group
 
PPTX
Configuring Single Sign-On (SSO) via Identity Management | MuleSoft Mysore Me...
MysoreMuleSoftMeetup
 
PPTX
Web API 2 Token Based Authentication
jeremysbrown
 
PDF
OpenID for SSI
Torsten Lodderstedt
 
PDF
ConFoo 2015 - Securing RESTful resources with OAuth2
Rodrigo Cândido da Silva
 
PDF
OpenID Foundation Workshop at EIC 2018 - OpenID Connect Working Group Update
MikeLeszcz
 
PDF
Implementing Microservices Security Patterns & Protocols with Spring
VMware Tanzu
 
PPTX
OpenID Foundation MODRNA WG Overview (Apr. 2019)
Bjorn Hjelm
 
PPTX
An Overview of the interface of MODRNA and GSMA Mobile Connect
Bjorn Hjelm
 
PPTX
OpenID Foundation MODRNA WG Update
Bjorn Hjelm
 
PDF
Issa fi xs briefing
Federation for Identity and Cross-Credentialing Systems (FiXs)
 
OpenID Connect "101" Introduction -- October 23, 2018
OpenIDFoundation
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Working Group U...
OpenIDFoundation
 
FIWARE Identity Management and Access Control
FIWARE
 
NIST 800-63 Guidance & FIDO Authentication
FIDO Alliance
 
FIWARE Training: Identity Management and Access Control
FIWARE
 
How to write secure code
Flaskdata.io
 
Hyperledger Fabric update Meetup 20181101
Arnaud Le Hors
 
OpenId Connect Protocol
Michael Furman
 
Enterprise Blockchain & Data Sovereignty. Carlo Ferrarini, IBM
Data Driven Innovation
 
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Information Security Awareness Group
 
Configuring Single Sign-On (SSO) via Identity Management | MuleSoft Mysore Me...
MysoreMuleSoftMeetup
 
Web API 2 Token Based Authentication
jeremysbrown
 
OpenID for SSI
Torsten Lodderstedt
 
ConFoo 2015 - Securing RESTful resources with OAuth2
Rodrigo Cândido da Silva
 
OpenID Foundation Workshop at EIC 2018 - OpenID Connect Working Group Update
MikeLeszcz
 
Implementing Microservices Security Patterns & Protocols with Spring
VMware Tanzu
 
OpenID Foundation MODRNA WG Overview (Apr. 2019)
Bjorn Hjelm
 
An Overview of the interface of MODRNA and GSMA Mobile Connect
Bjorn Hjelm
 
OpenID Foundation MODRNA WG Update
Bjorn Hjelm
 
Issa fi xs briefing
Federation for Identity and Cross-Credentialing Systems (FiXs)
 
Ad

More from MikeLeszcz (6)

PDF
OpenID Foundation Workshop at EIC 2018 - Introduction to the FAPI Read & Writ...
MikeLeszcz
 
PDF
OpenID Foundation Workshop at EIC 2018 - HEART Working Group Update
MikeLeszcz
 
PDF
CIBA Profile Overview - OpenID Foundation/Open Banking Workshop - March 21, 2018
MikeLeszcz
 
PDF
OpenID Foundation's Risk Incident and Sharing Communication (RISC) Work Group...
MikeLeszcz
 
PDF
OpenID Foundation/Open Banking Workshop - Open Banking Update
MikeLeszcz
 
PDF
Banking is Now More Open: Open Banking Update
MikeLeszcz
 
OpenID Foundation Workshop at EIC 2018 - Introduction to the FAPI Read & Writ...
MikeLeszcz
 
OpenID Foundation Workshop at EIC 2018 - HEART Working Group Update
MikeLeszcz
 
CIBA Profile Overview - OpenID Foundation/Open Banking Workshop - March 21, 2018
MikeLeszcz
 
OpenID Foundation's Risk Incident and Sharing Communication (RISC) Work Group...
MikeLeszcz
 
OpenID Foundation/Open Banking Workshop - Open Banking Update
MikeLeszcz
 
Banking is Now More Open: Open Banking Update
MikeLeszcz
 
Ad

Recently uploaded (20)

PPTX
COMPARISON OF RASTER ANALYSIS TOOLS OF QGIS AND ARCGIS
Sharanya Sarkar
 
PDF
How Startups Are Growing Faster with App Developers in Australia.pdf
India App Developer
 
PPTX
"Autonomy of LLM Agents: Current State and Future Prospects", Oles` Petriv
Fwdays
 
PDF
Chris Elwell Woburn, MA - Passionate About IT Innovation
Chris Elwell Woburn, MA
 
PDF
CIFDAQ Market Wrap for the week of 4th July 2025
CIFDAQ
 
PDF
Newgen 2022-Forrester Newgen TEI_13 05 2022-The-Total-Economic-Impact-Newgen-...
darshakparmar
 
PDF
The Rise of AI and IoT in Mobile App Tech.pdf
IMG Global Infotech
 
PPTX
Webinar: Introduction to LF Energy EVerest
DanBrown980551
 
PDF
"Beyond English: Navigating the Challenges of Building a Ukrainian-language R...
Fwdays
 
