SlideShare a Scribd company logo

The JSON-based Identity Protocol Suite

Download as PPTX, PDF
Twobo Technologies
Twobo Technologies

An overview of the JSON-based identity protocol suite, including JWT, JWE, JWK, etc.

Technology
1 of 13
The JSON-based Identity Protocol Suite By Travis Spencer Copyright © 2013 Twobo Technologies AB.
Overview of the Protocol Suite  JavaScript Object Notation (JSON) – Data encoding format popularized by AJAX & REST  All being defined in IETF  Used to encode OAuth 2.0 security model  Tokens (JWT) Encryption (JWE)  Keys (JWK) Signatures (JWS)  OAuth 2.0 Bearer Token spec binds it to OAuth  Basis of OAuth and OpenID Connect Copyright © 2013 Twobo Technologies AB.
Overview of JWT  JWT – pronounced “jot” – are lightweight tokens passed in HTTP headers & query strings  Three basic sections – header, claims, signature  Akin to SAML tokens  Less expressive  Less security options  Encoded w/ JSON not XML for compactness Copyright © 2013 Twobo Technologies AB.
Basic Layout & Wire Format Header Claims Crypto JWT Token base64url(Header) + “.” + base64url(Claims) + “.” + base64url(Crypto) Copyright © 2013 Twobo Technologies AB.
Claims Section  Reserved (but optional) claim names  Expiration time (exp) Issuer (iss)  Not before (nbf) Type (typ)  Issued at (iat) Audience (aud)  Public claim names  IANA JWT claims registry  Domain name, OID, or UUID  Private claim names – Any unused name  Value can be any JSON type Copyright © 2013 Twobo Technologies AB.
Overview of JWE  Used to encrypt JWTs  Supports symmetric & asymmetric encryption  Three basic sections – header, key, ciphertext  Plaintext may be signed first  Encryption algorithm  RSA1_5 A(128|256)KW  RSA-OAEP A(128|256)GCM  ECDH-ES  Cyphertext is put in the crypto section of the JWT Copyright © 2013 Twobo Technologies AB.
Basic Layout & Wire Format Header Key Ciphertext JWE JWE = base64url(Header) + “.” + base64url(Key) + “.” + base64url(Ciphertext) Copyright © 2013 Twobo Technologies AB.
Overview of JWK  Array of public keys encoded as JSON objects  Intended for inclusion in JWS for signature verification  Explicit support for Elliptic Curve and RSA keys Copyright © 2013 Twobo Technologies AB.
JWK Example {“keyvalues” : {“algorithm” : “RSA”, [ “modulus” : “…”, {“algorithm” : “EC”, “exponent” : “…”, “curve” : “P-256”, “keyid” : “…”} ] “x” : “…”, } “y” : “…”, “use” : “encryption”, “keyid” : “1”}, Copyright © 2013 Twobo Technologies AB.
Overview of JWS  Header input is JWT header  Payload input is JWT claims  Output is appended to JWT inputs & (optionally) points to the JWK that was used  Supports symmetric & asymmetric signing algorithms  HMAC SHA RSA SHA  ECDSA w/ curve P & SHA Copyright © 2013 Twobo Technologies AB.
Basic Layout & Wire Format Header Payload JWS JWS = base64url(sig(base64url(Header) + “.” + base64url(Payload))) Copyright © 2013 Twobo Technologies AB.
Questions & Thanks @2botech @travisspencer www.2botech.com www.travisspencer.com Copyright © 2013 Twobo Technologies AB.
The JSON-based Identity Protocol Suite

Recommended

Nordic APIs - Building a Secure API
Nordic APIs - Building a Secure APINordic APIs - Building a Secure API
Nordic APIs - Building a Secure API
Twobo Technologies
 
Incorporating OAuth
Incorporating OAuthIncorporating OAuth
Incorporating OAuth
Twobo Technologies
 
Neo-security Stack
Neo-security StackNeo-security Stack
Neo-security Stack
Twobo Technologies
 
Incorporating OAuth: How to integrate OAuth into your mobile app
Incorporating OAuth: How to integrate OAuth into your mobile appIncorporating OAuth: How to integrate OAuth into your mobile app
Incorporating OAuth: How to integrate OAuth into your mobile app
Nordic APIs
 
