Successfully reported this slideshow.
Your SlideShare is downloading. ×

How OAuth and portable data can revolutionize your web app - Chris Messina

Oct. 10, 2008
8 likes 3,561 views
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Upcoming SlideShare
Tendances cles du marche des reseaux sociaux
Tendances cles du marche des reseaux sociaux
Loading in …3
×

Check these out next

GTAC: AtomPub, testing your server implementation
David Calavera
Better watch your apps - MJ Keith
m j
Real time web (Orbited) at BCNE3
Alex Kavanagh
OpenSocial - GTUG Stockholm Meeting Oct 1 2009
Jacob Gyllenstierna
Google Devfest Singapore - OpenSocial
Patrick Chanezon
Widgets Tools Keynote
Michael Mahemoff
Web Application Security and Release of "WhiteHat Arsenal"
Jeremiah Grossman
Dart on Arm - Flutter Bangalore June 2021
Chris Swan
1 of 47 Ad

How OAuth and portable data can revolutionize your web app - Chris Messina

Oct. 10, 2008
8 likes 3,561 views

Download to read offline

Technology
Technology
Advertisement

Recommended

Tendances cles du marche des reseaux sociaux
Young Planneur
11k views
27 slides
The DiSo Project and the Open Web
Chris Messina
15.6k views
154 slides
Enterprise AIR Development for JavaScript Developers
AndreCharland
1.4k views
46 slides
Connecting to Web Services on Android
sullis
24.3k views
27 slides
The Current State of OAuth 2
Aaron Parecki
6k views
54 slides
Los Angeles HTML5 User Group Meeting Ask the Expert Session
Peter Lubbers
6.7k views
51 slides
Silver Light By Nyros Developer
Nyros Technologies
889 views
18 slides
Web Services and Android - OSSPAC 2009
sullis
1.6k views
28 slides
Advertisement

More Related Content

Similar to How OAuth and portable data can revolutionize your web app - Chris Messina (20)

GTAC: AtomPub, testing your server implementation
David Calavera
658 views
Better watch your apps - MJ Keith
m j
3k views
Real time web (Orbited) at BCNE3
Alex Kavanagh
370 views
OpenSocial - GTUG Stockholm Meeting Oct 1 2009
Jacob Gyllenstierna
657 views
Google Devfest Singapore - OpenSocial
Patrick Chanezon
1.1k views
Widgets Tools Keynote
Michael Mahemoff
2.8k views
Web Application Security and Release of "WhiteHat Arsenal"
Jeremiah Grossman
667 views
Dart on Arm - Flutter Bangalore June 2021
Chris Swan
189 views
WordPress APIs
Joseph Scott
1.8k views
BNC Tech Forum 09: Lexcycle Stanza demo
BookNet Canada
1k views
Open APIs - Risks and Rewards (Øredev 2013)
Nordic APIs
1.1k views
GTLAB Installation Tutorial for SciDAC 2009
marpierc
633 views
Hacking Client Side Insecurities
amiable_indian
2.5k views
In-house OAuth/OIDC Infrastructure as a Competitive Advantage #eic2021
Tatsuo Kudo
634 views
Enterprise Google Gadgets Integrated with Alfresco - Open Source ECM
Alfresco Software
3.3k views
Privacy in Social Network Sites
dariphagen
7.5k views
Ajax ons2
Chad Davis
505 views
How I built the demo's
Glenn Jones
2.8k views
Comet web applications with Python, Django & Orbited
skam
2.8k views
Daejeon IT Developer Conference Web Service Practice
plusperson
649 views
GTAC: AtomPub, testing your server implementation
David Calavera
658 views
80 slides
Better watch your apps - MJ Keith
m j
3k views
53 slides
Real time web (Orbited) at BCNE3
Alex Kavanagh
370 views
27 slides
OpenSocial - GTUG Stockholm Meeting Oct 1 2009
Jacob Gyllenstierna
657 views
21 slides
Google Devfest Singapore - OpenSocial
Patrick Chanezon
1.1k views
101 slides
Widgets Tools Keynote
Michael Mahemoff
2.8k views
60 slides

More from Carsonified Team (20)

