Mike Jones: self-issued

Archive for April, 2020

April 28, 2020

I gave the following invited “101” session presentation at the 30th Internet Identity Workshop (IIW) on Tuesday, April 28, 2020:

Introduction to OpenID Connect (PowerPoint) (PDF)

I missed being able to gauge audience reactions by looking around the room but the virtualized session was still well attended by a good group of people, who let me know how OpenID Connect is relevant to what they’re doing.

No Comments » Posted under Events & OpenID

April 6, 2020

Working group adoption of â€œOAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (DPoP)â€

OAuth logo Weâ€™re making progress on a simple application-level proof-of-possession solution for OAuth 2.0. Iâ€™m pleased to report that DPoP has now been adopted as an OAuth working group specification. The abstract of the specification is:

This document describes a mechanism for sender-constraining OAuth 2.0 tokens via a proof-of-possession mechanism on the application level. This mechanism allows for the detection of replay attacks with access and refresh tokens.

The specification is available at:

https://tools.ietf.org/id/draft-ietf-oauth-dpop-00.html

No Comments » Posted under IETF & OAuth & Specifications

Musings on Digital Identity

Archive for April, 2020

Search

Categories

Monthly

Meta