Device Token Protocol for Persistent Authentication Shared across Applications
This paper describes a protocol for enabling shared persistent authentication for desktop applications that comprise a common suite by extending the OAuth2.0 protocol. OAuth2.0 is the de facto standard for developing and deploying federated Identity. Our extension enables the users to authenticate and authorize on devices that host a suite of applications that are connected to backend services and systems at Adobe. It is the backbone of our subscription and licensing infrastructure for the Adobe Creative Suite® 6 and Adobe Creative CloudTM. The extended protocol works without storing users credentials on a per application basis but rather uses device identities that are managed on a centralized server to enable increased security and management capabilities for a set of applications on the device. We describe the protocol is in detail, its inherent characteristics, how it extends OAuth2.0, and how it is used in practice.
KeywordsAuthentication Identity Management OAuth2.0 Authorization
Unable to display preview. Download preview PDF.
- 1.OAuth Working Group, Hammer, E. (ed): IETF, The OAuth2.0 Authorization Protocol draft 28 (2012), http://tools.ietf.org/html/draft-ietf-oauth-v2-28
- 2.OpenId Foundation, Open ID Connect Protocol Suite (2012), http://openid.net/connect/
- 3.IPSec Working Group, Frankel, S., Kelly, S.: The HMAC-SHA-256-128 Algorithm and Its Use With IPsec (2002), http://w3.antd.nist.gov/iip_pubs/draft-ietf-ipsec-ciph-sha-256-01.txt
- 4.Google, Android Account Manager API (2012), http://developer.android.com/reference/android/accounts/AccountManager.html
- 5.Bank of America, Online Banking FAQ (2012), http://www.bankofamerica.com/onlinebanking/index.cfm?template=site_key-accessolb
- 6.Adobe Creative CloudTM (2012), http://creative.adobe.com
- 7.Adobe Creative Suite® (2012), http://www.adobe.com/products/creativesuite.html