Openid & Oauth: An Introduction

11,648 views
11,393 views

Published on

Open Standards for Authentication and Authorization (An introduction).

This presentation was originally given for about 80 developers at an internal tech day.

Published in: Technology, Design
2 Comments
12 Likes
Statistics
Notes
No Downloads
Views
Total views
11,648
On SlideShare
0
From Embeds
0
Number of Embeds
85
Actions
Shares
0
Downloads
273
Comments
2
Likes
12
Embeds 0
No embeds

No notes for slide
  • Openid & Oauth: An Introduction

    1. 1. OpenID & Oauth Open Standards for Authentication and Authorization (An introduction)
    2. 2. The Open Web <ul><li>Unencumbered, Cross-Platform Standards </li></ul><ul><li>Open Source / Free Software Implementations </li></ul><ul><li>No Single-Vendor &quot;Lock-In” </li></ul><ul><li>Distributed Extensibility </li></ul>http://developer.mozilla.org/presentations/sxsw2007/the_open_web/
    3. 3. OpenID is… <ul><li>Lightweight </li></ul><ul><li>Distributed </li></ul><ul><li>User-Centric (not Site-Centric) </li></ul>
    4. 4. OpenID is also… <ul><li>Built on web standards </li></ul><ul><li>DNS/HTTP/SSL </li></ul><ul><li>Diffie-Hellman (PKI) </li></ul>
    5. 5. History <ul><li>2005: Developed by Brad Fitzpatrick, Creator of LiveJournal </li></ul><ul><li>2006: Delegation, XRI support, extensions: OpenID 2.0 </li></ul><ul><li>2007: OpenID Foundation </li></ul><ul><li>2008: More than 13,000 Consuming Sites </li></ul>http://en.wikipedia.org/wiki/OpenID#History
    6. 6. OpenID In The Wild
    7. 7. A Solution For… <ul><li>Maintaining Usernames </li></ul><ul><li>Password Overload (insecurity) </li></ul><ul><li>Site-centric Identity </li></ul>
    8. 8. Basics <ul><li>An OpenID is a URL </li></ul><ul><ul><li>http://redmonk.net </li></ul></ul><ul><li>Provider </li></ul><ul><ul><li>http://myopenid.com </li></ul></ul><ul><li>Relying Parties </li></ul><ul><li>Delegation </li></ul><ul><ul><li>http://redmonk.myopenid.com </li></ul></ul>
    9. 9. The Dance (Conversation)
    10. 10. DEMO <ul><li>LiveJournal User </li></ul><ul><li>Ma.gnolia </li></ul><ul><li>One-Time Authentication </li></ul><ul><li>Persistent Authentication </li></ul>
    11. 11. The “Open” in OpenID <ul><li>Delegation support is required </li></ul><ul><li><link rel=“openid.delegate” /> </li></ul><ul><li>Multiple accounts, multiple Providers </li></ul><ul><li>No Lock-in </li></ul>
    12. 12. Q & A
    13. 13. Oauth is… <ul><li>“ OAuth is like a valet key for all your web services .  A valet key lets you give a valet the ability to park your car, but not the ability to get into the trunk or drive more than 2 miles or redline the RPMs on your high end German automobile.  In the same way, an OAuth key lets you give a web agent the ability to check your web mail but NOT the ability to pretend to be you and send mail to everybody in your address book.” </li></ul><ul><li>http://journals.aol.com/panzerjohn/abstractioneer/entries/2007/09/21/oauth-your-valet-key-for-the-web/1550 </li></ul>
    14. 14. Authentication <ul><li>Similar to: </li></ul><ul><li>AuthSub (Google) </li></ul><ul><li>BBAuth (Yahoo) </li></ul><ul><li>Flickr Auth </li></ul><ul><li>OpenAuth (AOL) </li></ul>
    15. 15. API Level <ul><li>Application To Application </li></ul><ul><li>“ Agency” </li></ul>
    16. 16. Basics <ul><li>User </li></ul><ul><li>Service Provider </li></ul><ul><li>Consumer </li></ul><ul><li>Protected Resources </li></ul><ul><li>Tokens </li></ul>http://oauth.net/documentation/getting-started
    17. 17. The Dance (Conversation) <ul><li>(Developed from: http:// oauth.net/core/diagram.png ) </li></ul>
    18. 18. Who’s Supporting Oauth? <ul><li>Google </li></ul><ul><li>FireEagle (Yahoo) </li></ul><ul><li>Ma.gnolia </li></ul><ul><li>Amazon </li></ul><ul><li>Flickr </li></ul><ul><li>Digg </li></ul><ul><li>And more… </li></ul>
    19. 19. Q & A
    20. 20. Sources <ul><li>http://www.slideshare.net/daveman692/open-id-overview-seoul-july-2007 </li></ul><ul><li>http://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange </li></ul><ul><li>http://en.wikipedia.org/wiki/OpenID#History </li></ul><ul><li>http://wiki.openid.net/ </li></ul><ul><li>http://openid.net </li></ul><ul><li>http://oauth.net </li></ul><ul><li>http://journals.aol.com/panzerjohn/abstractioneer/entries/2007/09/21/oauth-your-valet-key-for-the-web/1550 </li></ul><ul><li>http://oauth.net/core/diagram.png </li></ul><ul><li>http://www.slideshare.net/leahculver/oauth-open-api-authentication </li></ul><ul><li>http://www.slideshare.net/daveman692/open-platforms-in-web-20 </li></ul>
    21. 21. Your Host <ul><li>Steve Ivy </li></ul><ul><li>[email_address] </li></ul><ul><li>Open Standards, Open Source Agitator </li></ul><ul><li>http://redmonk.net/ </li></ul>

    ×