Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Barcamp Brighton 3 OAuth versus the Password Anti-Pattern Bruce Boughton   6-7 September 2008 http://lab.madgex.com/oauth-...
The Password Anti-Pattern
<ul><li>Problem Solved </li></ul><ul><ul><li>Google Contacts Data API </li></ul></ul><ul><ul><li>Windows Live Contacts API...
OAuth <ul><ul><li>An   open protocol  to allow  secure API authentication   in a  simple   and   standard   method from de...
http://lab.madgex.com/oauth-net/googlecontacts/
http://whereami.lab.madgex.com/
consumers service providers users
<ul><li>Asserting Identity and Authority </li></ul><ul><ul><li>Requests  signed  using consumer & token  secrets </li></ul...
<ul><li>Extensible and Flexible </li></ul><ul><ul><li>OAuth Core 1.0 provides base </li></ul></ul><ul><ul><li>Supports at ...
OAuth.net Open source .NET library http://lab.madgex.com/oauth-net/ [email_address]
<ul><li>Bringing OAuth to .NET developers </li></ul><ul><ul><li>Build  consumers  and  service providers  for  .NET 2.0  a...
Configuring the Fire Eagle service
Requesting the user’s location
Handling authorization (when required)
Using the protected resource
http://oauthproviderdemo.madgex.com/
<ul><li>Want to know more? </li></ul><ul><ul><li>http://lab.madgex.com/oauth-net/ </li></ul></ul><ul><ul><li>[email_addres...
Upcoming SlideShare
Loading in …5
×

Oauth Vs Password Antipattern

3,390 views

Published on

In the world of the Web, it's common for sites to push and pull data to and from other sites & services. One example is that of sharing friends lists between social networks. All too often, however, websites ask their users to hand over passwords for different services; this is the Password Anti-Pattern.

Using APIs protected by OAuth, an open authorization protocol, we can allow websites to collaborate without falling prey of the Password Anti-Pattern.

The talk features demos and examples built in .NET using OAuth.net: http://lab.madgex.com/oauth-net/

NB: Download the PowerPoint for full notes on the slides

Published in: Technology, Business
  • Be the first to comment

Oauth Vs Password Antipattern

  1. Barcamp Brighton 3 OAuth versus the Password Anti-Pattern Bruce Boughton 6-7 September 2008 http://lab.madgex.com/oauth-net/ [email_address] http://siliconbea.ch/
  2. The Password Anti-Pattern
  3. <ul><li>Problem Solved </li></ul><ul><ul><li>Google Contacts Data API </li></ul></ul><ul><ul><li>Windows Live Contacts API </li></ul></ul><ul><ul><li>Yahoo! Address Book API </li></ul></ul><ul><ul><li>AuthSub </li></ul></ul><ul><ul><li>WL ID Delegated Auth </li></ul></ul><ul><ul><li>BBAuth </li></ul></ul><ul><li>And this is just for authentication! </li></ul>
  4. OAuth <ul><ul><li>An open protocol to allow secure API authentication in a simple and standard method from desktop and web applications. </li></ul></ul>
  5. http://lab.madgex.com/oauth-net/googlecontacts/
  6. http://whereami.lab.madgex.com/
  7. consumers service providers users
  8. <ul><li>Asserting Identity and Authority </li></ul><ul><ul><li>Requests signed using consumer & token secrets </li></ul></ul><ul><ul><li>Request token : consumer identified, requesting authorization </li></ul></ul><ul><ul><li>Access token : consumer authorized by user to act on their behalf, may now fetch protected resources </li></ul></ul>
  9. <ul><li>Extensible and Flexible </li></ul><ul><ul><li>OAuth Core 1.0 provides base </li></ul></ul><ul><ul><li>Supports at least web, desktop consumers </li></ul></ul><ul><ul><li>Extensions add functionality </li></ul></ul>
  10. OAuth.net Open source .NET library http://lab.madgex.com/oauth-net/ [email_address]
  11. <ul><li>Bringing OAuth to .NET developers </li></ul><ul><ul><li>Build consumers and service providers for .NET 2.0 and newer </li></ul></ul><ul><ul><li>Hides complexity of protocol from developer </li></ul></ul><ul><ul><li>Very permissive MIT license </li></ul></ul><ul><ul><li>Developed as part of ongoing innovation work </li></ul></ul>
  12. Configuring the Fire Eagle service
  13. Requesting the user’s location
  14. Handling authorization (when required)
  15. Using the protected resource
  16. http://oauthproviderdemo.madgex.com/
  17. <ul><li>Want to know more? </li></ul><ul><ul><li>http://lab.madgex.com/oauth-net/ </li></ul></ul><ul><ul><li>[email_address] </li></ul></ul><ul><ul><li>http://siliconbea.ch/ </li></ul></ul><ul><ul><li>[email_address] </li></ul></ul>

×