SlideShare a Scribd company logo

Authentication for Droids

Download as PPTX, PDF
PayPal
PayPal

This talk about identity and authentication was held at Droidcon UK 2013. It goes into the differences of different authorization and authentication techniques and tries to shed some light on best practices. Technologies being covered are OAuth, OpenID and OpenID Connect.

1 of 41
Authentication for Droids These are the droids you are looking for Tim Messerschmidt @SeraAndroid
Developer Evangelist
Why am I here?
Rebuilding the Developer Experience: developer.paypal.com
Do we always use the same identity?
Should we always use the same identity?
Authentication vs. Authorization
Current standards
Basic Authentication username:password
Passwords wiki.scullsecurity.org/Passwords
Security Nightmare 4.7% of users have the password password 8.5% have the passwords password or 123456 9.8% have the passwords password, 123456, 12345678 14% have a password from the top 10 passwords 40% have a password from the top 100 passwords 79% have a password from the top 500 passwords 91% have a password from the top 1000 passwords
Allow your users to see their input
OAuth 1.0
Consumer Service Provider Request Request Token Grant Request Token Direct User to Service Obtain Authorization Request Access Token Direct to Consumer Access Resources Grant Access Token
OAuth 1.0a
Signpost <3 github.com/mttkay/signpost
OAuth 2.0
Consumer Service Provider Direct User to Service Obtain Authorization Request Access Token Grant Access Token Access Resources / Profile Direct to Consumer
HTTP Header URL url = new URL(”http://url.com/”); HttpURLConnection urlConnection = (HttpURLConnection) url.openConnection(); setRequestProperty(”Authorization”, ”Bearer …”); URI parameter “url.com/oauth?access_token=…”
Scribe github.com/fernandezpablo85/scribe PostmanLib github.com/fedepaol/PostmanLib-Rings-Twice--Android
OAuth 2.0 and the Road to Hell http://hueniverse.com/2012/07/oauth-2-0-and-the-road-to-hell/
http://homakov.blogspot.de/2013/03/oauth1-oauth2-oauth.html
Date of Birth Name Creation Date Email Time Zone Gender Phone Number Language Locale Address
OpenID
BrowserID Persona
How to combine both?
OpenID with OAuth Hybrid Extension
OpenID Connect
Identity Providers Social vs. Concrete
Log in via PayPal in the browser or a WebView.
Yeah, nice.. but why? People forget passwords… 45% admit to leaving a website instead of resetting their password or answering security questions * * Blue Inc. 2011
Also they hate to register Out of 657 surveyed users 66% think that social sign-in is a desirable alternative. * * Blue Inc. 2011
Wrap up Identity does matter Difference between authentication and authorization User Experience should be enhanced not impaired
Questions? tmesserschmidt@paypal.com @SeraAndroid slideshare.com/paypal

Recommended

Online identity getting to know your users
Online identity getting to know your usersOnline identity getting to know your users
Online identity getting to know your users
Cristiano Betta
 
Online Identity: Getting to know your users
Online Identity: Getting to know your usersOnline Identity: Getting to know your users
Online Identity: Getting to know your users
PayPal
 
ZendCon 2018 - Practical API Security
ZendCon 2018 - Practical API SecurityZendCon 2018 - Practical API Security
ZendCon 2018 - Practical API Security
Adam Englander
 
WordPress Lightning Fast
WordPress Lightning FastWordPress Lightning Fast
WordPress Lightning Fast
Ian T. Rogers
 
Why WordPress?
Why WordPress?Why WordPress?
Why WordPress?
Brian Layman
 
WordPress Security Tips
WordPress Security TipsWordPress Security Tips
WordPress Security Tips
Catch Themes
 
Streching exercises
Streching exercisesStreching exercises
Streching exercises
glorirosky
 
BAJKI DLA DZIECI
BAJKI DLA DZIECIBAJKI DLA DZIECI
BAJKI DLA DZIECI
Marek Grześkowiak
 

Recommended

Online identity getting to know your users
Online identity getting to know your usersOnline identity getting to know your users
Online identity getting to know your users
Cristiano Betta
 
