wherefore art thou oauth
play

Wherefore Art Thou, OAuth? 1 What is OAuth? 2 What is OAuth? - PowerPoint PPT Presentation

Mar 02, 2023 •27 likes •357 views

Wherefore Art Thou, OAuth? 1 What is OAuth? 2 What is OAuth? Your Valet Key for the Web 2 What is OAuth? Your Valet Key for the Web Delegated Authentication Protocol 2 What is OAuth? Your Valet Key for the Web Delegated Authentication

  1. Wherefore Art Thou, OAuth? 1

  2. What is OAuth? 2

  3. What is OAuth? Your Valet Key for the Web 2

  4. What is OAuth? Your Valet Key for the Web Delegated Authentication Protocol 2

  5. What is OAuth? Your Valet Key for the Web Delegated Authentication Protocol Yet Another Community-driven Protocol 2

  6. Use Case Zero + 3

  7. Use Case Zero + ? 3

  8. Federated Sign In 4

  9. Federated Sign In 4

  10. API Access 5

  11. API Access 5

  12. Phishing 6

  13. Phishing 6

  14. Phishing 6

  15. Phishing 6

  16. Phishing 6

  17. Delegated Authentication Grant 3rd Party Application access to account User does not give 3rd Party Application credentials Control 3rd Party Application access to account 7

  18. What Was Already Out There? FlickrAuth BBAuth AuthSub OpenAuth Amazon Web Services 8

  19. The Opportunity Manage API access to services with federated sign in. Render the password anti-pattern obsolete, teach end users not to accept it, and reduce phishing opportunities. Build a community standard useable by even the smallest consumers or service providers as well as the largest. Standardize existing delegated authentication patterns already vetted by larger institutions. Proliferate protocol libraries so the code to protect and access resources only had to be written once. 9

  20. Who Helped Develop OAuth? Ma.gnolia Yedda Twitter Wesabe Six Apart AOL Flickr Google Pownce Yahoo Jaiku Stamen 10

  21. Use Cases Primary: Three Legged Secondary: Two Legged 11

  22. Three Legged Used to request permission to access a specific user’s protected resources Requires Involvement of three parties: User, Service Provider, Consumer Examples: Contacts import, photo printing, bookmark synchronizing, location sharing, shopping cart or account updates 12

  23. Two Legged Used to access public resources, yet provider is still able to manage access and usage for a consumer. Used to access resource that are private to specific consumers. Requires Involvement of only two parties: Service Provider and Consumer Examples: searches for publicly accessible data, consumer validated super-user level access 13

  24. Who’s Using OAuth? Google Ma.gnolia thmbnl Yahoo! Fire Eagle Praized MySpace Brightkite Yammer Netflix GetSatisfaction Agree2 SmugMug Meetup.com Ohloh Photobucket 88 Miles 14

  25. Three Legged Contact Import 15

  26. Three Legged Contact Import 15

  27. Three Legged Contact Import 15

  28. Three Legged Contact Import 15

  29. Two Legged Public Search 16

  30. Two Legged Public Search 16

  31. Two Legged Public Search 16

  32. Two Legged Public Search http://paul.donnelly.org/2008/10/31/2-legged-oauth-javascript-function-for-yql/ 16

  33. Two Legged Public Search http://paul.donnelly.org/2008/10/31/2-legged-oauth-javascript-function-for-yql/ 16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Wherefore Art Thou R3579X? Anonymized Social Networks, Hidden Patterns, and Structural Stenography

Wherefore Art Thou R3579X? Anonymized Social Networks, Hidden Patterns, and Structural Stenography

Wherefore Art Thou R3579X? Anonymized Social Networks, Hidden Patterns, and Structural Stenography A social network occurs anywhere there is social interaction between people. Examples include Email, instant messaging, Facebook, blogging

635 views • 25 slides
OAuth 2.0 Weina Ma Weina.Ma@uoit.ca Agenda OAuth overview Simple example OAuth

OAuth 2.0 Weina Ma Weina.Ma@uoit.ca Agenda OAuth overview Simple example OAuth

OAuth 2.0 Weina Ma Weina.Ma@uoit.ca Agenda OAuth overview Simple example OAuth protocol workflow Server-side web application flow Client-side web application flow Whats the problem As the web grows, more and more sites

786 views • 45 slides
OAuth 2.0 for Browser Based Apps OAuth Security Workshop 2019 David Waite, Principal Technical

OAuth 2.0 for Browser Based Apps OAuth Security Workshop 2019 David Waite, Principal Technical

OAuth 2.0 for Browser Based Apps OAuth Security Workshop 2019 David Waite, Principal Technical Architect, Ping Identity Purpose Best Current Practices Document Builds mostly on RFC 8252 - OAuth 2.0 for Native Apps I-D

386 views • 10 slides
th thou ou wha hat?! t?! An Introduction to the language of Shakespeare Why Why dos

th thou ou wha hat?! t?! An Introduction to the language of Shakespeare Why Why dos

Sa Saye yest st th thou ou wha hat?! t?! An Introduction to the language of Shakespeare Why Why dos dost t th thou ou hat hate me? e me? Greatest obstacle between Shakespeares plays and students is the unfamiliar

321 views • 28 slides
OAuth Hacks A Gentle Introduction to OAuth 2.0 and Apache Oltu Antonio Sanso (@asanso) Software

OAuth Hacks A Gentle Introduction to OAuth 2.0 and Apache Oltu Antonio Sanso (@asanso) Software

OAuth Hacks A Gentle Introduction to OAuth 2.0 and Apache Oltu Antonio Sanso (@asanso) Software Engineer Adobe Research Switzerland Who is this guy, BTW? eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9 .eyJhdWQiOiJjb25uZWN0MjAxNCIsImlzc

869 views • 42 slides
OAuth 2.0 Authorization Server Discovery Metadata draft-ietf-oauth-discovery Mike Jones IETF

OAuth 2.0 Authorization Server Discovery Metadata draft-ietf-oauth-discovery Mike Jones IETF

* OAuth 2.0 Authorization Server Discovery Metadata draft-ietf-oauth-discovery Mike Jones IETF 95, Buenos Aires April 2016 1 Document Status Current draft addresses WGLC feedback See

423 views • 8 slides
OAuth 2.0 Security Reinforced Torsten Lodderstedt @tlodderstedt Daniel Fett @dfett42 yes.com

OAuth 2.0 Security Reinforced Torsten Lodderstedt @tlodderstedt Daniel Fett @dfett42 yes.com

OAuth 2.0 Security Reinforced Torsten Lodderstedt @tlodderstedt Daniel Fett @dfett42 yes.com AG The OAuth 2.0 Success Story Tremendous adoption since publication in 2012 Driven by large service providers and OpenID Connect

594 views • 30 slides
OAuth 2.0 D emonstration of P roof- o f- P ossession at the Application Layer ( DPoP ) IETF 106

OAuth 2.0 D emonstration of P roof- o f- P ossession at the Application Layer ( DPoP ) IETF 106

draft-fett-oauth-dpop-03 OAuth 2.0 D emonstration of P roof- o f- P ossession at the Application Layer ( DPoP ) IETF 106 Singapore Nov 2019 Brian Campbell (presenter, co-author, workation photographer) John Bradley (co-author of sorts) Torsten

407 views • 19 slides
Wherefore is the Therefore there for? 2 Romans 12:1a I beseech you therefore , brethren, by the

Wherefore is the Therefore there for? 2 Romans 12:1a I beseech you therefore , brethren, by the

Romans 12:1a I beseech you therefore , brethren, by the mercies of God Wherefore is the Therefore there for? 2 Romans 12:1a I beseech you therefore , brethren, by the mercies of God Wherefore is the Therefore there for? 3 Galatians

1.01k views • 82 slides
Authorization for IoT using OAuth draft-seitz-ace-oauth-authz-00 Ludwig Seitz (ludwig@sics.se)

Authorization for IoT using OAuth draft-seitz-ace-oauth-authz-00 Ludwig Seitz (ludwig@sics.se)

Authorization for IoT using OAuth draft-seitz-ace-oauth-authz-00 Ludwig Seitz (ludwig@sics.se) Gran Selander (goran.selander@ericsson.com) Erik Wahlstrm (erik.wahlstrom@nexusgroup.com) Samuel Erdtman (samuel.erdtman@nexusgroup.com) Hannes

147 views • 10 slides
Identity Management Hannes Tschofenig Motivation OAuth was created to allow secure and

Identity Management Hannes Tschofenig Motivation OAuth was created to allow secure and

Identity Management Hannes Tschofenig Motivation OAuth was created to allow secure and privacy friendly sharing of data. OAuth is not an authentication protocol. Works with any user authentication protocol (e.g., OATH, FIDO, W3C

613 views • 10 slides
From Unprofitable to Profitable 2 Tim. 4:9-11

From Unprofitable to Profitable 2 Tim. 4:9-11

From Unprofitable to Profitable 2 Tim. 4:9-11 _______________________________________________________________________ God desires that we are _______________. Mat 25:26 His lord answered and said unto him, Thou wicked and slothful servant, thou

229 views • 3 slides
Browser Support for the Open Authoriza4on (OAuth) Protocol

Browser Support for the Open Authoriza4on (OAuth) Protocol

Browser Support for the Open Authoriza4on (OAuth) Protocol hGp://www.w3.org/2011/iden4ty-ws/papers/idbrowser2011_submission_32.pdf Hannes Tschofenig, Barry Leiba, Blaine Cook,

