• Email
  • Favorite
  • Download
  • Embed
  • Private Content

Loading…

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

Rabble . + Follow Processing...

Implimenting Privacy: OAuth and Token Madness

by Rabble . on Jul 23, 2009

  • 7,149 views

Ever cringe when you're asked to enter your email address and password to a third party service? This talk will cover how to build and consume services which protect users privacy with OAuth and other ...

More…

Ever cringe when you're asked to enter your email address and password to a third party service? This talk will cover how to build and consume services which protect users privacy with OAuth and other techniques.

Ever cringe when you’re asked to enter your email address and password to a third party service? Even worse when we build systems which collect people’s credentials. It’s the password anti-pattern.

Privacy and security are important, but when it comes to real running apps, it works wins over it’s secure.
This has two main themes.

* How to use tokens and other tricks to protect the privacy of your users.
* While examples will be from a ruby on rails application, this talk is more on general web development practices for privacy.

There is no totally secure or private system out there, especially when we build social web applications. But there are many things which can be done to improve privacy. For each application you have to look at what the threat model is for leaking personal information. Everything from how your user passwords are stored to what happens if a hacker gets a full dump of your database.

* What happens when a user’s email is compromised by a third party service?
* How to provide simple sharing with casual privacy.
* What is ‘good enough’ crypto.
* Understanding the difference between Authorization and Authentication.

This talk is based on experience designing and architecting Yahoo! Fire Eagle, a location sharing service which was the first implementation of both OAuth and Ruby on Rails at yahoo.

Less

Accessibility

Categories

Tags

rails oscon privacy oscon2009 technology oscon09 ruby tokens oauth web openid oauth privacy authentication user authentication open web social security

More...

Upload Details

Uploaded via SlideShare as Apple Keynote

Usage Rights

© All Rights Reserved

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate. If needed, use the feedback form to let us know more details.

Cancel

2 Embeds 42

http://www.slideshare.net 39
http://moonrank.blogspot.com 3

Statistics

Favorites
24
Downloads
305
Comments
0
Embed Views
42
Views on SlideShare
7,107
Total Views
7,149
Post Comment
Edit your comment Cancel

Implimenting Privacy: OAuth and Token Madness — Presentation Transcript