Date: Wednesday, May 10, 2017 Time: 15:30-16:30
Location: AMMERSEE II
Using FIDO to implement the W3C Verifiable Claims Model
Today’s federated identity management infrastructures suffer from a number of problems, in particular with regard to the privacy of users. First, many Identity Providers (IdPs) are not willing to release the user attributes that Service Providers (SPs) require in order to provide the fine grained authorization they need. This necessitates the pulling of user identity attributes from other Attribute Authorities (AAs). In order to solve this 'attribute aggregation' problem, the...
Strong Authentication using Keys on your Devices Controlled by You
The W3C Web Authentication enables web applications to sign in using stronger methods than passwords – using authenticators that utilize private keys held on your devices that are used with user permission, typically by employing a user “gesture” such as a biometric or PIN. This can also be used with the FIDO 2.0 Client To Authenticator Protocol (CTAP) protocol, which enables remote authenticators, such as those on phones, to be used when signing in.
Token Binding Standards and Applications
The IETF Token Binding standards enable data structures to be bound to a particular TLS channel – preventing them from being stolen and reused in unintended places. Data structures that can be Token Bound include browser cookies, ID Tokens, Access Tokens, and Refresh Tokens. This presentation will discuss the Token Binding mechanisms, the kinds of threats they mitigate, and the current deployment status.