Chris Lea - What does NoSQL Mean for You
Carsonified Team
3.3k views
Tara Hunt - Your Social Media Strategy Wont Save You
Carsonified Team
5k views
Dion Almaer & Ben Galbraith - Build Once, Deploy Everywhere
Carsonified Team
2.6k views
Steve Huffman - Lessons learned while at reddit.com
Carsonified Team
9.6k views
Neil Patel - What You Need to be Measuring and How to Do It
Carsonified Team
2.7k views
Molly Holzschlag - How HTML 5 is Going to Completely Change your Web App
Carsonified Team
3.6k views
Mike Mcderment - Marketing Metrics and the Systems You Need to Measure Them
Carsonified Team
3.2k views
Fred Wilson - The 10 Golden Principles for Successful Web Apps
Carsonified Team
3.3k views
Alex Payne - Speedy, Stable, and Secure: Better Web Applications Through Func...
Carsonified Team
3.1k views
Aaron Patzer - How to Take Your Start-up to the Next Level
Carsonified Team
7.6k views
Taking your Site from One to One Million Users by Kevin Rose
Carsonified Team
46k views
The New Marketing, by Ryan Carson
Carsonified Team
2.1k views
FOWA Tour- Richard Healy
Carsonified Team
2.3k views
FOWA Tour- Andy McLoughlin
Carsonified Team
2.8k views
FOWA Tour- Dorothy Briggs
Carsonified Team
2.1k views
FOWA Tour- Ryan Carson
Carsonified Team
1.9k views
FOWA Tour- Roan Lavery
Carsonified Team
2.3k views
FOWA Tour- Graeme Mathieson
Carsonified Team
1.2k views
FOWA Bristol/ Leeds- Dan Rubin
Carsonified Team
1.7k views
FOWA Bristol- Ian Broom
Carsonified Team
992 views
Chris Lea - What does NoSQL Mean for You
Carsonified Team
3.3k views
40 slides
Tara Hunt - Your Social Media Strategy Wont Save You
Carsonified Team
5k views
74 slides
Dion Almaer & Ben Galbraith - Build Once, Deploy Everywhere
Carsonified Team
2.6k views
43 slides
Steve Huffman - Lessons learned while at reddit.com
Carsonified Team
9.6k views
16 slides
Neil Patel - What You Need to be Measuring and How to Do It
Carsonified Team
2.7k views
26 slides
Molly Holzschlag - How HTML 5 is Going to Completely Change your Web App
Carsonified Team
3.6k views
17 slides
Advertisement

Recently uploaded (20)

Azure Stack TP3 overview deck
DamolaSolanke2
0 views
Phrasal verbs and multi words.pdf
Yedanytoledotorres1
0 views
PMP Certification 28 March.docx
MayaSharma61
0 views
PART A. GRAMMAR.pdf
PatriciaVilchez2
0 views
Bootstrapping an Open-Source Program Office at Blue Cross NC
All Things Open
0 views
Where tonight mobile application.pdf
okorisolo
0 views
Major Cloud Computing Trends
EllisonBrown
0 views
What is the future of Twitter.pdf
AnamikaSingh421474
0 views
Lessons Learned in Promoting OSS Contribution from Latam
All Things Open
0 views
The State of Open Source Cloud
All Things Open
0 views
Zen and the Art of Organizational Open Source
All Things Open
0 views
The Mystical Nature of Open Source Marketing
All Things Open
0 views
Backend Development - Django
Ahmad Sakhleh
0 views
How to Keep an Open-source App Together With Commercial Products?
All Things Open
0 views
Collaboration at the Speed of Tech
All Things Open
0 views
Sponsored Session: Please touch that dial!
Edward Burns
0 views
Hacking.pptx
Yogesh Chauhan
0 views
WN Memory Tiering WP Mar2023.pdf
RochanSankar1
0 views
Don't Overlook Layer-1 Infrastructure Security
Other13
0 views
Performance Task 2.docx
UrlinMaySible5
0 views
Azure Stack TP3 overview deck
DamolaSolanke2
0 views
27 slides
Phrasal verbs and multi words.pdf
Yedanytoledotorres1
0 views
5 slides
PMP Certification 28 March.docx
MayaSharma61
0 views
1 slide
PART A. GRAMMAR.pdf
PatriciaVilchez2
0 views
3 slides
Bootstrapping an Open-Source Program Office at Blue Cross NC
All Things Open
0 views
19 slides
Where tonight mobile application.pdf
okorisolo
0 views
39 slides

