Online Identity: Getting to know your users

  • 305 views
Uploaded on

An online identity talk given at London Web Standards by @cbetta.

An online identity talk given at London Web Standards by @cbetta.

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
305
On Slideshare
0
From Embeds
0
Number of Embeds
2

Actions

Shares
Downloads
0
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Online Identity Getting to know your users Cristiano Betta, Developer Evangelist
  • 2. Developer Evangelist
  • 3. Why am I here?
  • 4. Do we always want to use the same identity?
  • 5. Should we always want to use the same identity?
  • 6. Authentication vs Authorisation
  • 7. A little history lesson
  • 8. Username + password
  • 9. Security considerations
  • 10. Security nightmare
  • 11. 4.7% of users have the password password 8.5% have the passwords password or 123456 9.8% have the passwords password, 123456 or 12345678 14% have a password from the top 10 passwords 40% have a password from the top 100 passwords 79% have a password from the top 500 passwords 91% have a password from the top 1000 passwords Source: xato.net/passwords/more-top-worst-passwords/
  • 12. wiki.skullsecurity.org/Passwords
  • 13. 45% admit to leaving a website instead of resetting their password or answering security questions Source: bit.ly/bluestats
  • 14. OpenID
  • 15. OAuth 1.0
  • 16. Request' Request'Token' Grant' Request'Token' Direct'User'to'Service' Obtain'Authoriza:on' Request' Access'Token' Direct'to'Consumer' Access' Resources' Grant' Access'Token'
  • 17. OAuth 1.0a
  • 18. OAuth 2.0
  • 19. OAuth 2.0
  • 20. Consumer' Service-Provider' Direct'User'to'Service' Obtain'Authoriza5on' Request' Access'Token' Grant' Access'Token' Access' Resources'/'Profile' Direct'to'Consumer'
  • 21. OAuth 2.0 and the Road to Hell homakov.blogspot.de/2013/03/oauth1-oauth2-oauth.html
  • 22. OAuth 2.0 + OpenID Connect
  • 23. Identity Providers
  • 24. Out of 657 surveyed users 66% think that social sign-in is a desirable alternative. Source: bit.ly/bluestats
  • 25. Google Facebook Twitter
  • 26. Social vs Concrete
  • 27. • Name, email, location
  • 28. • Name, email, location • Friends, address
  • 29. • Name, email, location • Friends, address • Verified address, payment address, account type
  • 30. • Name, email, location • Friends, address • Verified address, payment address, account type • Seamless checkout
  • 31. Demo
  • 32. The nature of an identity matters
  • 33. Recognize the difference between authentication and authorization
  • 34. Well used authorization can improve the user experience beyond plain user identification
  • 35. The user experience should be enhanced not impaired by user authentication
  • 36. Questions cbetta@paypal.com slideshare.net/paypal