0
Online Identity
Getting to know your users
Cristiano Betta, Developer Evangelist
Developer Evangelist
Why am I here?
Do we always want to use the
same identity?
Should we always want to
use the same identity?
Authentication vs
Authorisation
A little history lesson
Username + password
Security considerations
Security nightmare
4.7% of users have the password password
8.5% have the passwords password or 123456
9.8% have the passwords password, 1234...
wiki.skullsecurity.org/Passwords
45% admit to leaving a website instead of resetting their password or answering security questions
Source: bit.ly/bluestat...
OpenID
OAuth 1.0
Request'
Request'Token'

Grant'
Request'Token'

Direct'User'to'Service'

Obtain'Authoriza:on'

Request'
Access'Token'

Dir...
OAuth 1.0a
OAuth 2.0
OAuth 2.0
Consumer'

Service-Provider'

Direct'User'to'Service'

Obtain'Authoriza5on'

Request'
Access'Token'

Grant'
Access'Token'
...
OAuth 2.0 and the Road to Hell
homakov.blogspot.de/2013/03/oauth1-oauth2-oauth.html
OAuth 2.0 +
OpenID Connect
Identity Providers
Out of 657 surveyed users 66% think that social
sign-in is a desirable alternative.
Source: bit.ly/bluestats
Google

Facebook

Twitter
Social vs Concrete
• Name, email, location
• Name, email, location
• Friends, address
• Name, email, location
• Friends, address
• Verified address, payment address, account type
• Name, email, location
• Friends, address
• Verified address, payment address, account type
• Seamless checkout
Demo
The nature of an identity matters
Recognize the difference between authentication
and authorization
Well used authorization can improve the user
experience beyond plain user identification
The user experience should be enhanced not
impaired by user authentication
Questions
cbetta@paypal.com
slideshare.net/paypal
Online identity  getting to know your users
Online identity  getting to know your users
Online identity  getting to know your users
Online identity  getting to know your users
Online identity  getting to know your users
Online identity  getting to know your users
Online identity  getting to know your users
Online identity  getting to know your users
Online identity  getting to know your users
Online identity  getting to know your users
Online identity  getting to know your users
Online identity  getting to know your users
Online identity  getting to know your users
Online identity  getting to know your users
Online identity  getting to know your users
Online identity  getting to know your users
Online identity  getting to know your users
Online identity  getting to know your users
Online identity  getting to know your users
Online identity  getting to know your users
Upcoming SlideShare
Loading in...5
×

Online identity getting to know your users

243

Published on

A talk I gave at London Web Standards

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
243
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
9
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Transcript of "Online identity getting to know your users"

  1. 1. Online Identity Getting to know your users Cristiano Betta, Developer Evangelist
  2. 2. Developer Evangelist
  3. 3. Why am I here?
  4. 4. Do we always want to use the same identity?
  5. 5. Should we always want to use the same identity?
  6. 6. Authentication vs Authorisation
  7. 7. A little history lesson
  8. 8. Username + password
  9. 9. Security considerations
  10. 10. Security nightmare
  11. 11. 4.7% of users have the password password 8.5% have the passwords password or 123456 9.8% have the passwords password, 123456 or 12345678 14% have a password from the top 10 passwords 40% have a password from the top 100 passwords 79% have a password from the top 500 passwords 91% have a password from the top 1000 passwords Source: xato.net/passwords/more-top-worst-passwords/
  12. 12. wiki.skullsecurity.org/Passwords
  13. 13. 45% admit to leaving a website instead of resetting their password or answering security questions Source: bit.ly/bluestats
  14. 14. OpenID
  15. 15. OAuth 1.0
  16. 16. Request' Request'Token' Grant' Request'Token' Direct'User'to'Service' Obtain'Authoriza:on' Request' Access'Token' Direct'to'Consumer' Access' Resources' Grant' Access'Token'
  17. 17. OAuth 1.0a
  18. 18. OAuth 2.0
  19. 19. OAuth 2.0
  20. 20. Consumer' Service-Provider' Direct'User'to'Service' Obtain'Authoriza5on' Request' Access'Token' Grant' Access'Token' Access' Resources'/'Profile' Direct'to'Consumer'
  21. 21. OAuth 2.0 and the Road to Hell homakov.blogspot.de/2013/03/oauth1-oauth2-oauth.html
  22. 22. OAuth 2.0 + OpenID Connect
  23. 23. Identity Providers
  24. 24. Out of 657 surveyed users 66% think that social sign-in is a desirable alternative. Source: bit.ly/bluestats
  25. 25. Google Facebook Twitter
  26. 26. Social vs Concrete
  27. 27. • Name, email, location
  28. 28. • Name, email, location • Friends, address
  29. 29. • Name, email, location • Friends, address • Verified address, payment address, account type
  30. 30. • Name, email, location • Friends, address • Verified address, payment address, account type • Seamless checkout
  31. 31. Demo
  32. 32. The nature of an identity matters
  33. 33. Recognize the difference between authentication and authorization
  34. 34. Well used authorization can improve the user experience beyond plain user identification
  35. 35. The user experience should be enhanced not impaired by user authentication
  36. 36. Questions cbetta@paypal.com slideshare.net/paypal
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×