OAuth and OpenID Connect for Microservices
OAuth and OpenID Connect for MicroservicesOAuth and OpenID Connect for Microservices
OAuth and OpenID Connect for Microservices
Twobo Technologies
 
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile World
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile WorldNordic APIs - Integrated Social Solutions for a Cloudy, Mobile World
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile World
Twobo Technologies
 
Authorization The Missing Piece of the Puzzle
Authorization The Missing Piece of the PuzzleAuthorization The Missing Piece of the Puzzle
Authorization The Missing Piece of the Puzzle
Nordic APIs
 
DDD Melbourne 2019 : Modern Authentication 101
DDD Melbourne 2019 : Modern Authentication 101DDD Melbourne 2019 : Modern Authentication 101
DDD Melbourne 2019 : Modern Authentication 101
Dasith Wijesiriwardena
 

Recommended

Nordic APIs - Building a Secure API
Nordic APIs - Building a Secure APINordic APIs - Building a Secure API
Nordic APIs - Building a Secure API
Twobo Technologies
 
Incorporating OAuth
Incorporating OAuthIncorporating OAuth
Incorporating OAuth
Twobo Technologies
 
Neo-security Stack
Neo-security StackNeo-security Stack
Neo-security Stack
Twobo Technologies
 
Incorporating OAuth: How to integrate OAuth into your mobile app
Incorporating OAuth: How to integrate OAuth into your mobile appIncorporating OAuth: How to integrate OAuth into your mobile app
Incorporating OAuth: How to integrate OAuth into your mobile app
Nordic APIs
 
OAuth and OpenID Connect for Microservices
OAuth and OpenID Connect for MicroservicesOAuth and OpenID Connect for Microservices
OAuth and OpenID Connect for Microservices
Twobo Technologies
 
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile World
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile WorldNordic APIs - Integrated Social Solutions for a Cloudy, Mobile World
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile World
Twobo Technologies
 
Authorization The Missing Piece of the Puzzle
Authorization The Missing Piece of the PuzzleAuthorization The Missing Piece of the Puzzle
Authorization The Missing Piece of the Puzzle
Nordic APIs
 
DDD Melbourne 2019 : Modern Authentication 101
DDD Melbourne 2019 : Modern Authentication 101DDD Melbourne 2019 : Modern Authentication 101
DDD Melbourne 2019 : Modern Authentication 101
Dasith Wijesiriwardena
 
Launching a Successful and Secure API
Launching a Successful and Secure APILaunching a Successful and Secure API
Launching a Successful and Secure API
Nordic APIs
 
HyWAI Web Bluetooth API
HyWAI Web Bluetooth APIHyWAI Web Bluetooth API
HyWAI Web Bluetooth API
Jonathan Jeon
 
Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)
Nordic APIs
 
Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the applic...
Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the applic...Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the applic...
Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the applic...
Nat Sakimura
 
Security via Java
Security via JavaSecurity via Java
Security via Java
Bahaa Zaid
 
CIS14: I Left My JWT in San JOSE
CIS14: I Left My JWT in San JOSECIS14: I Left My JWT in San JOSE
CIS14: I Left My JWT in San JOSE
CloudIDSummit
 
Sign in with Apple
Sign in with Apple Sign in with Apple
Sign in with Apple
Nov Matake
 
Designing an API
Designing an APIDesigning an API
Designing an API
Twobo Technologies
 
Disrupting the Car Industry and Driver Experience with APIs - API Days San Fr...
Disrupting the Car Industry and Driver Experience with APIs - API Days San Fr...Disrupting the Car Industry and Driver Experience with APIs - API Days San Fr...
Disrupting the Car Industry and Driver Experience with APIs - API Days San Fr...
Fabernovel
 
Fidor TecS AG Company Presentation
Fidor TecS AG Company PresentationFidor TecS AG Company Presentation
Fidor TecS AG Company Presentation
Frank Schwab
 
The end of polling (Audrey Neveu)
The end of polling (Audrey Neveu)The end of polling (Audrey Neveu)
The end of polling (Audrey Neveu)
Nordic APIs
 
