Thursday, April 18 • 9:00am - 9:40am
SAML, OAuth 2, and SCIM

Sign up or log in to save this to your schedule and see who's attending!

This session will include the following subject(s):

SAML, OAuth 2, and SCIM - Overview and Application:

A discussion of how identity standards may apply to keystone, and how keystone may wish to align itself with these standards through Havana and beyond.

A brief tour will be given to level set the room on the following current and approaching standards. It is recommended that anyone wishing to participate in the discussion read the attached links for background information in order to prepare.

An XML-based identity assertions commonly used for cross-domain single sign-on
(A.K.A Federation) for Web SSO and Web Services (WS-*).
IETF drafts describe use with OAuth 2.0.

Executive Overview: http://bit.ly/16Hn35X

- OAuth 2 - token based authentication for web applications and APIs. Defines the client
software as a role. Separates issuing tokens from how you use a token. Token issuance is
defined both for browsers and for REST clients using a username/password. Token
format is not defined by OAuth2, but one proposed standard format is JWT.

OAuth2 Simplified: http://bit.ly/14aaH6U

- JWT - JSON Web Tokens, an upcoming standard format for structured tokens
(containing data) which are integrity protected and optionally encrypted.

JWT spec: http://bit.ly/15YAKMx

- SCIM - cross-domain user account creation and management. REST API for CRUD
operations around user accounts

Overview: http://www.simplecloud.info/

(Session proposed by David Waite)

Thursday April 18, 2013 9:00am - 9:40am

Attendees (0)