Oauth Vs Password Antipattern

3,265 views
3,017 views

Published on

In the world of the Web, it's common for sites to push and pull data to and from other sites & services. One example is that of sharing friends lists between social networks. All too often, however, websites ask their users to hand over passwords for different services; this is the Password Anti-Pattern.

Using APIs protected by OAuth, an open authorization protocol, we can allow websites to collaborate without falling prey of the Password Anti-Pattern.

The talk features demos and examples built in .NET using OAuth.net: http://lab.madgex.com/oauth-net/

NB: Download the PowerPoint for full notes on the slides

Published in: Technology, Business
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,265
On SlideShare
0
From Embeds
0
Number of Embeds
26
Actions
Shares
0
Downloads
101
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide
  • OAuth: what is it? And how can it help us combat the password anti-pattern?
  • Oauth Vs Password Antipattern

    1. Barcamp Brighton 3 OAuth versus the Password Anti-Pattern Bruce Boughton 6-7 September 2008 http://lab.madgex.com/oauth-net/ [email_address] http://siliconbea.ch/
    2. The Password Anti-Pattern
    3. <ul><li>Problem Solved </li></ul><ul><ul><li>Google Contacts Data API </li></ul></ul><ul><ul><li>Windows Live Contacts API </li></ul></ul><ul><ul><li>Yahoo! Address Book API </li></ul></ul><ul><ul><li>AuthSub </li></ul></ul><ul><ul><li>WL ID Delegated Auth </li></ul></ul><ul><ul><li>BBAuth </li></ul></ul><ul><li>And this is just for authentication! </li></ul>
    4. OAuth <ul><ul><li>An open protocol to allow secure API authentication in a simple and standard method from desktop and web applications. </li></ul></ul>
    5. http://lab.madgex.com/oauth-net/googlecontacts/
    6. http://whereami.lab.madgex.com/
    7. consumers service providers users
    8. <ul><li>Asserting Identity and Authority </li></ul><ul><ul><li>Requests signed using consumer & token secrets </li></ul></ul><ul><ul><li>Request token : consumer identified, requesting authorization </li></ul></ul><ul><ul><li>Access token : consumer authorized by user to act on their behalf, may now fetch protected resources </li></ul></ul>
    9. <ul><li>Extensible and Flexible </li></ul><ul><ul><li>OAuth Core 1.0 provides base </li></ul></ul><ul><ul><li>Supports at least web, desktop consumers </li></ul></ul><ul><ul><li>Extensions add functionality </li></ul></ul>
    10. OAuth.net Open source .NET library http://lab.madgex.com/oauth-net/ [email_address]
    11. <ul><li>Bringing OAuth to .NET developers </li></ul><ul><ul><li>Build consumers and service providers for .NET 2.0 and newer </li></ul></ul><ul><ul><li>Hides complexity of protocol from developer </li></ul></ul><ul><ul><li>Very permissive MIT license </li></ul></ul><ul><ul><li>Developed as part of ongoing innovation work </li></ul></ul>
    12. Configuring the Fire Eagle service
    13. Requesting the user’s location
    14. Handling authorization (when required)
    15. Using the protected resource
    16. http://oauthproviderdemo.madgex.com/
    17. <ul><li>Want to know more? </li></ul><ul><ul><li>http://lab.madgex.com/oauth-net/ </li></ul></ul><ul><ul><li>[email_address] </li></ul></ul><ul><ul><li>http://siliconbea.ch/ </li></ul></ul><ul><ul><li>[email_address] </li></ul></ul>

    ×