Jeff Hodges' Home Page: Protocol Architecture: WebAuthn, FIDO, SAML, LDAP, IETF, W3C, Web Services, etc.

Jeff "=JeffH" Hodges

LinkedIn.com	jeffhodgesdotorg (You need to be signed-in to LinkedIn for this link to work)
Github.com	@equalsJeffH
Twitter.com	@equalsJeffH
Wikipedia.org	=JeffH
Last.fm	equalsjeffh

Formerly: Protocol-architecting spec-wrangling cat-herder, Google
[ Before that: Senior Member Technical Staff - Ecosystem Security, PayPal
Perhaps not the 'Jeff Hodges' you were looking for? See the disambiguation page... ]

This Internet Beachhead established 1994
Last Updated or otherwise repaired: 10-May-2022

Disclaimer: This is my personal homepage. I'm not speaking here for any past or current employer or client. Also, various portions of these pages are woefully out-of-date (e.g., Kings Mountain Systems, and An LDAP Roadmap & FAQ). Caveat emptor!

Bibliography: Selected Specifications and other Documents...

[ My IETF "author page" is here. My Google "citation page" is here. ]

Web Authentication: An API for accessing Public Key Credentials - Level 1. Dirk Balfanz, Alexei Czeskis, Jeff Hodges, J.C. Jones, Michael B. Jones, Akshay Kumar, Angelo Liao, Rolf Lindemann, Emil Lundberg, Vijay Bharadwaj, Arnar Birgisson, Hubert Le Van Gong, Et Al. W3C Recommendation, 4 March 2019. [ Level 2 editors' draft ]

The Token Binding Protocol Version 1.0, A. Popov, M. Nystroem, D. Balfanz, J. Hodges. IETF RFC 8471. October 2018.

Token Binding over HTTP. A. Popov, M. Nystroem, D. Balfanz, N. Harper, J. Hodges. IETF RFC 8473, October 2018.

FIDO 2.0: Web API for accessing FIDO 2.0 credentials. Vijay Bharadwaj, Hubert Le Van Gong, Dirk Balfanz, Alexei Czeskis, Arnar Birgisson, Jeff Hodges. W3C Member Submission, 20 November 2015.

FIDO UAF Architectural Overview. Salah Machani, Rob Philpott, Sampath Srinivas, John Kemp, Jeff Hodges. FIDO Alliance Proposed Standard, 08 December 2014.
FIDO UAF Protocol Specification v1.0. Rolf Lindemann, Davit Baghdasaryan, Eric Tiffany, Dirk Balfanz, Brad Hill, Jeff Hodges. FIDO Alliance Proposed Standard, 08 December 2014.
FIDO UAF Application API and Transport Binding Specification v1.0. Brad Hill, Davit Baghdasaryan, Bill Blanke, Rolf Lindemann, Jeff Hodges. FIDO Alliance Proposed Standard, 08 December 2014.

Intrusion threat detection. Jeffrey D. Hodges.US8661539B2, 02/25/2014.
HTTP Strict Transport Security (HSTS). Jeff Hodges, Collin Jackson, Adam Barth, IETF RFC 6797, November 2012.

Web Security Remediation Efforts, Jeff Hodges and Andy Steingruebl; section in book chapter 4.2 How Things Work and Fail, in The Death of The Internet, Markus Jakobsson (editor), John Wiley & Sons, July 2012.

Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X.509 (PKIX) Certificates in the Context of Transport Layer Security (TLS), Peter Saint-Andre and Jeff Hodges. IETF RFC 6125, March 2010.
This spec is also known as "TLS Server ID Check".

The Need for a Coherent Web Security Policy Framework, Jeff Hodges and Andy Steingruebl. Web 2.0 Security and Privacy Workshop 2010, Oakland CA, 20-May-2010.

Technical Comparison: OpenID and SAML - Draft 07a, Jeff Hodges. Informal working document, 3-July-2009.

