Understanding the Synergy of OpenID and FIDO for Secure Identity Authentication

Slide Note
Embed
Share

Explore the seamless integration of OpenID Connect and FIDO protocols to enhance identity verification, prevent phishing attacks, and enable passwordless logins across various platforms and services. Discover how leading companies leverage these standards to create a robust authentication framework with minimal effort for both users and service providers.

amil_516
amil_516 Follow

Uploaded on Sep 28, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. OpenID and FIDO October 21, 2021 Michael B. Jones Identity Standards Architect Microsoft

  2. Working Together OpenID Connect

  3. What is OpenID Connect? Simple identity layer on top of OAuth 2.0 Enables Relying Parties (RPs) to verify identity of end-user Enables RPs to obtain basic profile info REST/JSON interfaces low barrier to entry Described at https://openid.net/connect/

  4. Youre Almost Certainly Using OpenID Connect! Android, AOL, Apple, AT&T, Auth0, Deutsche Telekom, ForgeRock, Google, GrabTaxi, GSMA Mobile Connect, IBM, KDDI, Microsoft, NEC, NTT, Okta, Oracle, Orange, Ping Identity, Red Hat, Salesforce, Softbank, Symantec, Telef nica, Verizon, Yahoo, Yahoo! Japan, all use OpenID Connect Many other sites and apps large and small use OpenID Connect OpenID Connect is infrastructure Not a consumer brand

  5. OpenID and FIDO are Complementary Can use FIDO for phishing-resistant sign-in at OpenID Connect Identity Providers Passwordless login to your Microsoft account Unphishable second factor for your Google account Those IdPs then use OpenID Connect to sign you into RPs Hotmail, Skype, Office 365, Gmail, YouTube, Google Docs, Extends benefits of FIDO to millions of OpenID RPs With no extra work needed by those RPs!

  6. Using FIDO and OpenID Together login.microsoft online.com hotmail.com Authenticator WebAuthn/FIDO OpenID Connect

  7. FIDO makes OpenID Phishing-Resistant OpenID Connect is intentionally silent on how the person signs in to the IdP Enables IdPs to adopt new authentication methods over time Such as using WebAuthn/FIDO FIDO defines phishing-resistant authentication methods Authenticators used for both passwordless login and second factor Using them together makes OpenID Connect phishing resistant!

  8. Connective Tissue OpenID Connect RPs can request use of phishing-resistant authentication by IdPs WebAuthn/FIDO Authenticators can satisfy these requests OpenID Connect Extended Authentication Profile (EAP) https://openid.net/specs/openid-connect-eap-acr-values-1_0.html Defines ACR values for phishing-resistant authentication (phr, phrh) Defines AMR value for Proof of Possession (pop) RP can learn whether phishing-resistant authentication was performed by IdP

  9. What is OpenID Certification? Enables OpenID Connect (and FAPI) implementations to be certified as meeting the requirements of defined conformance profiles Goal is to make high-quality, secure, interoperable implementations the norm An OpenID Certification has two components: Technical evidence of conformance resulting from testing Legal statement of conformance Currently 984 certifications of 334 deployments! See https://www.certification.openid.net/

  10. Use of Self-Certification OpenID Certification uses self-certification Party seeking certification does the testing (rather than paying a 3rd party to do the testing) Simpler, quicker, less expensive, more scalable than 3rd party certification Results are nonetheless trustworthy because Testing logs are made available for public scrutiny Organization puts its reputation on the line by making a public declaration that its implementation conforms to the profile being certified to

  11. Related Sessions Today Global Assured Identity Network (GAIN): Building an Assured Identity Layer for the Internet 10:30-Noon Bringing mobile driving licenses (mDL) to the Web and apps 1:30-3:00 Shared Signals and Events (SSE) 5:00-6:30

  12. Open Conversation How are you using FIDO with OpenID Connect? Slides will be posted at https://self-issued.info/

Related


OpenID Connect Working Group Update & Progress Report

OpenID Connect Working Group Update & Progress Report

madiha
Unveiling the Power of OpenID Connect

Unveiling the Power of OpenID Connect

marlie
SSO Solution Using OAuth and OpenID Connect for Defense Logistics Agency

SSO Solution Using OAuth and OpenID Connect for Defense Logistics Agency

brynleigh
Comprehensive Guide to Using FIDO for Enhanced Identity Management

Comprehensive Guide to Using FIDO for Enhanced Identity Management

maximilian
Overcoming the UX Challenges Faced by FIDO Credentials in the Faced by FIDO Credentials in the Consumer Space

Overcoming the UX Challenges Faced by FIDO Credentials in the Faced by FIDO Credentials in the Consumer Space

talullah
Understanding OpenID Connect: A Comprehensive Overview

Understanding OpenID Connect: A Comprehensive Overview

caiden
Understanding OpenID Federation for Trust Establishment

Understanding OpenID Federation for Trust Establishment

willem
OpenID Connect Working Group

OpenID Connect Working Group

jaydon
Understanding Authentication Mechanisms and Security Vulnerabilities

Understanding Authentication Mechanisms and Security Vulnerabilities

lev_tre
An Open-Source SPDM Implementation for Secure Device Communication

An Open-Source SPDM Implementation for Secure Device Communication

eley395
Understanding Kerberos Authentication in Network Security

Understanding Kerberos Authentication in Network Security

pcapp
Understanding Kerberos Authentication Protocol

Understanding Kerberos Authentication Protocol

bri_pr
Evolution of User Authentication Practices: Moving Beyond IP Filtering

Evolution of User Authentication Practices: Moving Beyond IP Filtering

rin_fi
DAVA Drugs Authentication & Verification Application by National Informatics Centre

