Difference between revisions of "Native App URI Handlers"
From MgmtWiki
(→References) |
(→Solutions) |
||
| Line 12: | Line 12: | ||
==Solutions== | ==Solutions== | ||
*OpenID has published [https://nat.sakimura.org/wp-content/uploads/2013/08/openid-connect-selfissued-1_0.html Self-issued OpenID Connect Provider]. | *OpenID has published [https://nat.sakimura.org/wp-content/uploads/2013/08/openid-connect-selfissued-1_0.html Self-issued OpenID Connect Provider]. | ||
| + | *[[Self-issued Identifier]] | ||
| + | *[[Best Practice and Example Self-issued Identifier]] | ||
*Certification of the [[Native App]] please refer to page [[Native App Security]]. | *Certification of the [[Native App]] please refer to page [[Native App Security]]. | ||
*The [[Native App]] should perform all [[Authentication]] of the user by way of a browser ([[User Agent]]) selected by the user and running on the user's device using a trusted [[Identifier or Attribute Provider]]. | *The [[Native App]] should perform all [[Authentication]] of the user by way of a browser ([[User Agent]]) selected by the user and running on the user's device using a trusted [[Identifier or Attribute Provider]]. | ||
Revision as of 13:22, 18 December 2018
Full Title or Meme
A Native App can register to receive HTTP calls from the browser on the User Device,
Context
- Many web applications would like to improve their User Experience by installing a Native App on the user device to provide more performant responses to user input. This has been enabled on most User Devices by operating system enhancement that allow the registration of the web site's URL and intercepting HTTP requests so that they can be partially or fully handled on the local device.
Problems
- Several Identity Management problems can potentially be solved by this same mechanism.
- If the user wishes to create Self-issued Identifiers that can act like Identifier or Attribute Providers to a Relying Party they can install such a provider on their own device and redirect calls for authentication back to themselves.
Solutions
- OpenID has published Self-issued OpenID Connect Provider.
- Self-issued Identifier
- Best Practice and Example Self-issued Identifier
- Certification of the Native App please refer to page Native App Security.
- The Native App should perform all Authentication of the user by way of a browser (User Agent) selected by the user and running on the user's device using a trusted Identifier or Attribute Provider.
- Pre Oauth Entity Trust describes a means to represent third-party application endorsement for health care applications. POET’s goal is to help consumers distinguish between applications that have an endorsement versus applications that have no pedigree (i.e untrusted and could be malicious).
References
- Native App general page on this wiki
- Native App Security page on this wiki
- Native App Privacy page on this wiki
- W3C page on web apps best practices as of (2010-12-10).
- IETF RFC 8252 OAuth 2.0 for Native Apps https://tools.ietf.org/html/bcp212#section-7.2
- Apple App Store Review Guidelines https://developer.apple.com/app-store/review/guidelines/
- Microsoft web-app linking.
- description of use of this technique in OAuth 2.0 implementations.