Why should C-Level care about APIs? It's the new economy, stupid.
Why should C-Level care about APIs? It's the new economy, stupid.Why should C-Level care about APIs? It's the new economy, stupid.
Why should C-Level care about APIs? It's the new economy, stupid.
Fabernovel
 
The future of Banking @ Social Media Week 2015
The future of Banking @ Social Media Week 2015The future of Banking @ Social Media Week 2015
The future of Banking @ Social Media Week 2015
Lars Markull
 
Why Drones are the Future of IoT
Why Drones are the Future of IoTWhy Drones are the Future of IoT
Why Drones are the Future of IoT
Colin Snow
 
Automated Deployment with Maven - going the whole nine yards
Automated Deployment with Maven - going the whole nine yardsAutomated Deployment with Maven - going the whole nine yards
Automated Deployment with Maven - going the whole nine yards
John Ferguson Smart Limited
 
EVOLVE'13 | Keynote | Roy Fielding
EVOLVE'13 | Keynote | Roy FieldingEVOLVE'13 | Keynote | Roy Fielding
EVOLVE'13 | Keynote | Roy Fielding
Evolve The Adobe Digital Marketing Community
 
API Management architect presentation
API Management architect presentationAPI Management architect presentation
API Management architect presentation
sflynn073
 
Token Based Authentication Systems with AngularJS & NodeJS
Token Based Authentication Systems with AngularJS & NodeJSToken Based Authentication Systems with AngularJS & NodeJS
Token Based Authentication Systems with AngularJS & NodeJS
Hüseyin BABAL
 
エンタープライズIT環境での OpenID Connect / SCIM の具体的実装方法 idit2014
エンタープライズIT環境での OpenID Connect / SCIM の具体的実装方法 idit2014エンタープライズIT環境での OpenID Connect / SCIM の具体的実装方法 idit2014
エンタープライズIT環境での OpenID Connect / SCIM の具体的実装方法 idit2014
Takashi Yahata
 
Synergies of Cloud Identity: Putting it All Together
Synergies of Cloud Identity: Putting it All TogetherSynergies of Cloud Identity: Putting it All Together
Synergies of Cloud Identity: Putting it All Together
Twobo Technologies
 
Transforming organizations into platforms
Transforming organizations into platformsTransforming organizations into platforms
Transforming organizations into platforms
Twobo Technologies
 
Beveiliging en REST services
Beveiliging en REST servicesBeveiliging en REST services
Beveiliging en REST services
Maurice De Beijer [MVP]
 

More Related Content

What's hot

What's hot (7)

Launching a Successful and Secure API
Launching a Successful and Secure APILaunching a Successful and Secure API
Launching a Successful and Secure API
 
HyWAI Web Bluetooth API
HyWAI Web Bluetooth APIHyWAI Web Bluetooth API
HyWAI Web Bluetooth API
 
Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)
 
Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the applic...
Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the applic...Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the applic...
Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the applic...
 
Security via Java
Security via JavaSecurity via Java
Security via Java
 
CIS14: I Left My JWT in San JOSE
CIS14: I Left My JWT in San JOSECIS14: I Left My JWT in San JOSE
CIS14: I Left My JWT in San JOSE
 
Sign in with Apple
Sign in with Apple Sign in with Apple
Sign in with Apple
 

Viewers also liked

Fidor TecS AG Company Presentation
Fidor TecS AG Company PresentationFidor TecS AG Company Presentation
Fidor TecS AG Company Presentation
Frank Schwab
 
The end of polling (Audrey Neveu)
The end of polling (Audrey Neveu)The end of polling (Audrey Neveu)
The end of polling (Audrey Neveu)
Nordic APIs
 
Why should C-Level care about APIs? It's the new economy, stupid.
Why should C-Level care about APIs? It's the new economy, stupid.Why should C-Level care about APIs? It's the new economy, stupid.
Why should C-Level care about APIs? It's the new economy, stupid.
Fabernovel
 
API Management architect presentation
API Management architect presentationAPI Management architect presentation
API Management architect presentation
sflynn073
 