How OAuth and portable data can revolutionize your web app - Chris Messina

  1. (FOR THE WIN) OAuth FTW How OAuth and portable data can revolutionize your web app Chris Messina October 10, 2008 Future of Web Apps London, England
  2. OAuth |ō| |ôˌθ| Noun. An open protocol that allows secure API authorization in a simple and standard method from desktop, web and mobile applications.
  3. The story of OAuth starts with OpenID.
  4.  factoryjoe.com
  5. factoryjoe.com ?! X
  6. ! 
  7. factoryjoe.com ? X Can has OpenID?
  8. X (APPLICATION PROGRAMMING INTERFACE) B-b-but what about API apps?
  9. ?
  10. !?!
  11. How much are your username and password worth?
  12. wayn.com
  13. imeem.com
  14.  PC Load Letter?! What the f...!
  15. The Password Anti-pattern!
  16. Passwords are not confetti.
  17. Please stop throwing them around.
  18. Especially if they’re not yours.
  19.  OAuth replaces the need for usernames and passwords with tokens and a hashing signature.
  20. let’s take a look
  21. Brightkite > pings Fire Eagle for Request Token Fire Eagle > returns authorization realm
  22. Brightkite > requests that user authorize Brightkite Fire Eagle > user authenticates through Yahoo! accounts
  23. Fire Eagle > user grants authorization to Brightkite Fire Eagle > Fire Eagle redirects user to callback URL
  24. Brightkite > asks FE to exchange Request Token for Access Token Fire Eagle > checks signature; if valid, returns Access Token ...subsequent requests are signed with this Access Token
  25. users can manage access...
  26. ...and change access
  27. or can revoke access later without having to change their primary account password (i.e. if they lose their phone or their computer gets stolen)
  28. ?
  29. discovery
  30. Identity -› Discovery -› Authorization
  31. OpenID -› XRDS-Simple -› OAuth Endpoint (EXTENSIBLE RESOURCE IDENTIFIER RESOLUTION)
  32. Identity -› Discovery -› [Authentication] -› Authorization
  33. http://will.norris.name <meta http-equiv=quot;X-XRDS-Locationquot; content=quot;http://will.norris.name/?xrdsquot; />
  34. OpenID XRDS <?xml version=quot;1.0quot; encoding=quot;UTF-8quot;?> <xrds:XRDS xmlns:xrds=quot;xri://$xrdsquot; xmlns:openid=quot;http://openid.net/xmlns/1.0quot; xmlns=quot;xri://$xrd*($v*2.0)quot;> <XRD> <Service priority=quot;0quot;> <Type>http://specs.openid.net/auth/2.0/signon</Type> <Type>http://openid.net/sreg/1.0</Type> <Type>http://openid.net/extensions/sreg/1.1</Type> <Type>http://schemas.openid.net/pape/policies/2007/06/phishing-resistant</Type> <Type>http://schemas.openid.net/pape/policies/2007/06/multi-factor</Type> <Type>http://schemas.openid.net/pape/policies/2007/06/multi-factor-physical</Type> <URI>https://pip.verisignlabs.com/server</URI> <LocalID>https://recordond.pip.verisignlabs.com/</LocalID> </Service> </XRD> </xrds:XRDS>
  35. XRDS-Simple for Portable Contacts <?xml version=quot;1.0quot; encoding=quot;UTF-8quot;?> <xrds:XRDS xmlns:xrds=quot;xri://$xrdsquot; xmlns:openid=quot;http://openid.net/xmlns/1.0quot; xmlns=quot;xri://$xrd*($v*2.0)quot;> <XRD version=quot;2.0quot;> <Type>xri://$xrds*simple</Type> <Service> <Type>http://portablecontacts.net/spec/1.0</Type> <URI>http://pulse.plaxo.com/pulse/pdata/contacts</URI> </Service> <Service priority=quot;0quot;> <Type>http://specs.openid.net/auth/2.0/signon</Type> <Type>http://openid.net/sreg/1.0</Type> <Type>http://openid.net/extensions/sreg/1.1</Type> <Type>http://schemas.openid.net/pape/policies/2007/06/phishing-resistant</Type> <Type>http://openid.net/srv/ax/1.0</Type> <URI>http://www.myopenid.com/server</URI> <LocalID>http://brian.myopenid.com/</LocalID> </Service> </XRD> </xrds:XRDS>
  36. XRDS-Simple for Portable Contacts <XRD version=quot;2.0quot;> <Type>xri://$xrds*simple</Type> <Service> <Type>http://portablecontacts.net/spec/1.0</Type> <URI>http://pulse.plaxo.com/pulse/pdata/contacts</URI> </Service> <Service priority=quot;0quot;> <Type>http://specs.openid.net/auth/2.0/signon</Type> <Type>http://openid.net/sreg/1.0</Type> <Type>http://openid.net/extensions/sreg/1.1</Type> <Type>http://schemas.openid.net/pape/policies/2007/06/... <Type>http://openid.net/srv/ax/1.0</Type> ...
  37. XRDS-Simple for Portable Contacts <XRD version=quot;2.0quot;> <Type>xri://$xrds*simple</Type> <Service> <Type>http://portablecontacts.net/spec/1.0</Type> <URI>http://soocial.com/contacts.xml</URI> </Service> <Service priority=quot;0quot;> <Type>http://specs.openid.net/auth/2.0/signon</Type> <Type>http://openid.net/sreg/1.0</Type> <Type>http://openid.net/extensions/sreg/1.1</Type> <Type>http://schemas.openid.net/pape/policies/2007/06/... <Type>http://openid.net/srv/ax/1.0</Type> ...
  38. adoption
  39. •OpenSocial •Meetup.com •MySpace •Ma.gnolia •Google •Get Satisfaction •Yahoo! (Fire Eagle) •Agree2 •Netflix •SoundCloud •SmugMug •88Miles •Photobucket •Pownce •Plaxo •Brightkite •Soocial.com •Praized http://wiki.oauth.net/ServiceProviders
  40. code
  41. •C# •OCaml •Coldfusion •Perl •Java •PHP •Javascript •CakePHP •Jifty •Python •.NET •Ruby •Objective-C •...interest in XMPP http://oauth.net/code
  42. the pitch
  43. fin. oauth.net me -› factoryjoe.com

×