Download
meeting the privacy goals of nstic in the short term n.
Skip this Video
Loading SlideShow in 5 Seconds..
Meeting the Privacy Goals of NSTIC in the Short Term PowerPoint Presentation
Download Presentation
Meeting the Privacy Goals of NSTIC in the Short Term

Meeting the Privacy Goals of NSTIC in the Short Term

450 Vues Download Presentation
Télécharger la présentation

Meeting the Privacy Goals of NSTIC in the Short Term

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Meeting the Privacy Goals of NSTIC in the Short Term Presentation at the 2011 Internet Identity Workshop Francisco Corella and Karen P. Lewison Pomcor Pomcor

  2. Contents • The following slides illustrate protocol steps described in the white paper “Achieving the Privacy Goals of NSTIC in the Short Term” available at http://pomcor.com/whitepapers/NSTICWhitePaper.pdf • There are three protocol variations: • Attribute verification • Delegated authorization • Social login Pomcor

  3. Attribute Verification Pomcor

  4. Attribute Provider Relying Party Attribute request + Callback URL Browser Step 1

  5. Attribute request + one-time Public Key Attribute Provider Relying Party User’s long term TLS certificate Retains callback URL. Produces one-time key pair, retains one-time private key. Browser Step 2

  6. One-time cert binding attribute to one-time public key Attribute Provider Relying Party Browser Step 3

  7. Attribute Provider Relying Party Asks user’s permission to pass attribute to relying party Browser Step 4

  8. Attribute Provider Relying Party Success Targets callback URL One-time cert used as TLS client cert Browser Browser Uses one-time private key in TLS handshake Step 5

  9. Delegated Authorization Pomcor

  10. Site holding user’s account Web application Access request + One-time public key + Callback URL Browser Step 1

  11. Site holding user’s account Access request + one-time Public Key Web application User’s long term TLS certificate Retains callback URL Browser Step 2

  12. Site holding user’s account One-time cert binding access grant to one-time public key Web application Browser Step 3

  13. Site holding user’s account Web application Asks user’s permission to grant access to application Browser Step 4

  14. Site holding user’s account Web application One-time cert with access grant Targets callback URL Browser Browser Step 5

  15. Site holding user’s account Web application One-time cert with access grant used as TLS client cert Browser Browser Step 6

  16. Social Login Combines attribute verification And delegated authorization Pomcor

  17. Attribute Provider Web application Attribute request, access request, app’s one-time public key, callback URL Browser Step 1

  18. Attribute request, browser’s one-time public key, access request, app’s one-time public key Attribute Provider Web application User’s long term TLS certificate Retains callback URL. Produces browser’s one-time key pair, retaining private key. Browser Step 2

  19. One-time cert binding attribute to browser’s one-time public key + one-time cert binding access grant to app’s one-time public key Attribute Provider Web application Browser Step 3

  20. Attribute Provider Web application Asks user’s permission to pass attribute and grant access to application Browser Step 4

  21. Attribute Provider Web application One-time cert with access grant Targets callback URL One-time cert with attribute used as TLS client cert Browser Browser Uses one-time private key in TLS handshake Step 5

  22. Attribute Provider Web application One-time cert with access grant used as TLS client cert Browser Browser Step 6