堆栈内存溢出
  简体   繁体   English

Azure AD 可验证凭据

[英]Azure AD Verifiable Credential

 原文  2022-06-03 14:11:22       azure/ azure-active-directory/ azure-keyvault/ azure-ad-verifiable-credentials

问题描述

Azure Key Vault is a cloud service that enables the secure storage and access of secrets and keys. Azure Key Vault 是一项云服务,可实现机密和密钥的安全存储和访问。 Your Verifiable Credentials service stores public and private keys in Azure Key Vault.你的可验证凭据服务将公钥和私钥存储在 Azure Key Vault 中。 These keys are used to sign and verify credentials.这些密钥用于签署和验证凭据。 https://docs.microsoft.com/en-us/azure/active-directory/verifiable-credentials/verifiable-credentials-configure-tenant https://docs.microsoft.com/en-us/azure/active-directory/verifiable-credentials/verifiable-credentials-configure-tenant

How can we find our Public and Private key for verifiable credentials?我们如何找到可验证凭据的公钥和私钥? I can see Recovery, Signing, and Update key in my Key Vault used for VC.我可以在用于 VC 的 Key Vault 中看到恢复、签名和更新密钥。

1 个解决方案

解决方案1
 0 已采纳  2022-06-08 08:35:56

Recovery, signing, and encrypting are various key management and cryptographic operations that are needed to be selected while creating an access policy for the said user selected thus limiting the scope of operations that can be performed by the keys, secrets and certificates issued by that user . 恢复、签名和加密是在为所选用户创建访问策略时需要选择的各种密钥管理和加密操作,因此限制了由该用户颁发的密钥、秘密和证书可以执行的操作范围用户.

Similarly, the private key and the public key of the verifiable credential cannot be accessible by the 'USER' as the user has delegated that authority to the application registered in Azure AD with the permissions 'VerifiableCredential.Create.All' and this application registered in Azure AD has been granted API permission for the API Verifiable Credential Request Service. Thus, the private key is generated and is with the service principal of the Azure resource which issues a 'Verifiable credential' through the registered Azure AD application to create a key, secret, or a certificate in the Azure keyvault同样, the private key and the public key of the verifiable credential cannot be accessible by the 'USER' as the user has delegated that authority to the application registered in Azure AD with the permissions 'VerifiableCredential.Create.All' and this application registered in Azure AD has been granted API permission for the API Verifiable Credential Request Service. Thus, the private key is generated and is with the service principal of the Azure resource which issues a 'Verifiable credential' through the registered Azure AD application to create a key, secret, or a certificate in the Azure keyvault the private key and the public key of the verifiable credential cannot be accessible by the 'USER' as the user has delegated that authority to the application registered in Azure AD with the permissions 'VerifiableCredential.Create.All' and this application registered in Azure AD has been granted API permission for the API Verifiable Credential Request Service. Thus, the private key is generated and is with the service principal of the Azure resource which issues a 'Verifiable credential' through the registered Azure AD application to create a key, secret, or a certificate in the Azure keyvault . the private key and the public key of the verifiable credential cannot be accessible by the 'USER' as the user has delegated that authority to the application registered in Azure AD with the permissions 'VerifiableCredential.Create.All' and this application registered in Azure AD has been granted API permission for the API Verifiable Credential Request Service. Thus, the private key is generated and is with the service principal of the Azure resource which issues a 'Verifiable credential' through the registered Azure AD application to create a key, secret, or a certificate in the Azure keyvault

• While the public key is with the key, secret or certificate generated in the Azure key vault thus, completing the nexus of secure communication through the concerned application hosted. • 当公钥与在 Azure 密钥库中生成的密钥、秘密或证书一起时,通过托管的相关应用程序完成安全通信的联系。 Thus, in this way, just based on RBAC (Role Based Access Control) and the ensuing access policy actions created in the key vault, you can create secure communication through the web app without exposing the private and the public keys .因此,通过这种方式,仅基于 RBAC(基于角色的访问控制)和随后在密钥库中创建的访问策略操作,您就可以通过 Web 应用程序创建安全通信,而不会暴露私钥和公钥

For more information, kindly refer to the documentation link below: -有关更多信息,请参阅以下文档链接:-

https://docs.microsoft.com/en-us/azure/active-directory/verifiable-credentials/verifiable-credentials-configure-issuer https://docs.microsoft.com/en-us/azure/active-directory/verifiable-credentials/verifiable-credentials-configure-issuer

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 自定义 Windows 凭据提供程序 azure 广告 - custom windows credential provider azure ad 无法将凭据添加到Azure AD中的服务主体 - Unable to add Credential to a Service Principal in Azure AD 在没有用户凭据的情况下登录 Azure 自动化帐户到 Azure AD - Login Azure Automation account, without user credential, to Azure AD Azure AD Graph - 使用应用程序凭据流创建 AppRole - Azure AD Graph - AppRole Creation using Application Credential Flow Azure AD答复URLS和客户端凭据授予流 - Azure AD reply URLS and Client Credential Grant flow Springboot+Oauth 客户端凭证授予流程与 Azure AD - Springboot+Oauth Client Credential Grant Flow with Azure AD 天蓝色无法访问密钥库以发布可验证的凭据 - azure unable to access keyvault for issuing verifiable credentials 在使用 Azure AD 客户端凭据流生成的访问令牌中的 UPN 声明中添加自定义值 - Add Custom value in UPN claim in Access Token generated using Azure AD Client Credential Flow Microsoft Identity Web:Azure AD 客户端凭据流与基于证书的身份验证 - Microsoft Identity Web : Azure AD Client Credential flow with Certificate Based Authentication Azure ACS凭据混淆 - Azure ACS Credential Confusion
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM