Wherefore Art Thou, OAuth? 1 What is OAuth? 2 What is OAuth? - - PowerPoint PPT Presentation

wherefore art thou oauth
SMART_READER_LITE
LIVE PREVIEW

Wherefore Art Thou, OAuth? 1 What is OAuth? 2 What is OAuth? - - PowerPoint PPT Presentation

Mar 02, 2023 27 likes •358 views

Wherefore Art Thou, OAuth? 1 What is OAuth? 2 What is OAuth? Your Valet Key for the Web 2 What is OAuth? Your Valet Key for the Web Delegated Authentication Protocol 2 What is OAuth? Your Valet Key for the Web Delegated Authentication

slide-1
SLIDE 1

Wherefore Art Thou, OAuth?

1

slide-2
SLIDE 2

What is OAuth?

2

slide-3
SLIDE 3

What is OAuth?

2

Your Valet Key for the Web

slide-4
SLIDE 4

What is OAuth?

2

Your Valet Key for the Web Delegated Authentication Protocol

slide-5
SLIDE 5

What is OAuth?

2

Your Valet Key for the Web Delegated Authentication Protocol Yet Another Community-driven Protocol

slide-6
SLIDE 6

Use Case Zero

3

+

slide-7
SLIDE 7

Use Case Zero

3

+ ?

slide-8
SLIDE 8

Federated Sign In

4

slide-9
SLIDE 9

Federated Sign In

4

slide-10
SLIDE 10

API Access

5

slide-11
SLIDE 11

API Access

5

slide-12
SLIDE 12

Phishing

6

slide-13
SLIDE 13

Phishing

6

slide-14
SLIDE 14

Phishing

6

slide-15
SLIDE 15

Phishing

6

slide-16
SLIDE 16

Phishing

6

slide-17
SLIDE 17

Delegated Authentication

7

Grant 3rd Party Application access to account User does not give 3rd Party Application credentials Control 3rd Party Application access to account

slide-18
SLIDE 18

What Was Already Out There?

8

FlickrAuth BBAuth AuthSub OpenAuth Amazon Web Services

slide-19
SLIDE 19

The Opportunity

Manage API access to services with federated sign in. Render the password anti-pattern obsolete, teach end users not to accept it, and reduce phishing opportunities. Build a community standard useable by even the smallest consumers or service providers as well as the largest. Standardize existing delegated authentication patterns already vetted by larger institutions. Proliferate protocol libraries so the code to protect and access resources

  • nly had to be written once.

9

slide-20
SLIDE 20

Who Helped Develop OAuth?

Ma.gnolia Twitter Six Apart Flickr Pownce Jaiku Yedda Wesabe AOL Google Yahoo Stamen

10

slide-21
SLIDE 21

Use Cases

Primary: Three Legged Secondary: Two Legged

11

slide-22
SLIDE 22

Three Legged

Used to request permission to access a specific user’s protected resources Requires Involvement of three parties: User, Service Provider, Consumer Examples: Contacts import, photo printing, bookmark synchronizing, location sharing, shopping cart or account updates

12

slide-23
SLIDE 23

Two Legged

Used to access public resources, yet provider is still able to manage access and usage for a consumer. Used to access resource that are private to specific consumers. Requires Involvement of only two parties: Service Provider and Consumer Examples: searches for publicly accessible data, consumer validated super-user level access

13

slide-24
SLIDE 24

Who’s Using OAuth?

Google Yahoo! MySpace Netflix SmugMug Photobucket Ma.gnolia Fire Eagle Brightkite GetSatisfaction Meetup.com 88 Miles thmbnl Praized Yammer Agree2 Ohloh

14

slide-25
SLIDE 25

Three Legged Contact Import

15

slide-26
SLIDE 26

Three Legged Contact Import

15

slide-27
SLIDE 27

Three Legged Contact Import

15

slide-28
SLIDE 28

Three Legged Contact Import

15

slide-29
SLIDE 29

Two Legged Public Search

16

slide-30
SLIDE 30

Two Legged Public Search

16

slide-31
SLIDE 31

Two Legged Public Search

16

slide-32
SLIDE 32

Two Legged Public Search

16 http://paul.donnelly.org/2008/10/31/2-legged-oauth-javascript-function-for-yql/

slide-33
SLIDE 33

Two Legged Public Search

16 http://paul.donnelly.org/2008/10/31/2-legged-oauth-javascript-function-for-yql/