#+TITLE: IROH Auth Presentation
#+Author: Yann Esposito
#+Date: [2021-04-16]

- tags ::

* IROH Auth Presentation

Yann Esposito <yaesposi@cisco.com>

* What is IROH Auth?

This is an important sub component of IROH.

* What is IROH?

IROH is the name of the API behind Threat Response and SecureX.

* So what is IROH Auth?

The sub-component of IROH taking care of:

- authentication (from user interaction provide a user id, unique identifier)
- authorizations (what can a user do)
- internal user representation
  + Org/Tenancy
  + User
  + OAuth2 Clients

* History

1. Login using AMP SAML (generate JWT)
2. OAuth2 Provider (Grants)
3. Login using OpenID Connect with TG (client of OpenID Connect)
4. Users/Orgs in DB!!!
5. Account Activation
6. Become an OpenID Connect provider
7. OIDC with SSE

* Internal User Structure
* Cisco specificity