OpenID ConnectとSCIMの標準化動向
OpenID ConnectとSCIMの標準化動向OpenID ConnectとSCIMの標準化動向
OpenID ConnectとSCIMの標準化動向
Tatsuo Kudo
 
Twobo LDAP Attribute Store for ADFS
Twobo LDAP Attribute Store for ADFSTwobo LDAP Attribute Store for ADFS
Twobo LDAP Attribute Store for ADFS
Twobo Technologies
 

Viewers also liked (20)

Designing an API
Designing an APIDesigning an API
Designing an API
 
Disrupting the Car Industry and Driver Experience with APIs - API Days San Fr...
Disrupting the Car Industry and Driver Experience with APIs - API Days San Fr...Disrupting the Car Industry and Driver Experience with APIs - API Days San Fr...
Disrupting the Car Industry and Driver Experience with APIs - API Days San Fr...
 
Fidor TecS AG Company Presentation
Fidor TecS AG Company PresentationFidor TecS AG Company Presentation
Fidor TecS AG Company Presentation
 
The end of polling (Audrey Neveu)
The end of polling (Audrey Neveu)The end of polling (Audrey Neveu)
The end of polling (Audrey Neveu)
 
Why should C-Level care about APIs? It's the new economy, stupid.
Why should C-Level care about APIs? It's the new economy, stupid.Why should C-Level care about APIs? It's the new economy, stupid.
Why should C-Level care about APIs? It's the new economy, stupid.
 
The future of Banking @ Social Media Week 2015
The future of Banking @ Social Media Week 2015The future of Banking @ Social Media Week 2015
The future of Banking @ Social Media Week 2015
 
Why Drones are the Future of IoT
Why Drones are the Future of IoTWhy Drones are the Future of IoT
Why Drones are the Future of IoT
 
Automated Deployment with Maven - going the whole nine yards
Automated Deployment with Maven - going the whole nine yardsAutomated Deployment with Maven - going the whole nine yards
Automated Deployment with Maven - going the whole nine yards
 
EVOLVE'13 | Keynote | Roy Fielding
EVOLVE'13 | Keynote | Roy FieldingEVOLVE'13 | Keynote | Roy Fielding
EVOLVE'13 | Keynote | Roy Fielding
 
API Management architect presentation
API Management architect presentationAPI Management architect presentation
API Management architect presentation
 
Token Based Authentication Systems with AngularJS & NodeJS
Token Based Authentication Systems with AngularJS & NodeJSToken Based Authentication Systems with AngularJS & NodeJS
Token Based Authentication Systems with AngularJS & NodeJS
 
エンタープライズIT環境での OpenID Connect / SCIM の具体的実装方法 idit2014
エンタープライズIT環境での OpenID Connect / SCIM の具体的実装方法 idit2014エンタープライズIT環境での OpenID Connect / SCIM の具体的実装方法 idit2014
エンタープライズIT環境での OpenID Connect / SCIM の具体的実装方法 idit2014
 
Synergies of Cloud Identity: Putting it All Together
Synergies of Cloud Identity: Putting it All TogetherSynergies of Cloud Identity: Putting it All Together
Synergies of Cloud Identity: Putting it All Together
 
Transforming organizations into platforms
Transforming organizations into platformsTransforming organizations into platforms
Transforming organizations into platforms
 
Beveiliging en REST services
Beveiliging en REST servicesBeveiliging en REST services
Beveiliging en REST services
 
OpenID ConnectとSCIMの標準化動向
OpenID ConnectとSCIMの標準化動向OpenID ConnectとSCIMの標準化動向
OpenID ConnectとSCIMの標準化動向
 
#dd12 OAuth for Domino Developers
#dd12 OAuth for Domino Developers#dd12 OAuth for Domino Developers
#dd12 OAuth for Domino Developers
 
Five Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern IdentityFive Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern Identity
 
SCIM presentation from CIS 2012
SCIM presentation from CIS 2012SCIM presentation from CIS 2012
SCIM presentation from CIS 2012
 
Twobo LDAP Attribute Store for ADFS
Twobo LDAP Attribute Store for ADFSTwobo LDAP Attribute Store for ADFS
Twobo LDAP Attribute Store for ADFS
 

