closing note

of 33/33
Closing Note @_nat / www.sakimura.org IDENTITY CONFERENCE dCon #10 ©2011 Nat Sakimura.

Post on 20-Nov-2014

2.150 views

Category:

Technology

0 download

Embed Size (px)

DESCRIPTION

・サイバー犯罪の現状と国際的な動き・OpenID Summit Tokyo 告知・OAuth/OpenID Connect で情報連携基盤を設計してみる会・会員募集

TRANSCRIPT

  • 1. Closing NoteIdCon #10 IDENTITY CONFERENCE @_nat / www.sakimura.org2011 Nat Sakimura.

2. *[email protected]*1 3. EUROPOL Public InformationEUROPOL Public Information IDEU McAfee(2009)$1THREAT ASSESSMENT 100 (ABRIDGED)INTERNET FACILITATEDORGANISED CRIME700iOCTA EU + O2 Analysis & KnowledgeThe Hague, 07/01/11 FILE NO.: 2530-264EUROPOL Public Information Page 1 of 11Europol Threat Assessment Internet Facilitated Organised Crime(2011) File No. 2530-264 2 4. 90 22 20 35% NY 1100 300 GPS Mike Saunders Multi National Experiment 7 3 5. Unclassified//For Official Use OnlyMultinational Experiment 7 Wg Cdr Mike Saunders DCDC Futures 4 SO14Unclassified//For Official Use Only Mike Saunders Multi National Experiment 7 4 6. 5 7. OpenID Summit Tokyo 12/1 Thu @UDX www.event-info.com/openid6 8. Andrew Nash Don ThibauKen KlingensteinDirector of Identity Executive Director, Senior Director,Ian GlazerProducts, Google OpenID Foundation Middleware and Security,Research Director JIPDECInternet2Identity and Privacy Strategy Team, Gartner Michael B. JonesChairman, Anthony NadalinJohn Bradley Standards Architect, Microsoft OpenID FoundationChief Security ArchitectBoard Member, NRI Microsoft OpenID Foundation Greg KeegstraKick Willemse Director, StrategicHal WarrenValter Nordh CMO, Director, Alliances at Janrain ProofLinkTask Leader, American Psychological eduGAIN 7Association 9. 8 10. OpenID Summit TokyoNetworking Party5000URLTwitter [email protected] 9 11. 10 12. 13. http://www.cas.go.jp/jp/seisaku/bangoseido 12 14. 15. ? A A A ID B BB C C C 14 16. 17. 1016()755 http://headlines.yahoo.co.jp/hl?a=20111016-00000060-san-pol 16 18. 17 19. IdCon #9 18 20. 21. OAuth 2.0/OpenID Connect IdCon #10 IDENTITY CONFERENCE 22. A 5. B C4.B 6. HTTP Request HTTP Response21 23. 1. access_token requestPOST /token HTTP/1.1Host: a.example.netContent-Type: application/x-www-form-urlencodedclient_id=https%3A%2F%2Fc.example.com&grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=jwt.assertion.here{"iss":"https://dai3.example.org","prn":https://c.example.com, {"typ":"JWT",subject:linkcode_c_1", "alg":RS256"} . "aud":"https://a.example.net", signature ."nbf":1300815780,"exp":1300819380,scope":basic4} 22 24. 2. Access Token ResponseHTTP/1.1 200 OKContent-Type: application/json;charset=UTF-8Cache-Control: no-store State Pragma: no-cache OK{ "access_token":"2YotnFZFEjr1zCsicMWpAA","token_type":"example","expires_in":3600} 23 25. 26. ConnectDistributed Claim OKA5. B C 3. UU4. Endpoint B + B UserInfo EP 6. BHTTP Request7. HTTP Response 25 27. 4. UserInfo ResponseHTTP/1.1 200 OKContent-Type: application/json;charset=UTF-8{"_claim_names": { "name": "src1", "address": "src1", "birthday": "src1", "gender": "src1" }, "_claim_sources": {"src1": { "endpoint": "https://b.example.com/data", "access_token": "ksj3n283dke"}}}26 28. 29. 30. Client Client Registration / Connect Registration Assertion Log Syslog Lifecycle IAA* active/archived/suspended 4 Etc.29* Identity Attribute Authority (cf. ISO/IEC 27460-1) 31. http://groups.google.com/group/rkiban 32. 31 33. IdCon #10 IDENTITY CONFERENCE32