OPTIONAL. Informs the Authorization Server of the mechanism to be used for returning parameters from the Authorization Endpoint. This use of this parameter is NOT RECOMMENDED when the Response Mode that would be requested is the default mode specified for the Response Type.
OPTIONAL. Informs the Authorization Server of the mechanism to be used for returning Authorization Response parameters from the Authorization Endpoint. This use of this parameter is NOT RECOMMENDED with a value that specifies the same Response Mode as the default Response Mode for the Response Type used.
This specification defines the Form Post Response Mode. In this mode, Authorization Response parameters are encoded as HTML form values that are auto-submitted in the User Agent, and thus are transmitted via the HTTP POST method to the Client, with the result parameters being encoded in the body using the application/x-www-form-urlencoded format.
まぁ、要するにHTML formにresponse情報を入れてredirect_uriにPOSTしますよ、ってことです。ws-federationやSAMLのHTTP POST Bindingですね。
ここでも話は横にそれますが、今でこそOAuth2.0やOpenID Connectは認可コードをリライングパーティに発行し、リライングパーティは認可サーバのTokenエンドポイントへ投げ込んでaccess_tokenやid_tokenを受け取る、いわゆるresponse_type=codeのコードフローが主流になっていますが、SAMLも当初はHTTP POSTやRedirect BindingではなくArtifact Bindingが主に使われていた時代がありました。当時はフィーチャーフォンのブラウザなど扱えるURL長に制限があったり、フロントに大きなPOSTデータを持ってくると通信量が増えてパフォーマンスに大きく影響が出るなどの問題があり、ArtifactといわれるコードをService Providerへ提供、Service ProviderがIdentity ProviderへSAMLトークンをとりにいく、という流れが必要だったためです。当時と今では事情がことなりますが、認可コードフローとのままですね。なんといってもOpenID Connectは、開発中はOpenID ABC(Artifact Binding and Connect)って名前でしたし、OpenID Connect Coreの定義をしている、OpenID FoundationのAB/ConnectワーキンググループはArtifact Binding Working GroupとConnect Working Groupから組成されており、ABはArtifact Bindingなわけです。
US (241), followed by Canada (11). Germany, India, and Switzerland rounded out the top five with 9, 8, and 7 attendees respectively. Attendees from India (5), Thailand (3), and Korea (3) showed IIW's diversity with attendees from APAC. And there were 4 attendees from South America this time. Sadly, there were no attendees from Africa again.
Combatting fraud with real time identity verification
in person
5/23
3:45 AM - 4:00 AM
Anyone can identify a bicycle or count stop lights. How do we know our apps are serving the right users? CAPTCHAs do not work. Introducing Face Check using Microsoft Entra Verified ID: reduce sign-up friction, the risk of fraud and account takeover. Face Check enables apps to perform real time biometric match against identity documents issued by government (e.g. driver's license or passports) or businesses and education institutions.
-
On-Demand: Boost your app security with real time biometric authentica
in person
on-demand
Integrate simple-to-use APIs to upgrade your mobile, web or desktop apps with high-assurance identity verification to reduce friction and risk from account takeover and impersonation.
DEM760
Create secure applications in minutes with VS Code and External ID
in person
5/22
3:30 AM - 3:45 AM
Learn how to use the Microsoft Entra External ID extension for Visual Studio Code to create your first External ID application completely within your IDE. Bootstrap your development with pre-configured sample applications to quickly get you started.
DEM768
Create pixel perfect authentication experiences for native mobile apps
in person
5/24
4:45 AM - 5:00 AM
The Authentication API and SDK in External ID allow developers to create pixel perfect UX for sign in and sign up experiences in their mobile applications. Join our product experts to explore the APIs and SDKs for Microsoft Entra External ID that give you the control and flexibility to create fully custom and secure login experiences on mobile devices.
-
True zero-trust runtime security in AKS
online
on-demand
NeuVector is open source, container native and can make your containerized workloads more secure… today! See first hand how to get to true zero-trust runtime security in AKS and other Kubernetes deployments with NeuVector by SUSE. We will take an application through its deployment lifecycle, from Dev/Test to Q/A to Production, and automate the 'fingerprint" of appropriate behaviors in your software stack. Join us for this real-world example of how to not just identify attacks but to actually prevent them.
DEM766
Simple and secure app authentication with authentication brokers
in person
5/23
6:45 AM - 7:00 AM
We delve into the integration of Web Account Manager (WAM) on Windows through various MSAL libraries such as MSAL.NET, MSAL Python, and MSAL Java. The session will highlight the seamless authentication experiences enabled by WAM, which simplifies account management on Windows devices. We’ll explore how MSAL libraries facilitate public client authentication flows with Microsoft Entra ID, enhancing web, mobile, and desktop applications.
DEMFP867
Unleash the power of network APIs
in person
5/24
7:45 AM - 8:00 AM
Learn how you can leverage the advanced capabilities of telecom operator networks through APIs to enhance your applications. This session will cover GSMA Open Gateway and CAMARA, examples of how mobile operators are working with developers to open up network APIs, and how developers can engage via Microsoft’s platform and services with Azure Programmable Connectivity (APC). We will also showcase a demo mobile app using the network's APIs through APC and show the code on how to develop with it.
個人的に興味があるのは、1行目のCombatting fraud with real time identity verificationと最後の行のUnleash the power of network APIsくらいでしょうか。前者はEntra Verified IDとfacecheckの話です。後者はMicrosoftのイベントでは結構珍しくネットワークキャリアを対象としておりGSMAやCAMARAの話なんかをカバーしているっぽいので聞いてみたいですね。
JWTの仕様を見る限りnot case sentisiveとあるので、その後にあるレガシー実装との互換性のために常に"JWT(大文字)"を使うことを推奨という文言を舐めていました。
If present, it is RECOMMENDED that its value be "JWT" to indicate that this object is a JWT. While media type names are not case sensitive, it is RECOMMENDED that "JWT" always be spelled using uppercase characters for compatibility with legacy implementations.