Online Identity: Getting to know your users
Online Identity: Getting to know your usersOnline Identity: Getting to know your users
Online Identity: Getting to know your users
PayPal
 
ZendCon 2018 - Practical API Security
ZendCon 2018 - Practical API SecurityZendCon 2018 - Practical API Security
ZendCon 2018 - Practical API Security
Adam Englander
 
WordPress Lightning Fast
WordPress Lightning FastWordPress Lightning Fast
WordPress Lightning Fast
Ian T. Rogers
 
Why WordPress?
Why WordPress?Why WordPress?
Why WordPress?
Brian Layman
 
WordPress Security Tips
WordPress Security TipsWordPress Security Tips
WordPress Security Tips
Catch Themes
 
Streching exercises
Streching exercisesStreching exercises
Streching exercises
glorirosky
 
BAJKI DLA DZIECI
BAJKI DLA DZIECIBAJKI DLA DZIECI
BAJKI DLA DZIECI
Marek Grześkowiak
 
The time is right to focus on a model organism database
The time is right to focus on a model organism databaseThe time is right to focus on a model organism database
The time is right to focus on a model organism database
Christoph Steinbeck
 
track records
track recordstrack records
track recordsKALINA ROCK
 
YIMF 2013 Museum transformation in the digital age
YIMF 2013 Museum transformation in the digital ageYIMF 2013 Museum transformation in the digital age
YIMF 2013 Museum transformation in the digital age
Tiana Tasich
 
Travel Guide - Prague, Dublin, Lisbon
Travel Guide - Prague, Dublin, LisbonTravel Guide - Prague, Dublin, Lisbon
Travel Guide - Prague, Dublin, Lisbon
Emily Kates
 
Английский сленг (А-С)
Английский сленг (А-С)Английский сленг (А-С)
Английский сленг (А-С)
School of Efficient Language Studying Lingvocat.com/ Школа результативных языков Lingvocat.com
 
Operatingsystems 6grade
Operatingsystems 6gradeOperatingsystems 6grade
Operatingsystems 6gradeAtech System & Graphics Designs
 
nciprc8004
nciprc8004nciprc8004
nciprc8004Lovin Babu
 
Ban on Rs. 1000 and Rs. 500 Currency Notes in India - An Anti Corruption Move
Ban on Rs. 1000 and Rs. 500 Currency Notes in India - An Anti Corruption MoveBan on Rs. 1000 and Rs. 500 Currency Notes in India - An Anti Corruption Move
Ban on Rs. 1000 and Rs. 500 Currency Notes in India - An Anti Corruption Move
Motilal Oswal Financial Services
 
πρώτη πανελλήνια ημέρα σχολικού αθλητισμού στο 88ο δσ
πρώτη πανελλήνια ημέρα σχολικού αθλητισμού στο 88ο δσπρώτη πανελλήνια ημέρα σχολικού αθλητισμού στο 88ο δσ
πρώτη πανελλήνια ημέρα σχολικού αθλητισμού στο 88ο δσ
88DIMATH
 
Christmas vacation destinations
Christmas vacation destinationsChristmas vacation destinations
Christmas vacation destinations
CheapTicketsHK
 
How to live with SELinux
How to live with SELinuxHow to live with SELinux
How to live with SELinux
Bert Desmet
 
Athletics
AthleticsAthletics
Athleticspablo romero
 
Social Media Strategies for Change Management
Social Media Strategies for Change ManagementSocial Media Strategies for Change Management
Social Media Strategies for Change Management
Rory Murray MIET MBCS MIEEE FRSA
 
How @MyBlogU Expert Interviews Feature Helps You Create "Retweetable" Content
How @MyBlogU Expert Interviews Feature Helps You Create "Retweetable" Content How @MyBlogU Expert Interviews Feature Helps You Create "Retweetable" Content
How @MyBlogU Expert Interviews Feature Helps You Create "Retweetable" Content
Ann Smarty
 
