The OpenID Connect protocol, in abstract, follows the following steps. The RP (Client) sends a request to the OpenID Provider (OP). The OP authenticates the End-User and obtains authorization. The OP responds with an ID Token and usually an Access Token. The RP can send a request with the Access Token to the UserInfo Endpoint.… Continue reading OpenID Connect Simple Sequence Diagram
Author: mustnotgrumble
Zepp Sensor for Golf and Tennis: An Example of a Good App Strategy
People who know me know that I am equally bad at both golf and tennis. Because I'm keen on gadgets (and excuse all purchases as research into the internet of things), I had to purchase the new Zepp Golf sensor. The golf sensor attaches to the back of my golf glove and tracks my slow slices… Continue reading Zepp Sensor for Golf and Tennis: An Example of a Good App Strategy
Comparison of OpenID Connect with OAuth2.0 & SAML2.0
The following is a high level feature comparison between OpenID Connect 1.0, OAuth 2.0 & SAML 2.0 OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to… Continue reading Comparison of OpenID Connect with OAuth2.0 & SAML2.0
NASCAR problem in authorisation server selection
An aim of OpenID Connect is to solve the problem of death by a thousand passwords by allowing the user to select their identity provider including ones that the relying party has never heard of through Dynamic Registration. A problem of allowing the user to select their identity provider is that the authentication challenge page needs… Continue reading NASCAR problem in authorisation server selection
An Identity Management System in TOGAF: How to Fit IdM to ADM?
The TOGAF Architecture Development Method (ADM) is designed to be sufficiently generic to cover all types of IT programmes. This generalism means that the ADM method can support both organisation and governmental identity management projects. This blog post, as part of a series on identity management in TOGAF, shall cover the best fit of the… Continue reading An Identity Management System in TOGAF: How to Fit IdM to ADM?
An Identity Management System in TOGAF: stakeholders, concerns, views & viewpoints
This article is how I would deliver an Identity Management architecture and implementation in accordance with the Open Group's TOGAF architecture development method. This post is based on my personal experience as a digital enterprise architect and as a solution architect implementing indenting management, master data management and security systems. I intend this to be… Continue reading An Identity Management System in TOGAF: stakeholders, concerns, views & viewpoints
Remote Control Soufflés: Challenge of M2M Authentication & Authorisation and Mobile data offloading
Some M2M devices will always connect to the internet using a fixed network connection / Wifi and others will always connect using a mobile network connection using an eUICC but there will be some that will offer both wifi and mobile network. It is these devices that will need to support wifi offloading where possible. … Continue reading Remote Control Soufflés: Challenge of M2M Authentication & Authorisation and Mobile data offloading
Open ID Connect and GSMA Mobile Connect
OpenID Connect (final specs launched Feb 2014) is an interoperable authentication protocol based on the OAuth 2.0 family of specifications. It uses straightforward REST/JSON message flows with a design goal of “making simple things simple and complicated things possible”. OpenID Connect lets developers authenticate their users across websites and apps without having to own and manage… Continue reading Open ID Connect and GSMA Mobile Connect
PAYM and Donor Led Mobile Number Porting Use Case
The PAYM mobile payment service enables UK bank customers to transfer money to an individual using their mobile phone number (MSISDN) as the identifier. Currently nine banks and building societies have adopted the PAYM service and customers of these providers can now register to use the service. The PAYM architecture is based on a centralised database of receiver's MSISDNs.… Continue reading PAYM and Donor Led Mobile Number Porting Use Case
Securing Smart Device Communication using ETSI M2M Service Capability Layer (SCL)
Smart M2M devices require authentication & registration with the mobile network. Standardisation of service is proposed by the ETSI Service Capability Layer deployed to the Mobile Internet Device / Gateway. Security between the network and the mobile internet device requires authentication, key agreement and establishment that enable M2M Service Bootstrap, provisioning and M2M Service Connection procedures… Continue reading Securing Smart Device Communication using ETSI M2M Service Capability Layer (SCL)
API Crazy 