PDF
What Makes Contify’s News API Stand Out: Key Features at a Glance
Contify
 
PDF
Agentic AI lifecycle for Enterprise Hyper-Automation
Debmalya Biswas
 
PDF
Newgen Beyond Frankenstein_Build vs Buy_Digital_version.pdf
darshakparmar
 
PDF
CIFDAQ Weekly Market Wrap for 11th July 2025
CIFDAQ
 
PDF
DevBcn - Building 10x Organizations Using Modern Productivity Metrics
Justin Reock
 
PDF
LLMs.txt: Easily Control How AI Crawls Your Site
Keploy
 
PDF
CIFDAQ Market Insights for July 7th 2025
CIFDAQ
 
PDF
NewMind AI - Journal 100 Insights After The 100th Issue
NewMind AI
 
PPTX
WooCommerce Workshop: Bring Your Laptop
Laura Hartwig
 
PDF
POV_ Why Enterprises Need to Find Value in ZERO.pdf
darshakparmar
 
PDF
Reverse Engineering of Security Products: Developing an Advanced Microsoft De...
nwbxhhcyjv
 
COMPARISON OF RASTER ANALYSIS TOOLS OF QGIS AND ARCGIS
Sharanya Sarkar
 
How Startups Are Growing Faster with App Developers in Australia.pdf
India App Developer
 
"Autonomy of LLM Agents: Current State and Future Prospects", Oles` Petriv
Fwdays
 
Chris Elwell Woburn, MA - Passionate About IT Innovation
Chris Elwell Woburn, MA
 
CIFDAQ Market Wrap for the week of 4th July 2025
CIFDAQ
 
Newgen 2022-Forrester Newgen TEI_13 05 2022-The-Total-Economic-Impact-Newgen-...
darshakparmar
 
The Rise of AI and IoT in Mobile App Tech.pdf
IMG Global Infotech
 
Webinar: Introduction to LF Energy EVerest
DanBrown980551
 
"Beyond English: Navigating the Challenges of Building a Ukrainian-language R...
Fwdays
 
What Makes Contify’s News API Stand Out: Key Features at a Glance
Contify
 
Agentic AI lifecycle for Enterprise Hyper-Automation
Debmalya Biswas
 
Newgen Beyond Frankenstein_Build vs Buy_Digital_version.pdf
darshakparmar
 
CIFDAQ Weekly Market Wrap for 11th July 2025
CIFDAQ
 
DevBcn - Building 10x Organizations Using Modern Productivity Metrics
Justin Reock
 
LLMs.txt: Easily Control How AI Crawls Your Site
Keploy
 
CIFDAQ Market Insights for July 7th 2025
CIFDAQ
 
NewMind AI - Journal 100 Insights After The 100th Issue
NewMind AI
 
WooCommerce Workshop: Bring Your Laptop
Laura Hartwig
 
POV_ Why Enterprises Need to Find Value in ZERO.pdf
darshakparmar
 
Reverse Engineering of Security Products: Developing an Advanced Microsoft De...
nwbxhhcyjv
 

OpenID Foundation Workshop at EIC 2018 - OpenID Enhanced Authentication Profile (EAP) Working Group Update

  • 1. OpenID Enhanced Authentication Profile (EAP) Working Group May 15, 2018 Dr. Michael B. Jones Identity Standards Architect – Microsoft
  • 2. What is the EAP WG? • Working group description at http://openid.net/wg/eap/ • Chartered to: – “Develop a security and privacy profile of the OpenID Connect specifications that enable users to authenticate to OpenID Providers using strong authentication specifications. The resulting profile will enable • use of IETF Token Binding specifications with OpenID Connect and • integration with FIDO relying parties and/or other strong authentication technologies.”
  • 3. Two EAP Specifications • Token Bound Authentication – Defines how to apply Token Binding to OpenID Connect ID Tokens – http://openid.net/specs/openid-connect-token-bound- authentication-1_0.html • EAP ACR Values – Defines “acr” values strong authentication profiles – http://openid.net/specs/openid-connect-eap-acr-values-1_0.html
  • 4. Token Binding Update • IETF Token Binding specs went to IESG telechat May 10, 2018 – IESG review the last step before going to the RFC Editor • OAuth Token Binding spec – https://tools.ietf.org/html/draft-ietf-oauth-token-binding – Defines Token Binding of OAuth 2.0 access tokens, refresh tokens, authorization codes, JWT authorization grants, and JWT client authentication • OpenID Connect Token Binding spec – http://openid.net/specs/openid-connect-token-bound-authentication-1_0.html – Defines Binding of OpenID Connect ID Tokens • Continuing to define metadata about Token Binding implementations • Implementation available for interop testing – Created by Brian Campbell – See https://www.ietf.org/mail-archive/web/unbearable/current/msg01332.html
  • 5. Two ACR Values Defined • “phr” – Phishing-Resistant – An authentication mechanism where a party potentially under the control of the Relying Party cannot gain sufficient information to be able to successfully authenticate to the End User's OpenID Provider as if that party were the End User • “phrh” – Phishing-Resistant Hardware Protected – An authentication mechanism meeting the requirements for phishing-resistant authentication above in which additionally information needed to be able to successfully authenticate to the End User's OpenID Provider as if that party were the End User is held in a hardware-protected device or component • Phishing-Resistant definition based on 2008 OpenID Provider Authentication Policy Extension (PAPE) specification
  • 6. Status • Working group active – Chairs Brian Campbell and Mike Jones • Calls scheduled every two weeks on Thursdays • For more information, see the working group page – http://openid.net/wg/eap/