Alternate security - PowerPoint PPT Presentation

1 / 9
About This Presentation
Title:

Alternate security

Description:

globus directories? WTF? Developer experience: Buzkashi ... Relying party validates that credentials originated from relying party using shared secret. ... – PowerPoint PPT presentation

Number of Views:18
Avg rating:3.0/5.0
Slides: 10
Provided by: Krista85
Category:

less

Transcript and Presenter's Notes

Title: Alternate security


1
THE US NATIONAL VIRTUAL OBSERVATORY
Alternate security mechanisms
Matthew J. Graham (Caltech, NVO)
2
Security review
  • Users dont care about protocols and standards
    they care about better experience with enhanced
    privacy and security
  • User experience
  • why is security necessary?
  • Certificates? .globus directories? WTF?
  • Developer experience
  • Buzkashi
  • Community interests
  • Decentralization

3
OpenID
  • Single digital identity for use with any web site
    or service requiring authentication
  • Open, free and decentralized standard
  • Well supported
  • 120 million OpenIDs (July 2007)
  • Microsoft, Google, Yahoo (Jan 2008)

4
OpenID how it works
  • User registers an OpenID identity (URI or XRI)
    with an OpenID identity provider
  • Relying party (service provider) displays single
    input box for OpenID identifier
  • Relying party converts OpenID identifier to a
    canonical URL form and obtains identity service
    provider URL from there
  • Relying party and identity provider establish
    shared secret and then user is redirected to
    identity provider for authentication
  • User is redirected back to relying party along
    with credentials. Relying party validates that
    credentials originated from relying party using
    shared secret.

5
OpenID issues
  • NVO setting up prototype OpenID identity provider
    service alongside current SSO setup
  • use attribute to strengthen
  • OpenID has little provision for web services
    (SOAP or RESTful)
  • requires communication between user and relying
    party and user and identity provider
  • checkid_immediate?
  • check_authentication?

6
OAuth
  • An API access delegation protocol
  • Well supported
  • User grants access to their protected resources
    to a consumer using tokens generated by a service
    provider instead of their credentials
  • Defines three endpoints
  • Request token
  • User authentication
  • - Access token

7
Oauth how it works
8
OAuth
  • All done with HTTP GET/POST and headers
  • As with OpenID, requires some level of user
    interaction capture credentials or request
    approval

9
Summary
  • Industry embracing decentralised security
    mechanisms
  • web of trust vs hierarchical model
  • Currently well-suited to web apps involving a
    browser but not to web services (no user)
  • What is the Grid community doing?
  • Shibboleth/GridShib?
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Alternate security" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!