Similar to The JSON-based Identity Protocol Suite

Cassandra 3.0 - JSON at scale - StampedeCon 2015
Cassandra 3.0 - JSON at scale - StampedeCon 2015Cassandra 3.0 - JSON at scale - StampedeCon 2015
Cassandra 3.0 - JSON at scale - StampedeCon 2015
StampedeCon
 
Overview of JSON Object Signing and Encryption
Overview of JSON Object Signing and EncryptionOverview of JSON Object Signing and Encryption
Overview of JSON Object Signing and Encryption
Masaru Kurahayashi
 
支撐英雄聯盟戰績網的那條巨蟒
支撐英雄聯盟戰績網的那條巨蟒支撐英雄聯盟戰績網的那條巨蟒
支撐英雄聯盟戰績網的那條巨蟒
Toki Kanno
 

Similar to The JSON-based Identity Protocol Suite (20)

JWTs and JOSE in a flash
JWTs and JOSE in a flashJWTs and JOSE in a flash
JWTs and JOSE in a flash
 
A Primer on JSON Web Tokens
A Primer on JSON Web TokensA Primer on JSON Web Tokens
A Primer on JSON Web Tokens
 
NoSql-YesSQL mickey alon
NoSql-YesSQL mickey alon NoSql-YesSQL mickey alon
NoSql-YesSQL mickey alon
 
IoT関連技術の動向@IETF87
IoT関連技術の動向@IETF87IoT関連技術の動向@IETF87
IoT関連技術の動向@IETF87
 
HFile: A Block-Indexed File Format to Store Sorted Key-Value Pairs
HFile: A Block-Indexed File Format to Store Sorted Key-Value PairsHFile: A Block-Indexed File Format to Store Sorted Key-Value Pairs
HFile: A Block-Indexed File Format to Store Sorted Key-Value Pairs
 
I Left My JWT in San JOSE
I Left My JWT in San JOSEI Left My JWT in San JOSE
I Left My JWT in San JOSE
 
Introduction to the Emerging JSON-Based Identity and Security Protocols
Introduction to the Emerging JSON-Based Identity and Security ProtocolsIntroduction to the Emerging JSON-Based Identity and Security Protocols
Introduction to the Emerging JSON-Based Identity and Security Protocols
 
HBase Data Modeling and Access Patterns with Kite SDK
HBase Data Modeling and Access Patterns with Kite SDKHBase Data Modeling and Access Patterns with Kite SDK
HBase Data Modeling and Access Patterns with Kite SDK
 
Event-driven IO server-side JavaScript environment based on V8 Engine
Event-driven IO server-side JavaScript environment based on V8 EngineEvent-driven IO server-side JavaScript environment based on V8 Engine
Event-driven IO server-side JavaScript environment based on V8 Engine
 
Pki by Steve Lamb
Pki by Steve LambPki by Steve Lamb
Pki by Steve Lamb
 
What’s new in JSR 367 Java API for JSON Binding
What’s new in JSR 367 Java API for JSON BindingWhat’s new in JSR 367 Java API for JSON Binding
What’s new in JSR 367 Java API for JSON Binding
 
BCS_PKI_part1.ppt
BCS_PKI_part1.pptBCS_PKI_part1.ppt
BCS_PKI_part1.ppt
 
Cassandra 3.0 - JSON at scale - StampedeCon 2015
Cassandra 3.0 - JSON at scale - StampedeCon 2015Cassandra 3.0 - JSON at scale - StampedeCon 2015
Cassandra 3.0 - JSON at scale - StampedeCon 2015
 
Hfile格式详细介绍
Hfile格式详细介绍Hfile格式详细介绍
Hfile格式详细介绍
 
Overview of JSON Object Signing and Encryption
Overview of JSON Object Signing and EncryptionOverview of JSON Object Signing and Encryption
Overview of JSON Object Signing and Encryption
 
Best Practices of IoT in the Cloud
Best Practices of IoT in the CloudBest Practices of IoT in the Cloud
Best Practices of IoT in the Cloud
 
Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the CloudBest Practices for IoT Security in the Cloud
Best Practices for IoT Security in the Cloud
 
