Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
3rd-Party Authn/Authz <ul><li>OpenID </li><ul><li>Generic
Google </li></ul><li>OAuth </li><ul><li>Twitter
Facebook </li></ul></ul>
<ul><li>Centralized authentication
Single identify throughout the Internet
Returns: identifier (and optional data) </li></ul>
Generic OpenID <ul><li>User enters a URL
Consumer “discovers” based on the URL
Upcoming SlideShare
Loading in …5

3rd-Party Authn/Authz


Published on

A brief overview of the popular 3rd-party authentication and authorization methods and implementations used in web apps.

Published in: Technology, Design
  • Be the first to like this

3rd-Party Authn/Authz

  1. 1. 3rd-Party Authn/Authz <ul><li>OpenID </li><ul><li>Generic
  2. 2. Google </li></ul><li>OAuth </li><ul><li>Twitter
  3. 3. Facebook </li></ul></ul>
  4. 4. <ul><li>Centralized authentication
  5. 5. Single identify throughout the Internet
  6. 6. Returns: identifier (and optional data) </li></ul>
  7. 7. Generic OpenID <ul><li>User enters a URL
  8. 8. Consumer “discovers” based on the URL
  9. 9. Redirects to provider
  10. 10. User authenticates with provider
  11. 11. Redirects to consumer </li></ul>Lots of hashy stuff going on here. Discovery varies V1 to V2.
  12. 12. <ul><li>“Federated Login for Google Account Users”
  13. 13. OpenID V2 + AX
  14. 14. Single discovery URL for everybody </li></ul>
  15. 15. <ul><li>Users allow Site to perform actions on their behalf via Service, without needing your password to Service
  16. 16. Returns: identifier and access token </li></ul>
  17. 17. Generic OAuth <ul><li>Site gets request token from Service
  18. 18. Redirects User to Service
  19. 19. User authenticates and authorizes
  20. 20. Redirects to Site
  21. 21. Site gets access token from Service </li></ul>All implementations are service-specific. Hashy stuff varies V1 to V2.
  22. 22. <ul><li>OAuth 1.0
  23. 23. Has both authentication and authorization endpoints
  24. 24. Access levels: read, read/write, read/write/private. </li></ul>
  25. 25. <ul><li>OAuth 2.0
  26. 26. Very fine-grained permissions </li></ul>