Bigger, Better Business withOAuth11.11.17 @ 11:05 PSTVOIP or Dial-in (see chat)groups.google.com/group/api-craftSam Ramji ...
Your hosts
@landlessness   @sramji
groups.google.com/group/api-craft                                    4
youtube.com/apigee                     5
THE PLATFORMIMPERATIVE
Every market in history has had intermediaries
Business   Intermediaries   Customers
These intermediaries connect buyers andsellers by knowing what both want andcreating convenient ways to transact
Apps are the new intermediaries.
Business   Apps   Customers
They occupy many niches already andcontinue to multiply
App Store Growth 2008-2011            600                                            12            500                    ...
As do devices.
Mary MeekerKleiner Perkins
Companies cannot build for all these niches aseach one requires distinct expertise in designand development, and there are...
As Marc Andreessen observed recently
“   In short, software is eating the world.    We are in the middle of a dramatic and broad    technological and economic ...
Evans, Hagiu, and Schmalenseeexplored this deeply in 2006
And Annabelle Gawerhas formalized the solution
The platform business model.
PLATFORMSAREOPEN
As we’ve learned from digital natives like
open platforms grow the fastest.
Visualization by Apigee
In the API era of competition, speed is crucialbecause critical mass leads rapidly to marketdominance.
[Ecosystem Competition]                 Kishore S. Swaminathan, Chief Scientist, Accenture
Open platforms mean thatapps can be built by developers quicklywithout formal commitment tojoint research,joint developmen...
Open platforms decouple partners from theplatform provider’s business cycles.
This reduces the cost of innovation,enabling many more experiments to be mademore quickly,increasing the chance of a major...
This is low-friction innovation.
OPENDOES NOT MEANSECURE
This takes us to the stakes required for adigital business in the API era.
For an intermediary to connect a buyer andseller, there must be trust.
The intermediary must be trustworthy,and the transaction must be trustworthy.
In modern businesses, buyers (users)have accounts with sellers (providers)which are filled with dataas well as transaction...
For the system to function well,  buyers must be able to fire their intermediarywithout breaking their relationship with t...
With apps as the intermediary, new dynamicsexist on top of the historical foundation.
Apps are new.They are often short-lived.Their business model depends on building ahigh volume of users.They must have some...
And this way must align with theloose coupling philosophy at the heartof an open platformotherwise we’ve just secured our ...
“   20th Century IT was about raising barriers to    entry for competitors.    21st Century IT is about lowering barriers ...
So how do you build a trustworthy systemin an open world?
It takes an open security architecture.
INTRODUCINGOAUTH
It’s a free and open protocol  built on licenses from the  Open Web Foundationand it’s the right choice for securing open ...
The Valet Key Metaphor
Eran Hammer-Lahav comparesthe OAuth model to a valet key.This is an apt metaphor.
A Valet Key for Open Platforms
The heart of OAuthis an authorization token with limited rightswhich the user can revoke at any timeshould they become sus...
When the token is first grantedthe business shows the user what rights theapp is asking for
and this negotiation is invisible to the app.
A perfect design for bootstrapping trust.
Just Enough Permission
An app should have just enough permissionto do the things the user wants it to.
OAuth allows for granular access to the user’saccount.The current alternative is all or noneGive the app your username and...
In OAuth, permissions can be gracefullyupgraded as well.If the user tries to do something in an app andthey haven’t author...
Just Enough Responsibility
App developers are not security experts.
A developer’s job is to make software thatdoes what it is supposed to do.A security expert’s job is to make suresoftware n...
App developers DO NOT WANT theresponsibility of holding a user’s secretinformation.Usernames and passwords,Credit card and...
The right place for these is within your ownbusiness, secured by your own experts andyour own infrastructure investments.
Decoupling partners from these challengeskeeps security consistentwith the open platform potential forlow-friction innovat...
THE OAUTHIMPERATIVE
The most popular intermediariesare connecting buyers with severalcomplementary sellers at the same time
That increases their value to the buyerbut also multiplies the difficulty andrisk of security
If one app holds secrets for many businessesthat app becomes the highest-risk part of thesystem.
As more businesses follow the platformimperative and add APIs
there is an imperative for the healthy growthof the market through the new intermediaries.
The imperative is to make it easy fordevelopers to build great appsthat can delight usersand grow businesses.
The imperative is for businessesto standardize on OAuth.
“We have our own version of OAuth”
“We invented something that’s kind of like OAuth”
The imperative is to make it easy fordevelopers to build great appsthat can delight usersand grow businesses.
The imperative is for businessesto standardize on OAuth.
No developers were harmed in the production of thispresentation.
A BRIEF HISTORYOF OAUTH
3 B.O.         89
App      90
U CANT HAS PLZ?            MAH PASWORDZ!  App            AppDeveloper        User                            91
App                 App            LimitedDeveloper             User                             92
93
94
95
PLZ?       NO MOAR 4 U!  App            APIDeveloper       Team                           96
App    App             App       World of          API   Internal               App                          APIUser   Sto...
Big           Company  Big        Big         BigCustomer    Partner    Company  App        App         API  User     Deve...
4 A.O.         99
Big           Company             API            Team  Big                  BigCustomer              Partner  App         ...
ba        101
bsecurity           a               capability                                102
Questions?             103
THANK YOUQuestions and ideas to:@sramji@landlessnessgroups.google.com/group/api-craftyoutube.com/apigee
Bigger, Better Business With OAuth
Bigger, Better Business With OAuth
Bigger, Better Business With OAuth
Bigger, Better Business With OAuth
Bigger, Better Business With OAuth
Bigger, Better Business With OAuth
Bigger, Better Business With OAuth
Bigger, Better Business With OAuth
Bigger, Better Business With OAuth
Bigger, Better Business With OAuth
Bigger, Better Business With OAuth
Upcoming SlideShare
Loading in...5
×

Bigger, Better Business With OAuth

15,345

Published on

OAuth is more than an authentication protocol. A decade from now, OAuth will be viewed as the great enabler of new business models and wealth creation in the app economy.
In this session we'll investigate why many business development ideas don't make it past the whiteboard and how OAuth changes that. We'll tickle our imaginations and explore what is possible in a world where crossing trust boundaries is done with lower risk, more control and higher security.
We Will Discuss »
- Blockers to Business Innovation
- How OAuth Changes the Rules
- Re-Imagining the Future of Business Development

Published in: Technology, Business
1 Comment
3 Likes
Statistics
Notes
  • <br /><iframe width="350" height="288" src="http://www.youtube.com/embed/tQxmI3M6RWc" frameborder="0" allowfullscreen></iframe>
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total Views
15,345
On Slideshare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
84
Comments
1
Likes
3
Embeds 0
No embeds

No notes for slide
  • Creative Commons Attribution-Share Alike 3.0 United States License
  • Invisible Engines
  • For most people, their car is their first or second most valuable possession, valued in tens of thousands of dollars. They are convenient places to leave our other valuables like computers and clothing. Yet we are sometimes required to give them to young, low-paid workers  whom we’ve never met before.
  • http://www.istockphoto.com/stock-photo-15802228-young-man-in-hoodie-smiling.php?st=6167408How can we trust them?
  • In this situation we can give them a valet key – an authorization token with limited rights that can operate the vehicle but not grant access to the trunk, glovebox - or the rest of our keychain.
  • Bigger, Better Business With OAuth

    1. 1. Bigger, Better Business withOAuth11.11.17 @ 11:05 PSTVOIP or Dial-in (see chat)groups.google.com/group/api-craftSam Ramji @sramjiBrian Mulloy @landlessness
    2. 2. Your hosts
    3. 3. @landlessness @sramji
    4. 4. groups.google.com/group/api-craft 4
    5. 5. youtube.com/apigee 5
    6. 6. THE PLATFORMIMPERATIVE
    7. 7. Every market in history has had intermediaries
    8. 8. Business Intermediaries Customers
    9. 9. These intermediaries connect buyers andsellers by knowing what both want andcreating convenient ways to transact
    10. 10. Apps are the new intermediaries.
    11. 11. Business Apps Customers
    12. 12. They occupy many niches already andcontinue to multiply
    13. 13. App Store Growth 2008-2011 600 12 500 10 Apps AvailableThousands Total App Downloads 400 8 Billions 300 6 200 4 100 2 0 0 Data from Wikipedia
    14. 14. As do devices.
    15. 15. Mary MeekerKleiner Perkins
    16. 16. Companies cannot build for all these niches aseach one requires distinct expertise in designand development, and there are too manyniches.
    17. 17. As Marc Andreessen observed recently
    18. 18. “ In short, software is eating the world. We are in the middle of a dramatic and broad technological and economic shift in which software companies are poised to take over large swathes of the economy. Marc Andreessen
    19. 19. Evans, Hagiu, and Schmalenseeexplored this deeply in 2006
    20. 20. And Annabelle Gawerhas formalized the solution
    21. 21. The platform business model.
    22. 22. PLATFORMSAREOPEN
    23. 23. As we’ve learned from digital natives like
    24. 24. open platforms grow the fastest.
    25. 25. Visualization by Apigee
    26. 26. In the API era of competition, speed is crucialbecause critical mass leads rapidly to marketdominance.
    27. 27. [Ecosystem Competition] Kishore S. Swaminathan, Chief Scientist, Accenture
    28. 28. Open platforms mean thatapps can be built by developers quicklywithout formal commitment tojoint research,joint development, andjoint marketing.
    29. 29. Open platforms decouple partners from theplatform provider’s business cycles.
    30. 30. This reduces the cost of innovation,enabling many more experiments to be mademore quickly,increasing the chance of a major improvementto the platform business, its customers, and itsintermediaries.
    31. 31. This is low-friction innovation.
    32. 32. OPENDOES NOT MEANSECURE
    33. 33. This takes us to the stakes required for adigital business in the API era.
    34. 34. For an intermediary to connect a buyer andseller, there must be trust.
    35. 35. The intermediary must be trustworthy,and the transaction must be trustworthy.
    36. 36. In modern businesses, buyers (users)have accounts with sellers (providers)which are filled with dataas well as transaction privileges.
    37. 37. For the system to function well, buyers must be able to fire their intermediarywithout breaking their relationship with the seller.
    38. 38. With apps as the intermediary, new dynamicsexist on top of the historical foundation.
    39. 39. Apps are new.They are often short-lived.Their business model depends on building ahigh volume of users.They must have some way to attain their firsttransaction and be proven or else improved.
    40. 40. And this way must align with theloose coupling philosophy at the heartof an open platformotherwise we’ve just secured our way backinto old-fashioned closed businessesand killed our platform opportunity.
    41. 41. “ 20th Century IT was about raising barriers to entry for competitors. 21st Century IT is about lowering barriers to participation. James Governor Redmonk
    42. 42. So how do you build a trustworthy systemin an open world?
    43. 43. It takes an open security architecture.
    44. 44. INTRODUCINGOAUTH
    45. 45. It’s a free and open protocol built on licenses from the Open Web Foundationand it’s the right choice for securing open platforms.
    46. 46. The Valet Key Metaphor
    47. 47. Eran Hammer-Lahav comparesthe OAuth model to a valet key.This is an apt metaphor.
    48. 48. A Valet Key for Open Platforms
    49. 49. The heart of OAuthis an authorization token with limited rightswhich the user can revoke at any timeshould they become suspicious or dissatisfiedwith the app they’re usingto access your business.
    50. 50. When the token is first grantedthe business shows the user what rights theapp is asking for
    51. 51. and this negotiation is invisible to the app.
    52. 52. A perfect design for bootstrapping trust.
    53. 53. Just Enough Permission
    54. 54. An app should have just enough permissionto do the things the user wants it to.
    55. 55. OAuth allows for granular access to the user’saccount.The current alternative is all or noneGive the app your username and password –which gives the app access to everythingabout you.
    56. 56. In OAuth, permissions can be gracefullyupgraded as well.If the user tries to do something in an app andthey haven’t authorized the correspondingpermission, the business can give the usersthe option to add that permission, using thebootstrapping sequence used to grant thetoken in the first place.
    57. 57. Just Enough Responsibility
    58. 58. App developers are not security experts.
    59. 59. A developer’s job is to make software thatdoes what it is supposed to do.A security expert’s job is to make suresoftware never does what it is not supposedto do.
    60. 60. App developers DO NOT WANT theresponsibility of holding a user’s secretinformation.Usernames and passwords,Credit card and banking information,Lifetime history of everyone you’ve emailedThese are heavy secretsand require heavy security.
    61. 61. The right place for these is within your ownbusiness, secured by your own experts andyour own infrastructure investments.
    62. 62. Decoupling partners from these challengeskeeps security consistentwith the open platform potential forlow-friction innovation.
    63. 63. THE OAUTHIMPERATIVE
    64. 64. The most popular intermediariesare connecting buyers with severalcomplementary sellers at the same time
    65. 65. That increases their value to the buyerbut also multiplies the difficulty andrisk of security
    66. 66. If one app holds secrets for many businessesthat app becomes the highest-risk part of thesystem.
    67. 67. As more businesses follow the platformimperative and add APIs
    68. 68. there is an imperative for the healthy growthof the market through the new intermediaries.
    69. 69. The imperative is to make it easy fordevelopers to build great appsthat can delight usersand grow businesses.
    70. 70. The imperative is for businessesto standardize on OAuth.
    71. 71. “We have our own version of OAuth”
    72. 72. “We invented something that’s kind of like OAuth”
    73. 73. The imperative is to make it easy fordevelopers to build great appsthat can delight usersand grow businesses.
    74. 74. The imperative is for businessesto standardize on OAuth.
    75. 75. No developers were harmed in the production of thispresentation.
    76. 76. A BRIEF HISTORYOF OAUTH
    77. 77. 3 B.O. 89
    78. 78. App 90
    79. 79. U CANT HAS PLZ? MAH PASWORDZ! App AppDeveloper User 91
    80. 80. App App LimitedDeveloper User 92
    81. 81. 93
    82. 82. 94
    83. 83. 95
    84. 84. PLZ? NO MOAR 4 U! App APIDeveloper Team 96
    85. 85. App App App World of API Internal App APIUser Store Developer APIs Team Systems 97
    86. 86. Big Company Big Big BigCustomer Partner Company App App API User Developer Team 98
    87. 87. 4 A.O. 99
    88. 88. Big Company API Team Big BigCustomer Partner App App User Developer 100
    89. 89. ba 101
    90. 90. bsecurity a capability 102
    91. 91. Questions? 103
    92. 92. THANK YOUQuestions and ideas to:@sramji@landlessnessgroups.google.com/group/api-craftyoutube.com/apigee

    ×