Athletics
AthleticsAthletics
AthleticsPedro Sebastian
 
Social Media Strategies for Start Up Companies
Social Media Strategies for Start Up CompaniesSocial Media Strategies for Start Up Companies
Social Media Strategies for Start Up Companies
Michael DeAloia
 
asistencia administrativa
asistencia administrativaasistencia administrativa
asistencia administrativa
bryancoral
 
Think like a Geographer!
Think like a Geographer!Think like a Geographer!
Think like a Geographer!
Simon Jones
 
Death To Passwords
Death To PasswordsDeath To Passwords
Death To Passwords
DroidConTLV
 
Securing RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID ConnectSecuring RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID Connect
Jonathan LeBlanc
 
Death To Passwords
Death To PasswordsDeath To Passwords
Death To Passwords
Tim Messerschmidt
 
Death To Passwords Droid Edition
Death To Passwords Droid EditionDeath To Passwords Droid Edition
Death To Passwords Droid Edition
PayPal
 

More Related Content

Viewers also liked

The time is right to focus on a model organism database
The time is right to focus on a model organism databaseThe time is right to focus on a model organism database
The time is right to focus on a model organism database
Christoph Steinbeck
 
YIMF 2013 Museum transformation in the digital age
YIMF 2013 Museum transformation in the digital ageYIMF 2013 Museum transformation in the digital age
YIMF 2013 Museum transformation in the digital age
Tiana Tasich
 
Travel Guide - Prague, Dublin, Lisbon
Travel Guide - Prague, Dublin, LisbonTravel Guide - Prague, Dublin, Lisbon
Travel Guide - Prague, Dublin, Lisbon
Emily Kates
 
Английский сленг (А-С)
Английский сленг (А-С)Английский сленг (А-С)
Английский сленг (А-С)
School of Efficient Language Studying Lingvocat.com/ Школа результативных языков Lingvocat.com
 
Ban on Rs. 1000 and Rs. 500 Currency Notes in India - An Anti Corruption Move
Ban on Rs. 1000 and Rs. 500 Currency Notes in India - An Anti Corruption MoveBan on Rs. 1000 and Rs. 500 Currency Notes in India - An Anti Corruption Move
Ban on Rs. 1000 and Rs. 500 Currency Notes in India - An Anti Corruption Move
Motilal Oswal Financial Services
 
πρώτη πανελλήνια ημέρα σχολικού αθλητισμού στο 88ο δσ
πρώτη πανελλήνια ημέρα σχολικού αθλητισμού στο 88ο δσπρώτη πανελλήνια ημέρα σχολικού αθλητισμού στο 88ο δσ
πρώτη πανελλήνια ημέρα σχολικού αθλητισμού στο 88ο δσ
88DIMATH
 
Christmas vacation destinations
Christmas vacation destinationsChristmas vacation destinations
Christmas vacation destinations
CheapTicketsHK
 
How to live with SELinux
How to live with SELinuxHow to live with SELinux
How to live with SELinux
Bert Desmet
 
Social Media Strategies for Change Management
Social Media Strategies for Change ManagementSocial Media Strategies for Change Management
Social Media Strategies for Change Management
Rory Murray MIET MBCS MIEEE FRSA
 
How @MyBlogU Expert Interviews Feature Helps You Create "Retweetable" Content
How @MyBlogU Expert Interviews Feature Helps You Create "Retweetable" Content How @MyBlogU Expert Interviews Feature Helps You Create "Retweetable" Content
How @MyBlogU Expert Interviews Feature Helps You Create "Retweetable" Content
Ann Smarty
 
Social Media Strategies for Start Up Companies
Social Media Strategies for Start Up CompaniesSocial Media Strategies for Start Up Companies
Social Media Strategies for Start Up Companies
Michael DeAloia
 
asistencia administrativa
asistencia administrativaasistencia administrativa
asistencia administrativa
bryancoral
 
Think like a Geographer!
Think like a Geographer!Think like a Geographer!
Think like a Geographer!
Simon Jones
 

Viewers also liked (18)

