Скачать презентацию Meeting the Privacy Goals of NSTIC in the Скачать презентацию Meeting the Privacy Goals of NSTIC in the

6391af68da1fbae944aa0e0e3740a070.ppt

  • Количество слайдов: 22

Meeting the Privacy Goals of NSTIC in the Short Term Presentation at the 2011 Meeting the Privacy Goals of NSTIC in the Short Term Presentation at the 2011 Internet Identity Workshop Francisco Corella and Karen P. Lewison Pomcor 1 05/03/2011 Pomcor

Contents n The following slides illustrate protocol steps described in the white paper “Achieving Contents n The following slides illustrate protocol steps described in the white paper “Achieving the Privacy Goals of NSTIC in the Short Term” available at http: //pomcor. com/whitepapers/NSTICWhite. Paper. pdf n There are three protocol variations: n n n 2 Attribute verification Delegated authorization Social login 05/03/2011 Pomcor

Attribute Verification 3 05/03/2011 Pomcor Attribute Verification 3 05/03/2011 Pomcor

Attribute Provider Attribute request + Callback URL Relying Party Browser Step 4 1 05/03/2011 Attribute Provider Attribute request + Callback URL Relying Party Browser Step 4 1 05/03/2011 Pomcor

Attribute Provider User’s long term TLS certificate Step 5 2 Attribute request + one-time Attribute Provider User’s long term TLS certificate Step 5 2 Attribute request + one-time Public Key Relying Party Retains callback URL. Browser 05/03/2011 Produces one-time key pair, retains one-time private key. Pomcor

Attribute Provider One-time cert binding attribute to one-time public key Relying Party Browser Step Attribute Provider One-time cert binding attribute to one-time public key Relying Party Browser Step 6 3 05/03/2011 Pomcor

Attribute Relying Provider Party Asks user’s permission to pass attribute to relying party Browser Attribute Relying Provider Party Asks user’s permission to pass attribute to relying party Browser Step 7 4 05/03/2011 Pomcor

Attribute Relying Provider Party Success Targets callback URL One-time cert used as TLS client Attribute Relying Provider Party Success Targets callback URL One-time cert used as TLS client cert Browser Step 8 5 05/03/2011 Uses one-time private key in TLS handshake Pomcor

Delegated Authorization 9 05/03/2011 Pomcor Delegated Authorization 9 05/03/2011 Pomcor

Site holding user’s account Access request + One-time public key + Callback URL Web Site holding user’s account Access request + One-time public key + Callback URL Web application Browser Step 10 1 05/03/2011 Pomcor

Site holding user’s account User’s long term TLS certificate Step 11 2 Access request Site holding user’s account User’s long term TLS certificate Step 11 2 Access request + one-time Public Key Browser 05/03/2011 Web application Retains callback URL Pomcor

Site holding user’s account One-time cert binding access grant to one-time public key Web Site holding user’s account One-time cert binding access grant to one-time public key Web application Browser Step 12 3 05/03/2011 Pomcor

Site holding user’s account Web application Asks user’s permission to grant access to application Site holding user’s account Web application Asks user’s permission to grant access to application Browser Step 13 4 05/03/2011 Pomcor

Site holding user’s account One-time cert with access grant Web application Targets callback URL Site holding user’s account One-time cert with access grant Web application Targets callback URL Browser Step 14 5 05/03/2011 Pomcor

Site holding user’s account Web application One-time cert with access grant used as TLS Site holding user’s account Web application One-time cert with access grant used as TLS client cert Browser Step 15 6 05/03/2011 Pomcor

Social Login Combines attribute verification And delegated authorization 16 05/03/2011 Pomcor Social Login Combines attribute verification And delegated authorization 16 05/03/2011 Pomcor

Attribute Provider Attribute request, access request, app’s one-time public key, callback URL Web application Attribute Provider Attribute request, access request, app’s one-time public key, callback URL Web application Browser Step 17 1 05/03/2011 Pomcor

Attribute Provider User’s long term TLS certificate Step 18 2 Attribute request, browser’s one-time Attribute Provider User’s long term TLS certificate Step 18 2 Attribute request, browser’s one-time public key, access request, app’s one-time public key Web application Retains callback URL. Browser 05/03/2011 Produces browser’s one-time key pair, retaining private key. Pomcor

Attribute Provider One-time cert binding attribute to browser’s one-time public key + one-time cert Attribute Provider One-time cert binding attribute to browser’s one-time public key + one-time cert binding access grant to app’s one-time public key Web application Browser Step 19 3 05/03/2011 Pomcor

Attribute Web application Provider Asks user’s permission to pass attribute and grant access to Attribute Web application Provider Asks user’s permission to pass attribute and grant access to application Browser Step 20 4 05/03/2011 Pomcor

Attribute Provider One-time cert with access grant Web application Targets callback URL One-time cert Attribute Provider One-time cert with access grant Web application Targets callback URL One-time cert with attribute used as TLS client cert Browser Step 21 5 05/03/2011 Uses one-time private key in TLS handshake Pomcor

Attribute Web application Provider One-time cert with access grant used as TLS client cert Attribute Web application Provider One-time cert with access grant used as TLS client cert Browser Step 22 6 05/03/2011 Pomcor