DAVA Drugs Authentication & Verification Application by National Informatics Centre

ruxt_322
Setting Up Multi-Factor Authentication at Moraine Park

Setting Up Multi-Factor Authentication at Moraine Park

leid_3
Enhancing the Synergy Between Astroparticle Physics and Geoscience: APPEC-GEO8 Workshop Insights

Enhancing the Synergy Between Astroparticle Physics and Geoscience: APPEC-GEO8 Workshop Insights

starlynnc
Understanding SAML for Secure Single Sign-On

Understanding SAML for Secure Single Sign-On

amrutham
Guide to Setting Up EU Login and Two-Factor Authentication

Guide to Setting Up EU Login and Two-Factor Authentication

wolfgang
Security and Authentication in Electronic Filing Systems: Arkansas Subcommittee Report

Security and Authentication in Electronic Filing Systems: Arkansas Subcommittee Report

harri
The Importance of Digital Identity in Modern Society

The Importance of Digital Identity in Modern Society

cormac
Achieving Synergy Through Cooperation and Collaboration

Achieving Synergy Through Cooperation and Collaboration

blor
Insights from OpenID Connect Success

Insights from OpenID Connect Success

aragon
SEAL Project: Enhancing Identity Management and KYC Solutions

SEAL Project: Enhancing Identity Management and KYC Solutions

jade936
Enhancing Security with Two-Factor Authentication in Funding & Tenders Portal

Enhancing Security with Two-Factor Authentication in Funding & Tenders Portal

torquil

More Related Content

Setting Up Two-Factor Authentication for HRMS Access
Setting Up Two-Factor Authentication for HRMS Access
Implementing 2FA for UW Azure AD: Best Practices and Options
Implementing 2FA for UW Azure AD: Best Practices and Options
Authentication and Authorization in Astronomy: A Deep Dive into ASTERICS
Authentication and Authorization in Astronomy: A Deep Dive into ASTERICS
Enhancing Security with Multi-Factor Authentication in IAM
Enhancing Security with Multi-Factor Authentication in IAM
Two-Step Authentication Implementation for Enhanced Security
Two-Step Authentication Implementation for Enhanced Security
Subscription Transfer via Old Primary Device Proposal for TS.43
Subscription Transfer via Old Primary Device Proposal for TS.43
Building Synergy Through Value-Based Leadership: A Guide to Problem-Solving and Team Development
Building Synergy Through Value-Based Leadership: A Guide to Problem-Solving and Team Development
Eco-Social Organizations: Synergy, Holism, and Diversity for Service Learning and Social Justice
Eco-Social Organizations: Synergy, Holism, and Diversity for Service Learning and Social Justice
Unlocking Educational Synergy with DIKSHA & Google Classroom
Unlocking Educational Synergy with DIKSHA & Google Classroom
Joint Transnational Call (JTC) 2017 in Synergy with FET Flagships: Overview & Opportunities
Joint Transnational Call (JTC) 2017 in Synergy with FET Flagships: Overview & Opportunities
Recent Projects and Services Offered by Synergy Exports LLP in Various Industries
Recent Projects and Services Offered by Synergy Exports LLP in Various Industries
SYNERGY Reference Model for Data Provision and Aggregation
SYNERGY Reference Model for Data Provision and Aggregation
Guide to Validating Eligibility Codes on Synergy Provider Portal
Guide to Validating Eligibility Codes on Synergy Provider Portal
Understanding Digital Identity in the Modern Age
Understanding Digital Identity in the Modern Age
Global Mobility and Legal Identity Strategy Presentation
Global Mobility and Legal Identity Strategy Presentation
Understanding Authorization in Modern Applications
Understanding Authorization in Modern Applications
Importance of Multi-Factor Authentication in Ensuring Data Security
Importance of Multi-Factor Authentication in Ensuring Data Security
Redefining Irish Identity in a Globalized World
Redefining Irish Identity in a Globalized World
United Nations Legal Identity Agenda and Civil Registration Guidelines
United Nations Legal Identity Agenda and Civil Registration Guidelines
United Nations Legal Identity Agenda: Achieving SDG 16.9
United Nations Legal Identity Agenda: Achieving SDG 16.9
Understanding Distance Bounding Protocols in Authentication
Understanding Distance Bounding Protocols in Authentication
Innovative Phishing-Resistant Cardholder Authentication and Payment Confirmation Method
Innovative Phishing-Resistant Cardholder Authentication and Payment Confirmation Method
Protect Yourself from Identity Theft: Tips and Information
Protect Yourself from Identity Theft: Tips and Information
Comprehensive Guide for Setting Up WireGuard Securely
Comprehensive Guide for Setting Up WireGuard Securely