Towards Kerberizing Web Identity and Services, Jeff Hodges, Josh Howlett, Leif Johansson, RL "Bob" Morgan. MIT Kerberos Consortium whitepaper, 22-Dec-2008.
Using SAML to protect the session initiation protocol (SIP). Tschofenig, H. Falk, R. Peterson, J. Hodges, J. Sicker, D. Polk, J. IEEE Network, Sept.-Oct. 2006, Volume: 20, Issue: 5, On page(s): 14- 17, ISSN: 0890-8044.
How to Study and Learn SAML, Jeff Hodges. Informal working document, 6-Sep-2006.
Liberty Technical Glossary, Version 2.0. J. Hodges, et al. Liberty Alliance Project, 2006.
This spec, and the three following ones, are a portion of the spec set defining the Liberty ID-WSF v2 protocol suite. Additionally, I contributed to six other specs in the spec set.
Liberty ID-WSF Authentication, Single Sign-On, and Identity Mapping Services Specification, Version 2.0. J. Hodges, R. Aarts, P. Madsen, S. Cantor, et al. Liberty Alliance Project, 2006.
This spec defines an approach to using the SASL protocol design pattern, in the ID-WSF v2 protocol suite context, to effect an authentication protocol. Additionally, it specifies an SSO Service and an Identity Mapping Service. It is an evolution of the ID-WSF v1.1 version, cited below.
Liberty ID-WSF Discovery Service Specification, Version 2.0. J. Hodges, C. Cahill, et al. Liberty Alliance Project, 2006.
This spec defines a simple service discovery protocol for the ID-WSF v2 protocol suite, and is an evolution of the ID-WSF v1.1 version. Its data model and on-the-wire representation leverages WS-Addressing "Endpoint References".
Liberty ID-WSF SOAP Binding Specification, Version 2.0. J. Hodges, J. Kemp, R. Aarts, G. Whitehead, P. Madsen, et al. Liberty Alliance Project, 2006.
This spec defines how ordinary ID-WSF messages are bound to SOAPv1.1 messages, as well as the ID-WSF SOAP header blocks effecting the "framework" portion of the "identity web services framwork".
SAML V2.0 Executive Overview, Paul Madsen (ed.), Eve Maler, (ed.), Thomas Wisniewski, Tony Nadalin, Scott Cantor, Jeff Hodges, Prateek Mishra, OASIS SSTC Committee Draft, 12 April 2005.
Profiles for the OASIS Security Assertion Markup Language (SAML) V2.0, John Hughes, Scott Cantor, Jeff Hodges, Frederick Hirsch, Prateek Mishra, Rob Philpott, Eve Maler (eds.), OASIS Standard, 15 March 2005.
This spec, and the Glossary cited immediately below, are part of the SAMLv2 specfication set, on which I made various contributions in addition to co-editing these two specs. Additionally, I co-edited several of the SAMLv1.0 and SAMLv1.1 specifications.
Glossary for the OASIS Security Assertion Markup Language (SAML) V2.0, Jeff Hodges, Rob Philpott, Eve Maler (eds.). OASIS Standard, 15 March 2005.
application/samlassertion+xml MIME Media Type Registration, Jeff Hodges; Approved by IESG and registered with IANA on 15 December 2004.
This MIME Media Type Registration, and the one cited immediately below, were the first ones performed in the so-called "standards tree" via the new "fast track" registration process (for MIME Media Types defined by SDOs other than the IETF) wherein publication of an RFC describing the new MIME Media Type being registered is not required. See RFC 4288. I authored the registration statements in collaboration with other SSTC members.
application/samlmetadata+xml MIME Media Type Registration, Jeff Hodges; Approved by IESG and registered with IANA on 15 December 2004.
Liberty ID-WSF Security and Privacy Overview, Version 1.0. S. Landau et al., 2003.
Liberty v1.1: Architecture Overview. J. Hodges, T. Wason, 15-Jan-2003.
Liberty v1.0: Architecture Overview. J. Hodges, editor/co-author, July 2002.
A Brief Introduction to Liberty. Susan Landau and Jeff Hodges. Sun Labs Technical Report TR-2002-113, 16 August 2002.
Risks Presented by Single Sign-On Architectures. Gary Ellison, Jeff Hodges, and Susan Landau. 18 October 2002.
This document gives a simple and brief treatment of the risks presented by single sign-on architectures, and is intended for not-terribly-technical audiences.
Security and Privacy Concerns of Internet Single Sign-On. Gary Ellison, Jeff Hodges, Susan Landau. 6 September 2002.
This is a modestly detailed survey, painted in the context of Liberty ID-FF (nee Lib v1.x).
LDAPv3: Technical Specification. J. Hodges, RL "Bob" Morgan. IETF RFC 3377, September 2002.
Definition of LDAPv3 in terms of which RFCs it consists of, and addressing the "IESG Note" gracing RFCs 2251 through 2256.
Authentication Methods for LDAP. M. Wahl, H. Alvestrand, J. Hodges, R.L. Morgan. IETF RFC 2829, May 2000.

Lightweight Directory Access Protocol (v3): Extension for Transport Layer Security. J. Hodges, R.L. Morgan, M. Wahl. IETF RFC 2830, May 2000.

Requirements and Approaches for a Publicly Visible Persistent Identifier for Person Entries in the Stanford University Enterprise Directory Service. Jeff Hodges, RL "Bob" Morgan, July 1998 (revised Aug 2006). (.pdf)

Inter-Institutional Security Infrastructure: Analysis and Proposal. Authentication Project Planning Group Report, Common Solutions Group. T. Dimock, T. Hanss, J. Hodges (Editor), T. Ts'o, J. Vollbrecht. 26-Sep-1994.

Shared Books: Collaborative Publication Management for an Office Information System, Brian T. Lewis, Jeffrey D. Hodges. ACM Conference on Office Information Systems, March 1988, Palo Alto, California. ACM 0-89791-261-6/88/0003/0197 (1MB .pdf)
Updating local copy of shared data in a collaborative system. Sara A. Bly, Jeffery D. Hodges, Michael D. Kupfer, Brian T. Lewis, Michael L. Tallan, Stephen B. Tom. US05220657, 06/15/1993.

Representation of collaborative multi-user activities relative to shared structured data objects in a networked workstation environment. Sara A. Bly, A. Brady Farrand, Jeffery D. Hodges, Michael D. Kupfer, Brian T. Lewis, William J. Maybury, Michael L. Tallan, Stephen B. Tom. US05008853, 04/16/1991.