The time is right to focus on a model organism database
The time is right to focus on a model organism databaseThe time is right to focus on a model organism database
The time is right to focus on a model organism database
 
track records
track recordstrack records
track records
 
YIMF 2013 Museum transformation in the digital age
YIMF 2013 Museum transformation in the digital ageYIMF 2013 Museum transformation in the digital age
YIMF 2013 Museum transformation in the digital age
 
Travel Guide - Prague, Dublin, Lisbon
Travel Guide - Prague, Dublin, LisbonTravel Guide - Prague, Dublin, Lisbon
Travel Guide - Prague, Dublin, Lisbon
 
Английский сленг (А-С)
Английский сленг (А-С)Английский сленг (А-С)
Английский сленг (А-С)
 
Operatingsystems 6grade
Operatingsystems 6gradeOperatingsystems 6grade
Operatingsystems 6grade
 
nciprc8004
nciprc8004nciprc8004
nciprc8004
 
Ban on Rs. 1000 and Rs. 500 Currency Notes in India - An Anti Corruption Move
Ban on Rs. 1000 and Rs. 500 Currency Notes in India - An Anti Corruption MoveBan on Rs. 1000 and Rs. 500 Currency Notes in India - An Anti Corruption Move
Ban on Rs. 1000 and Rs. 500 Currency Notes in India - An Anti Corruption Move
 
πρώτη πανελλήνια ημέρα σχολικού αθλητισμού στο 88ο δσ
πρώτη πανελλήνια ημέρα σχολικού αθλητισμού στο 88ο δσπρώτη πανελλήνια ημέρα σχολικού αθλητισμού στο 88ο δσ
πρώτη πανελλήνια ημέρα σχολικού αθλητισμού στο 88ο δσ
 
Christmas vacation destinations
Christmas vacation destinationsChristmas vacation destinations
Christmas vacation destinations
 
How to live with SELinux
How to live with SELinuxHow to live with SELinux
How to live with SELinux
 
Athletics
AthleticsAthletics
Athletics
 
Social Media Strategies for Change Management
Social Media Strategies for Change ManagementSocial Media Strategies for Change Management
Social Media Strategies for Change Management
 
How @MyBlogU Expert Interviews Feature Helps You Create "Retweetable" Content
How @MyBlogU Expert Interviews Feature Helps You Create "Retweetable" Content How @MyBlogU Expert Interviews Feature Helps You Create "Retweetable" Content
How @MyBlogU Expert Interviews Feature Helps You Create "Retweetable" Content
 
Athletics
AthleticsAthletics
Athletics
 
Social Media Strategies for Start Up Companies
Social Media Strategies for Start Up CompaniesSocial Media Strategies for Start Up Companies
Social Media Strategies for Start Up Companies
 
asistencia administrativa
asistencia administrativaasistencia administrativa
asistencia administrativa
 
Think like a Geographer!
Think like a Geographer!Think like a Geographer!
Think like a Geographer!
 

Similar to Authentication for Droids

Death To Passwords
Death To PasswordsDeath To Passwords
Death To Passwords
DroidConTLV
 
Securing RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID ConnectSecuring RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID Connect
Jonathan LeBlanc
 
Death To Passwords
Death To PasswordsDeath To Passwords
Death To Passwords
Tim Messerschmidt
 
Death To Passwords Droid Edition
Death To Passwords Droid EditionDeath To Passwords Droid Edition
Death To Passwords Droid Edition
PayPal
 
Death To Passwords
Death To PasswordsDeath To Passwords
Death To Passwords
PayPal
 
Exploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access ManagerExploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access Manager
Novell
 
OmniAuth: From the Ground Up
OmniAuth: From the Ground UpOmniAuth: From the Ground Up
OmniAuth: From the Ground Up
Michael Bleigh
 
Module 13 (web based password cracking techniques)
Module 13 (web based password cracking techniques)Module 13 (web based password cracking techniques)
Module 13 (web based password cracking techniques)
Wail Hassan
 
Token Authentication for Java Applications
Token Authentication for Java ApplicationsToken Authentication for Java Applications
Token Authentication for Java Applications
Stormpath
 
Improving Password Based Security
Improving Password Based SecurityImproving Password Based Security
Improving Password Based Security
Rare Input
 