Introduction to JWT and How to integrate with Spring Security
Introduction to JWT and How to integrate with Spring SecurityIntroduction to JWT and How to integrate with Spring Security
Introduction to JWT and How to integrate with Spring Security
 
支撐英雄聯盟戰績網的那條巨蟒
支撐英雄聯盟戰績網的那條巨蟒支撐英雄聯盟戰績網的那條巨蟒
支撐英雄聯盟戰績網的那條巨蟒
 
Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the CloudBest Practices for IoT Security in the Cloud
Best Practices for IoT Security in the Cloud
 

Recently uploaded

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

Recently uploaded (20)

Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 

The JSON-based Identity Protocol Suite

  • 1. The JSON-based Identity Protocol Suite By Travis Spencer Copyright © 2013 Twobo Technologies AB.
  • 2. Overview of the Protocol Suite  JavaScript Object Notation (JSON) – Data encoding format popularized by AJAX & REST  All being defined in IETF  Used to encode OAuth 2.0 security model  Tokens (JWT) Encryption (JWE)  Keys (JWK) Signatures (JWS)  OAuth 2.0 Bearer Token spec binds it to OAuth  Basis of OAuth and OpenID Connect Copyright © 2013 Twobo Technologies AB.
  • 3. Overview of JWT  JWT – pronounced “jot” – are lightweight tokens passed in HTTP headers & query strings  Three basic sections – header, claims, signature  Akin to SAML tokens  Less expressive  Less security options  Encoded w/ JSON not XML for compactness Copyright © 2013 Twobo Technologies AB.
  • 4. Basic Layout & Wire Format Header Claims Crypto JWT Token base64url(Header) + “.” + base64url(Claims) + “.” + base64url(Crypto) Copyright © 2013 Twobo Technologies AB.
  • 5. Claims Section  Reserved (but optional) claim names  Expiration time (exp) Issuer (iss)  Not before (nbf) Type (typ)  Issued at (iat) Audience (aud)  Public claim names  IANA JWT claims registry  Domain name, OID, or UUID  Private claim names – Any unused name  Value can be any JSON type Copyright © 2013 Twobo Technologies AB.
  • 6. Overview of JWE  Used to encrypt JWTs  Supports symmetric & asymmetric encryption  Three basic sections – header, key, ciphertext  Plaintext may be signed first  Encryption algorithm  RSA1_5 A(128|256)KW  RSA-OAEP A(128|256)GCM  ECDH-ES  Cyphertext is put in the crypto section of the JWT Copyright © 2013 Twobo Technologies AB.
  • 7. Basic Layout & Wire Format Header Key Ciphertext JWE JWE = base64url(Header) + “.” + base64url(Key) + “.” + base64url(Ciphertext) Copyright © 2013 Twobo Technologies AB.
  • 8. Overview of JWK  Array of public keys encoded as JSON objects  Intended for inclusion in JWS for signature verification  Explicit support for Elliptic Curve and RSA keys Copyright © 2013 Twobo Technologies AB.
  • 9. JWK Example {“keyvalues” : {“algorithm” : “RSA”, [ “modulus” : “…”, {“algorithm” : “EC”, “exponent” : “…”, “curve” : “P-256”, “keyid” : “…”} ] “x” : “…”, } “y” : “…”, “use” : “encryption”, “keyid” : “1”}, Copyright © 2013 Twobo Technologies AB.
  • 10. Overview of JWS  Header input is JWT header  Payload input is JWT claims  Output is appended to JWT inputs & (optionally) points to the JWK that was used  Supports symmetric & asymmetric signing algorithms  HMAC SHA RSA SHA  ECDSA w/ curve P & SHA Copyright © 2013 Twobo Technologies AB.
  • 11. Basic Layout & Wire Format Header Payload JWS JWS = base64url(sig(base64url(Header) + “.” + base64url(Payload))) Copyright © 2013 Twobo Technologies AB.
  • 12. Questions & Thanks @2botech @travisspencer www.2botech.com www.travisspencer.com Copyright © 2013 Twobo Technologies AB.

Editor's Notes

  1. Crypto = Signature & Ciphertext