Advertisement
Check these out next
Securing Your Ecosystem (FOWA Las Vegas 2011)
Jun. 30, 2011•0 likes•4,715 views
2 likes
Be the first to like this
Show More
views
Total views
0
On Slideshare
0
From embeds
0
Number of embeds
0
Report
Technology
Business
Raffi KrikorianFollow
Platform Team MemberAdvertisement
Securing Your Ecosystem (FOWA Las Vegas 2011)
- Securing your ecosystem @raffi http://www.flickr.com/photos/mklingo/
- Speaking at @fowa! Let’s talk about securing ecosystems & let’s talk @twitterapi! 29 Jun via Twitter for iPhone from Meet, Las Vegas 233 South 4th Street Las Vegas, Nevada 89101 View Tweets at this place
- >660K Developers on @twitterAPI
- >900K Apps + The Official ones
- >200M users on @twitter
- Users are paramount http://www.flickr.com/photos/ilya/
- Users need 2 things protected ⇢ identity ⇢ data http://www.flickr.com/photos/ilya/
- Security is hard to bolt on “later” http://www.flickr.com/photos/ragzrejected/
- Govern your ecosystem http://www.flickr.com/photos/mr_t_in_dc/
- Case study in @twitterAPI
- We used to be basic auth
- raffi ← Username : totallysecure ← Password
- Base64(raffi:totallysecure) cmFmZmk6dG90YWxseXNlY3VyZQ==
- GET /secure HTTP/1.1 Host: localhost Authorization: Basic cmFmZmk6dG90YWxseXNlY3VyZQ==
- The password antipattern
- OAuth
- The carrot
- further protect our users ⇢ mandate the use of OAuth ⇢ understand where our traffic is coming from
- This conversion was a challenge
- And... One more time, protect our users ⇢ break out a new permissions model ⇢ try to make it extremely clear to a user what apps are doing
- Be really really really (really) ∞ explicit
- Check back with me next year — i might be able to say how it went
- What would I do if i were you? ⇢ forget basic auth! ⇢ go straight to OAuth 2 ⇢ understand your “problem”
- Make sure to have the tools you need http://www.flickr.com/photos/11872189@N00/
- Our Users @taylorswift13
- Follow me Questions? @raffi
Advertisement