The state of passwordless auth on the web
The state of passwordless auth on the webThe state of passwordless auth on the web
The state of passwordless auth on the web
Phil Nash
 
Rest API Security
Rest API SecurityRest API Security
Rest API Security
Stormpath
 
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
CA API Management
 
Діана Пінчук "Як відрізнити авторизацію від аутентифікації та перестати бояти...
Діана Пінчук "Як відрізнити авторизацію від аутентифікації та перестати бояти...Діана Пінчук "Як відрізнити авторизацію від аутентифікації та перестати бояти...
Діана Пінчук "Як відрізнити авторизацію від аутентифікації та перестати бояти...
Dakiry
 
Benefits and Risks of a Single Identity - IBM Connect 2017
Benefits and Risks of a Single Identity - IBM Connect 2017Benefits and Risks of a Single Identity - IBM Connect 2017
Benefits and Risks of a Single Identity - IBM Connect 2017
Gabriella Davis
 
The State of Passwordless Auth on the Web - Phil Nash
The State of Passwordless Auth on the Web - Phil NashThe State of Passwordless Auth on the Web - Phil Nash
The State of Passwordless Auth on the Web - Phil Nash
All Things Open
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Brian Huff
 
Mobile Application Security - Broken Authentication & Management
Mobile Application Security - Broken Authentication & ManagementMobile Application Security - Broken Authentication & Management
Mobile Application Security - Broken Authentication & Management
Barrel Software
 
Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...
Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...
Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...
Simplilearn
 
Open Id, O Auth And Webservices
Open Id, O Auth And WebservicesOpen Id, O Auth And Webservices
Open Id, O Auth And Webservices
Myles Eftos
 

Similar to Authentication for Droids (20)

Death To Passwords
Death To PasswordsDeath To Passwords
Death To Passwords
 
Securing RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID ConnectSecuring RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID Connect
 
Death To Passwords
Death To PasswordsDeath To Passwords
Death To Passwords
 
Death To Passwords Droid Edition
Death To Passwords Droid EditionDeath To Passwords Droid Edition
Death To Passwords Droid Edition
 
Death To Passwords
Death To PasswordsDeath To Passwords
Death To Passwords
 
Exploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access ManagerExploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access Manager
 
OmniAuth: From the Ground Up
OmniAuth: From the Ground UpOmniAuth: From the Ground Up
OmniAuth: From the Ground Up
 
Module 13 (web based password cracking techniques)
Module 13 (web based password cracking techniques)Module 13 (web based password cracking techniques)
Module 13 (web based password cracking techniques)
 
Token Authentication for Java Applications
Token Authentication for Java ApplicationsToken Authentication for Java Applications
Token Authentication for Java Applications
 
Improving Password Based Security
Improving Password Based SecurityImproving Password Based Security
Improving Password Based Security
 
The state of passwordless auth on the web
The state of passwordless auth on the webThe state of passwordless auth on the web
The state of passwordless auth on the web
 
Rest API Security
Rest API SecurityRest API Security
Rest API Security
 
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
 
Діана Пінчук "Як відрізнити авторизацію від аутентифікації та перестати бояти...
Діана Пінчук "Як відрізнити авторизацію від аутентифікації та перестати бояти...Діана Пінчук "Як відрізнити авторизацію від аутентифікації та перестати бояти...
Діана Пінчук "Як відрізнити авторизацію від аутентифікації та перестати бояти...
 
Benefits and Risks of a Single Identity - IBM Connect 2017
Benefits and Risks of a Single Identity - IBM Connect 2017Benefits and Risks of a Single Identity - IBM Connect 2017
Benefits and Risks of a Single Identity - IBM Connect 2017
 
The State of Passwordless Auth on the Web - Phil Nash
The State of Passwordless Auth on the Web - Phil NashThe State of Passwordless Auth on the Web - Phil Nash
The State of Passwordless Auth on the Web - Phil Nash
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)
 
Mobile Application Security - Broken Authentication & Management
Mobile Application Security - Broken Authentication & ManagementMobile Application Security - Broken Authentication & Management
Mobile Application Security - Broken Authentication & Management
 
Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...
Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...
Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...
 
