Oauth

5,206 views

Published on

OAuth protocol - keeping your password to yourself in sharing of resources between sites.

Published in: Business, Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
5,206
On SlideShare
0
From Embeds
0
Number of Embeds
176
Actions
Shares
0
Downloads
58
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

Oauth

  1. 1. OAuth: Mash-ups and Privacy <ul><ul><li>Elise Huard @BarcampGhent </li></ul></ul><ul><ul><li>29/03/2007 </li></ul></ul><ul><ul><li>[email_address] </li></ul></ul>
  2. 2. Facebook contacts
  3. 3. Twitter contacts
  4. 4. LinkedIn contacts
  5. 5. So ... <ul><li>To share our list of contacts </li></ul><ul><ul><li>We ALSO give authorization to: </li></ul></ul><ul><li>Browse our mail </li></ul><ul><li>Send mail in our name </li></ul><ul><li>Delete mail ... </li></ul><ul><li>Oauth is an answer to this. </li></ul>
  6. 6. OAuth <ul><li>Consumer site asks the service provider to give read-only access to chosen resources. </li></ul>
  7. 7. Summary <ul><li>Introduction </li></ul><ul><li>Brief History </li></ul><ul><li>How does it work </li></ul><ul><li>Implementation </li></ul><ul><li>Resources </li></ul><ul><li>Conclusion </li></ul>
  8. 8. History <ul><li>Blaine Cook (Twitter openId) & Chris Messina (open source advocate – Barcamp :-)) </li></ul><ul><li>OAuth Core 1.0 final draft: October 2007 </li></ul>
  9. 9. Summary <ul><li>Introduction </li></ul><ul><li>Brief History </li></ul><ul><li>How does it work </li></ul><ul><li>Implementation </li></ul><ul><li>Resources </li></ul><ul><li>Conclusion </li></ul>
  10. 10. How does it work ? <ul><li>Example: </li></ul><ul><ul><li>Service provider: </li></ul></ul><ul><ul><li>Resources : bookmarks </li></ul></ul><ul><ul><li>Consumer : my app gathering bookmarks from different services </li></ul></ul>
  11. 11. Register consumer app <ul><li>Receive </li></ul><ul><ul><ul><ul><ul><ul><ul><ul><ul><li>Customer secret </li></ul></ul></ul></ul></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><ul><ul><ul><ul><li>Customer key </li></ul></ul></ul></ul></ul></ul></ul></ul></ul>
  12. 12. User decides to access resource <ul><li>Dialog between Mag.nolia & consumer => gets Request Token (signed) </li></ul><ul><ul><li>http://ma.gnolia.com/oauth/get_request_token </li></ul></ul><ul><li>User is directed to service provider (with request token) – logs in (signed) </li></ul><ul><ul><li>http://ma.gnolia.com/oauth/authorize </li></ul></ul><ul><li>Authorized: back to consumer site </li></ul>
  13. 13. ... <ul><li>Dialog to exchange request token for access token </li></ul><ul><ul><li>http://ma.gnolia.com/oauth/get_access_token </li></ul></ul><ul><li>Any subsequent request with access token (signed) </li></ul><ul><li>Consumer app can use resource. </li></ul><ul><ul><ul><li>Limited access – limited time ! </li></ul></ul></ul>
  14. 14. Summary <ul><li>Introduction </li></ul><ul><li>Brief History </li></ul><ul><li>How does it work </li></ul><ul><li>Implementation </li></ul><ul><li>Resources </li></ul><ul><li>Conclusion </li></ul>
  15. 15. Getting implemented <ul><ul><ul><li>Hopefully </li></ul></ul></ul>
  16. 16. Industry protocols <ul><li>Google AuthSub </li></ul><ul><li>AOL OpenAuth </li></ul><ul><li>Yahoo BBAuth </li></ul><ul><li>Upcoming API </li></ul><ul><li>Flickr API </li></ul><ul><li>Amazon Web Services API </li></ul><ul><li>... </li></ul>
  17. 17. Summary <ul><li>Introduction </li></ul><ul><li>Brief History </li></ul><ul><li>How does it work </li></ul><ul><li>Implementation </li></ul><ul><li>Resources </li></ul><ul><li>Conclusion </li></ul>
  18. 18. Resources <ul><li>Current standard : OAuth Core 1.0 </li></ul><ul><li>http://oauth.net/ </li></ul><ul><li>http://groups.google.com/group/oauth </li></ul><ul><li>Other Data Portability standards </li></ul><ul><li>http://microformats.org/ </li></ul><ul><li>http://openid.net/ </li></ul><ul><li>http://www.hueniverse.com/hueniverse/ </li></ul>
  19. 19. Summary <ul><li>Introduction </li></ul><ul><li>Brief History </li></ul><ul><li>How does it work </li></ul><ul><li>Implementation </li></ul><ul><li>Resources </li></ul><ul><li>Conclusion </li></ul>
  20. 20. Conclusion <ul><li>For Data portability: </li></ul><ul><li>STANDARDS = GOOD </li></ul><ul><li>Ask for OAuth. </li></ul>

×