Based on the provided content, here are the requested items: "Enhanced Authentication Profile Working Group Overview
Explore the mission of the OpenID Enhanced Authentication Profile (EAP) Working Group led by Michael B. Jones from Microsoft. Discover how the EAP WG is developing security and privacy profiles for OpenID Connect to enable strong authentication using Token Binding and integration with technologies like FIDO. Learn about the EAP specifications, Token Binding updates, ACR values, and more.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
OpenID Enhanced Authentication Profile (EAP) Working Group Michael B. Jones Identity Standards Architect Microsoft April 25, 2022 | openid.net 1 1
What is the EAP WG? Working group description at https://openid.net/wg/eap/ Chartered to: Develop a security and privacy profile of the OpenID Connect specifications that enable users to authenticate to OpenID Providers using strong authentication specifications. The resulting profile will enable use of IETF Token Binding specifications with OpenID Connect and integration with FIDO relying parties and/or other strong authentication technologies. 2 OpenID EAP Working Group
Two EAP Specifications Token Bound Authentication Defines how to apply Token Binding to OpenID Connect ID Tokens EAP ACR Values Defines acr and amr values for strong authentication profiles Both became Implementer s Drafts in August 2019 3 OpenID EAP Working Group
Token Binding Update IETF Token Binding specs became RFCs in October 2018 Token Binding then stalled due to gaps in browser adoption OAuth 2.0 Token Binding Defines Token Binding of OAuth 2.0 access tokens, refresh tokens, authorization codes, JWT authorization grants, and JWT client authentication OpenID Connect Token Bound Authentication Defines Token Binding of OpenID Connect ID Tokens Spec work currently on hold, pending adoption progress 4 OpenID EAP Working Group
Two ACR Values Defined phr Phishing-Resistant An authentication mechanism where a party potentially under the control of the Relying Party cannot gain sufficient information to be able to successfully authenticate to the End User's OpenID Provider as if that party were the End User phrh Phishing-Resistant Hardware Protected An authentication mechanism meeting the requirements for phishing-resistant authentication above in which additionally information needed to be able to successfully authenticate to the End User's OpenID Provider as if that party were the End User is held in a hardware-protected device or component Phishing-Resistant definition based on 2008 OpenID Provider Authentication Policy Extension (PAPE) specification 5 OpenID EAP Working Group
Recently also defined pop AMR Value RFC 8176 defines Authentication Method Reference (AMR) values New AMR value motivated by WebAuthn & FIDO use cases pop Authentication using a Proof-of-Possession Key All WebAuthn/FIDO authenticators fulfill its requirements Complements these existing RFC 8176 AMR values hwk hardware-backed PoP key swk software-backed PoP key 6 OpenID EAP Working Group
Status Working group chairs are Brian Campbell and Mike Jones For more information, see the working group page https://openid.net/wg/eap/ Is it time for second Implementer s Draft of ACR/AMR spec? 7 OpenID EAP Working Group
Thank you. Visit: OpenID.net 8