Open Id, O Auth And Webservices
Open Id, O Auth And WebservicesOpen Id, O Auth And Webservices
Open Id, O Auth And Webservices
 

More from PayPal

PayPal's Private Cloud @ Scale
PayPal's Private Cloud @ ScalePayPal's Private Cloud @ Scale
PayPal's Private Cloud @ Scale
PayPal
 
Kraken Front-Trends
Kraken Front-TrendsKraken Front-Trends
Kraken Front-Trends
PayPal
 
Kraken
KrakenKraken
KrakenPayPal
 
Future Of Payments
Future Of PaymentsFuture Of Payments
Future Of Payments
PayPal
 
The web can do that better - My adventure with HTML5 Vide, WebRTC and Shared ...
The web can do that better - My adventure with HTML5 Vide, WebRTC and Shared ...The web can do that better - My adventure with HTML5 Vide, WebRTC and Shared ...
The web can do that better - My adventure with HTML5 Vide, WebRTC and Shared ...
PayPal
 
KrakenJS
KrakenJSKrakenJS
KrakenJS
PayPal
 
Battle Hack London Intro
Battle Hack London IntroBattle Hack London Intro
Battle Hack London IntroPayPal
 
Concrete indentity really getting to know your users
Concrete indentity really getting to know your usersConcrete indentity really getting to know your users
Concrete indentity really getting to know your users
PayPal
 
Mobile payments at Droidcon Eastern Europe
Mobile payments at Droidcon Eastern EuropeMobile payments at Droidcon Eastern Europe
Mobile payments at Droidcon Eastern Europe
PayPal
 
Reinvigorating Stagnant Innovation Through Your Developer Network
Reinvigorating Stagnant Innovation Through Your Developer NetworkReinvigorating Stagnant Innovation Through Your Developer Network
Reinvigorating Stagnant Innovation Through Your Developer Network
PayPal
 
Open Identity - getting to know your users
Open Identity - getting to know your usersOpen Identity - getting to know your users
Open Identity - getting to know your users
PayPal
 
The Profitable Startup
The Profitable StartupThe Profitable Startup
The Profitable Startup
PayPal
 
Startup Highway Workshop
Startup Highway WorkshopStartup Highway Workshop
Startup Highway Workshop
PayPal
 
Droidcon Paris: The new Android SDK
Droidcon Paris: The new Android SDKDroidcon Paris: The new Android SDK
Droidcon Paris: The new Android SDK
PayPal
 
Berlin Battle hack presentation
Berlin Battle hack presentationBerlin Battle hack presentation
Berlin Battle hack presentation
PayPal
 
From Good To Great
From Good To GreatFrom Good To Great
From Good To GreatPayPal
 
Hack & Tell
Hack & TellHack & Tell
Hack & TellPayPal
 
Payments for the REST of us
Payments for the REST of usPayments for the REST of us
Payments for the REST of us
PayPal
 
Droidcon DE 2013
Droidcon DE 2013Droidcon DE 2013
Droidcon DE 2013
PayPal
 
SQLite
SQLiteSQLite
SQLite
PayPal
 

More from PayPal (20)

PayPal's Private Cloud @ Scale
PayPal's Private Cloud @ ScalePayPal's Private Cloud @ Scale
PayPal's Private Cloud @ Scale
 
Kraken Front-Trends
Kraken Front-TrendsKraken Front-Trends
Kraken Front-Trends
 
Kraken
KrakenKraken
Kraken
 
Future Of Payments
Future Of PaymentsFuture Of Payments
Future Of Payments
 
The web can do that better - My adventure with HTML5 Vide, WebRTC and Shared ...
The web can do that better - My adventure with HTML5 Vide, WebRTC and Shared ...The web can do that better - My adventure with HTML5 Vide, WebRTC and Shared ...
The web can do that better - My adventure with HTML5 Vide, WebRTC and Shared ...
 
