• Like

Loading…

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

Integrating OAuth in HPI IP

  • 1,700 views
Uploaded on

My proposal on how to integrate OAuth into the HPI identity provider and what an example service could be.

My proposal on how to integrate OAuth into the HPI identity provider and what an example service could be.

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,700
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
6
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
















Transcript

  • 1. Integrating OAuth in HPI IP July 2010 - Richard Metzler Identity in SOA 1
  • 2. OAuth Consumer 2
  • 3. Use Case • User registers with Identity Card at a website (Relying Party) • ensure privacy by having a service (OAuth Consumer) changing the email property of the Identity Card every 10min • mails in this timeframe will be forwarded by the Consumer to the User 3
  • 4. Parties 4
  • 5. 5
  • 6. Consumer Privacy Service • every 10 min • register new email address • update Identity Card • receive emails • forward email if email address is valid 6
  • 7. Privacy Service Software Stack • use 10minutemail.com • need web scraping techniques • set up own email server • use Google AppEngine • sending and receiving mail is possible • cron is possible http://code.google.com/appengine/docs/python/mail/receivingmail.html http://code.google.com/appengine/docs/python/config/cron.html 7
  • 8. OAuth Service Provider 8
  • 9. OAuth Service Provider • OAuth Consumer registration • OAuth access • authorization • token exchange • API on HPI IP Identity Card properties • ACL (Access Control List) • read / write access 9
  • 10. RESTful API principles • authenticate via OAuth • use a dedicated api.war file for /api/ URL path • every resource has it‘s own URL • different formats • start with JSON, XML • different API versions 10
  • 11. OAuth Flow http://dev.twitter.com/pages/auth 11
  • 12. OAuth URLs • oauth/request_token • API only • oauth/authorize • for user interaction • needs to be HTML representation • oauth/access_token • API only 12
  • 13. API URLs • http://<HPI_IP>/api/<version>/user.format ?oauth_* • http://<HPI_IP>/api/<version>/icard/ <icard_id>.format?oauth_* • http://<HPI_IP>/api/<version>/attr/ <attr_id>.format?oauth_* 13
  • 14. JPA Entities for OAuth • OAuthApp • id, token, secret, name, url, date, picture • OAuthToken • id, token, secret, date • manyToOne OAuthApp • manyToOne IPUser 14
  • 15. JPA Entities for API access • Right • manyToOne OAuthToken • oneToOne IssuedInformationCard • oneToOne Attribute • read_allowed (boolean) • write_allowed (boolean) 15
  • 16. Libraries • RESTful API • RESTlet http://www.restlet.org/ • Jersey https://jersey.dev.java.net/ • OAuth Service Provider • oauth.net Java library http://oauth.googlecode.com/svn/code/java/core/ • OAuth for Spring Security http://spring-security-oauth.codehaus.org/ 16