434 views • 8 slides
THE PERSEVERING PILGRIM TRUTH ON THE WEB MINISTRIES --- WWW.TOTW.ORG --- A CHURCH OF GOD AT

THE PERSEVERING PILGRIM TRUTH ON THE WEB MINISTRIES --- WWW.TOTW.ORG --- A CHURCH OF GOD AT

THE PERSEVERING PILGRIM TRUTH ON THE WEB MINISTRIES --- WWW.TOTW.ORG --- A CHURCH OF GOD AT WOODSTOCK Exodus 23:14-16 Three times thou shalt keep a feast unto me in the year. Thou shalt keep the feast of unleavened bread: (thou shalt eat

660 views • 46 slides
Pauls journey to Rome The Lord stood by him, and said, Be of good cheer, Paul: for as thou

Pauls journey to Rome The Lord stood by him, and said, Be of good cheer, Paul: for as thou

Pauls journey to Rome The Lord stood by him, and said, Be of good cheer, Paul: for as thou hast testified of me in Jerusalem, so must thou bear witness also at Rome. Temple Inscription (1) This inscription, consisting of seven lines

401 views • 8 slides
The SciTokens Authorization Model: JSON Web Tokens & OAuth Jim Basney

The SciTokens Authorization Model: JSON Web Tokens & OAuth Jim Basney

The SciTokens Authorization Model: JSON Web Tokens & OAuth Jim Basney <jbasney@ncsa.Illinois.edu> Brian Bockelman <bbockelm@cse.unl.edu> This material is based upon work supported by the National S cience Foundation under Grant

379 views • 20 slides
Studying the Impact of Multimodality in Sentiment Analysis Ahmad Elshenawy Steele Carter

Studying the Impact of Multimodality in Sentiment Analysis Ahmad Elshenawy Steele Carter

Studying the Impact of Multimodality in Sentiment Analysis Ahmad Elshenawy Steele Carter Goals/Motivation How are judgments influenced by different modalities? Compare sentiment contributions of different modalities Use

367 views • 17 slides
Outline Saltzer & Schroeders principles CSci 5271 Announcements intermission

Outline Saltzer & Schroeders principles CSci 5271 Announcements intermission

Outline Saltzer & Schroeders principles CSci 5271 Announcements intermission Introduction to Computer Security Day 7: Defensive programming and design, More secure design principles part 1 Software engineering for security Stephen

571 views • 9 slides
Inclusive Design an Introduction to Accessibility Whys and Hows Radina Matic radina.matic@ub.edu

Inclusive Design an Introduction to Accessibility Whys and Hows Radina Matic radina.matic@ub.edu

Inclusive Design an Introduction to Accessibility Whys and Hows Radina Matic radina.matic@ub.edu @RadinaMatic Radina Matic - translator & technical writer - open software & technology enthusiast Web and Data Visualization at Rectory

946 views • 48 slides
Pivot: Finding Funding Opportunities Min-Lin Fang, MLS Education & Information Consultant

Pivot: Finding Funding Opportunities Min-Lin Fang, MLS Education & Information Consultant

Pivot: Finding Funding Opportunities Min-Lin Fang, MLS Education & Information Consultant Min-lin.fang@ucsf.edu Learning Objectives By the end of the training, you will be able to: Finding funding opportunities Run three types of

649 views • 30 slides
Monadnock Developmental Services Open Enrollment For Benefits Effective January 1, 2021 Welcome

Monadnock Developmental Services Open Enrollment For Benefits Effective January 1, 2021 Welcome

Monadnock Developmental Services Open Enrollment For Benefits Effective January 1, 2021 Welcome to our 2021 Open Enrollment! We are very pleased to be offering the same benefits as 2021 with a few benefit enhancement changes: We are

806 views • 65 slides
Families CoP State 6.24.19 Team Core Belief: All people and their families have the right to

Families CoP State 6.24.19 Team Core Belief: All people and their families have the right to

SD Supporting Families CoP State 6.24.19 Team Core Belief: All people and their families have the right to live, love, work, play and pursue their life aspirations in their community. 2 What is a Community of Practice? A community of

326 views • 15 slides
Botnet Detection through Analyzing Network Traffic using Statistical Signal Processing Methods

Botnet Detection through Analyzing Network Traffic using Statistical Signal Processing Methods

Botnet Detection through Analyzing Network Traffic using Statistical Signal Processing Methods Basil AsSadhan Department of Electrical Engineering & Center of Excellence in Information Assurance King Saud University April 13-14, 2014

609 views • 39 slides
Bounce

Bounce

Bounce rate (sometimes confused with exit rate) [1] is an internet marketing term used in web traffic analysis. It represents the percentage of visitors who

214 views • 7 slides

More recommend