edu-id mobile app for smart environments
Post on 22-Jan-2018
213 Views
Preview:
TRANSCRIPT
FHO Fachhochschule Ostschweiz
edu-ID Mobile App for Smart Environments@phish108 @htwblc!
What happened so far …
@phish108 @htwblc
Authorization is about Trust
OrganizationTrusted
User &App StoreTrusted
Mobile DeviceService Federation
Untrusted
Personal Data
Internet
@phish108 @htwblc
Use-case 1: Responsive Web-Apps (OpenID Connect / OAuth2 or SAML)
@phish108 @htwblc
Swiss Academic Domain(Organisation Trusted)
University Server
SWITCH Server
Internet Mobile Device(User and App Store Trusted)
EDUID Service
Academic Service
Web-App
@phish108 @htwblc
Use-case 2: Integrated Service (AppAuth)
Swiss Academic Domain(Organisation Trusted)
Mobile Device(User and App Store Trusted)
University Server
SWITCH Server
Internet
EDUID Service
Academic Service
Web-Browser
Third Party App
Inte
grat
ed S
ervic
e
@phish108 @htwblc
Use-case 3: EduID Mobile App(Token-agent assertions)
Swiss Academic Domain(Organisation Trusted)
University Server
SWITCH Server
Internet Mobile Device(User and App Store Trusted)
EDUID Service (OIDC AP)
Academic Service
EDUID Mobile App (Trust & Token Agent)
Third Party App
Exte
nd
ed
Tru
st
Do
ma
in
@phish108 @htwblc
EduID Mobile App Reference ArchitectureSwiss Academic Domain
(Organisation Trusted)
University Server
SWITCH Server
Internet Mobile Device(User and App Store Trusted)
EDUID Service (OIDC AP)
Academic Service
EDUID Mobile App (Trust & Token Agent)
Third Party App
OAuth2 Access Token
OAuth2 Access Token
Authorization Request
RFC 7521/7523 + RFC 7800 or App Auth
RFC 7521/7523 + RFC 7800 via RedirectURL
OIDC ID + OAuth2 Access Token
RFC 7521/7523 + RFC 7800+ OIDC Scope
OIDC ID + OAuth2 Access Token
OAuth2 Access Token
ACL Handling
1
234
5
@phish108 @htwblc
EduID Mobile App Implementation StatusSwiss Academic Domain
(Organisation Trusted)
University Server
SWITCH Server
Internet Mobile Device(User and App Store Trusted)
EDUID Service (OIDC AP)
Academic Service
EDUID Mobile App (Trust & Token Agent)
Third Party App
OAuth2 Access Token
OAuth2 Access Token
Authorization Request
RFC 7521/7523 + RFC 7800 or App Auth
RFC 7521/7523 + RFC 7800 via RedirectURL
OIDC ID + OAuth2 Access Token
RFC 7521/7523 + RFC 7800+ OIDC Scope
OIDC ID + OAuth2 Access Token
OAuth2 Access Token
ACL Handling
1
234
5
NAIL IntegrationiOS + Android
Cordova PluginMoodle OAuth2+ JWE Support
OAuth2 & OIDCFull-Stack Service
Node-OIDC-Provider Integration with LDAP Backend Support• ES2017 + NodeJS 8• LDAP-based User Management• LDAP-based Service/Federation Management• Separate Directory Organisation• Configurable Attribute Mapping• Full JOSE Support (strong JWE encryption covered)• OIDC certified - details at: github.com/panva/node-oidc-provider• OSS under MIT License
@phish108 @htwblc
OIDC Full Stack ImplementationFor all 3 Use-cases + Web-Service Integration
Further reading http://htw.ac/eduid-mobile @htwblc
http://htw.ac/blc-blog
FHO Fachhochschule Ostschweiz
top related