Securing Your Ecosystem (FOWA Las Vegas 2011)

7,264 views

Published on

Published in: Technology, Business
1 Comment
2 Likes
Statistics
Notes
No Downloads
Views
Total views
7,264
On SlideShare
0
From Embeds
0
Number of Embeds
62
Actions
Shares
0
Downloads
0
Comments
1
Likes
2
Embeds 0
No embeds

No notes for slide

Securing Your Ecosystem (FOWA Las Vegas 2011)

  1. Securing your ecosystem @raffihttp://www.flickr.com/photos/mklingo/
  2. Speaking at @fowa! Let’s talk about securingecosystems & let’s talk @twitterapi!29 Jun via Twitter for iPhone from Meet, Las Vegas 233 South 4th Street Las Vegas, Nevada 89101 View Tweets at this place
  3. >660K Developers on @twitterAPI
  4. >900K Apps + The Official ones
  5. >200M users on @twitter
  6. Users are paramount http://www.flickr.com/photos/ilya/
  7. Users need 2 things protected⇢ identity⇢ data http://www.flickr.com/photos/ilya/
  8. Security is hard to bolt on “later” http://www.flickr.com/photos/ragzrejected/
  9. Govern your ecosystemhttp://www.flickr.com/photos/mr_t_in_dc/
  10. Case study in @twitterAPI
  11. We used to be basic auth
  12. raffi ← Username :totallysecure ← Password
  13. Base64(raffi:totallysecure) cmFmZmk6dG90YWxseXNlY3VyZQ==
  14. GET /secure HTTP/1.1Host: localhostAuthorization: Basic cmFmZmk6dG90YWxseXNlY3VyZQ==
  15. The passwordantipattern
  16. OAuth
  17. The carrot
  18. further protect our users⇢ mandate the use of OAuth⇢ understand where our traffic is coming from
  19. Thisconversion was a challenge
  20. And... One more time, protect our users⇢ break out a new permissions model⇢ try to make it extremely clear to a user what apps are doing
  21. Be reallyreally really(really) ∞explicit
  22. Check back with me next year —i might be able to say how it went
  23. What would I do if i were you?⇢ forget basic auth!⇢ go straight to OAuth 2⇢ understand your “problem”
  24. Make sure to have the tools you need http://www.flickr.com/photos/11872189@N00/
  25. Our Users @taylorswift13
  26. Follow meQuestions? @raffi

×