KrakenJS
KrakenJSKrakenJS
KrakenJS
 
Battle Hack London Intro
Battle Hack London IntroBattle Hack London Intro
Battle Hack London Intro
 
Concrete indentity really getting to know your users
Concrete indentity really getting to know your usersConcrete indentity really getting to know your users
Concrete indentity really getting to know your users
 
Mobile payments at Droidcon Eastern Europe
Mobile payments at Droidcon Eastern EuropeMobile payments at Droidcon Eastern Europe
Mobile payments at Droidcon Eastern Europe
 
Reinvigorating Stagnant Innovation Through Your Developer Network
Reinvigorating Stagnant Innovation Through Your Developer NetworkReinvigorating Stagnant Innovation Through Your Developer Network
Reinvigorating Stagnant Innovation Through Your Developer Network
 
Open Identity - getting to know your users
Open Identity - getting to know your usersOpen Identity - getting to know your users
Open Identity - getting to know your users
 
The Profitable Startup
The Profitable StartupThe Profitable Startup
The Profitable Startup
 
Startup Highway Workshop
Startup Highway WorkshopStartup Highway Workshop
Startup Highway Workshop
 
Droidcon Paris: The new Android SDK
Droidcon Paris: The new Android SDKDroidcon Paris: The new Android SDK
Droidcon Paris: The new Android SDK
 
Berlin Battle hack presentation
Berlin Battle hack presentationBerlin Battle hack presentation
Berlin Battle hack presentation
 
From Good To Great
From Good To GreatFrom Good To Great
From Good To Great
 
Hack & Tell
Hack & TellHack & Tell
Hack & Tell
 
Payments for the REST of us
Payments for the REST of usPayments for the REST of us
Payments for the REST of us
 
Droidcon DE 2013
Droidcon DE 2013Droidcon DE 2013
Droidcon DE 2013
 
SQLite
SQLiteSQLite
SQLite
 

Recently uploaded

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 

Recently uploaded (20)

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 

Authentication for Droids

Editor's Notes

  1. We’re having a mobile first approach where we push our productsPayPal is opening up to technology and developers
  2. There is no way to better explain anything than using Lego and NinjasPic: http://www.flickr.com/photos/mac_filko/5471023503/
  3. Authorization firstDo we always need to have site-specific passwords?
  4. Passed as header in the requestsencodedas Base64
  5. Passed as header in the requestsencodedas Base64
  6. Passed as header in the requestsencodedas Base64
  7. http://www.nngroup.com/articles/stop-password-masking/Jakob Nielsen 2009
  8. Final Draft 2007Eran HammerTwitter, Yahoo, Google
  9. Request TokenAccess Token
  10. 2009 Possible man-in-the-middle attackRedirect url moved from step 2 to 1
  11. Matthias KäpplerQype / SoundCloud
  12. Focus on simplicity and different scenariosMain framework published in 2012Bearer token
  13. Authorization codeAccess tokenRefresh token
  14. Eran Hammer discusses disadvantages of OAuth 2.0Blueprint for an authorization protocol
  15. Security flawsthatneedtobesolved in theimplementationEgorHomakov
  16. This is about proving that it’s actually mehttp://www.flickr.com/photos/gaelx/5445598436
  17. To name just a few interesting pieces of informationDefinition via scopes which can be static or dynamic
  18. Developed in 20052012 Authenticationbug hijackingMyOpenID.com to shut down in 2014 (JanRain)
  19. Launched 2011Pushed via MozillaIdentity Bridging in 2013 (via Gmail, ..)
  20. ProvidesidentityandgrantsaccesstoresourcesDraft in 2009UsesOAuth 1.0
  21. Identity layer on top of OAuth 2.0Access profile information in a REST-friendly wayCurrently still a draftSession management
  22. SocialconnectstomyfriendsandshowsinterestsConcrete pulls real data
  23. Source: http://www.shop.org/sites/default/files/janrain_-_consumer_perceptions_of_online_registration_social_sign_in_0.pdf
  24. Don‘tuseidentityasbarrierDon‘tforceusersintoitPicture: http://www.flickr.com/photos/pagedooley/5313215496