OAuth is more than an authentication protocol. A decade from now, OAuth will be viewed as the great enabler of new business models and wealth creation in the app economy.
In this session we'll investigate why many business development ideas don't make it past the whiteboard and how OAuth changes that. We'll tickle our imaginations and explore what is possible in a world where crossing trust boundaries is done with lower risk, more control and higher security.
We Will Discuss »
- Blockers to Business Innovation
- How OAuth Changes the Rules
- Re-Imagining the Future of Business Development
UiPath Test Automation using UiPath Test Suite series, part 2
Bigger, Better Business With OAuth
1. Bigger, Better Business with
OAuth
11.11.17 @ 11:05 PST
VOIP or Dial-in (see chat)
groups.google.com/group/api-craft
Sam Ramji @sramji
Brian Mulloy @landlessness
18. “ In short, software is eating the world.
We are in the middle of a dramatic and broad
technological and economic shift in which
software companies are poised to take over
large swathes of the economy.
Marc Andreessen
31. Open platforms mean that
apps can be built by developers quickly
without formal commitment to
joint research,
joint development, and
joint marketing.
33. This reduces the cost of innovation,
enabling many more experiments to be made
more quickly,
increasing the chance of a major improvement
to the platform business, its customers, and its
intermediaries.
39. In modern businesses, buyers (users)
have accounts with sellers (providers)
which are filled with data
as well as transaction privileges.
40. For the system to function well,
buyers must be able to fire their intermediary
without breaking their relationship with the seller.
41. With apps as the intermediary, new dynamics
exist on top of the historical foundation.
42. Apps are new.
They are often short-lived.
Their business model depends on building a
high volume of users.
They must have some way to attain their first
transaction and be proven or else improved.
43. And this way must align with the
loose coupling philosophy at the heart
of an open platform
otherwise we’ve just secured our way back
into old-fashioned closed businesses
and killed our platform opportunity.
44. “ 20th Century IT was about raising barriers to
entry for competitors.
21st Century IT is about lowering barriers to
participation.
James Governor
Redmonk
45. So how do you build a trustworthy system
in an open world?
56. The heart of OAuth
is an authorization token with limited rights
which the user can revoke at any time
should they become suspicious or dissatisfied
with the app they’re using
to access your business.
57. When the token is first granted
the business shows the user what rights the
app is asking for
62. An app should have just enough permission
to do the things the user wants it to.
63.
64. OAuth allows for granular access to the user’s
account.
The current alternative is all or none
Give the app your username and password –
which gives the app access to everything
about you.
65. In OAuth, permissions can be gracefully
upgraded as well.
If the user tries to do something in an app and
they haven’t authorized the corresponding
permission, the business can give the users
the option to add that permission, using the
bootstrapping sequence used to grant the
token in the first place.
68. A developer’s job is to make software that
does what it is supposed to do.
A security expert’s job is to make sure
software never does what it is not supposed
to do.
69. App developers DO NOT WANT the
responsibility of holding a user’s secret
information.
Usernames and passwords,
Credit card and banking information,
Lifetime history of everyone you’ve emailed
These are heavy secrets
and require heavy security.
70. The right place for these is within your own
business, secured by your own experts and
your own infrastructure investments.
71. Decoupling partners from these challenges
keeps security consistent
with the open platform potential for
low-friction innovation.
103. THANK YOU
Questions and ideas to:
@sramji
@landlessness
groups.google.com/group/api-craft
youtube.com/apigee
Editor's Notes
Creative Commons Attribution-Share Alike 3.0 United States License
Invisible Engines
For most people, their car is their first or second most valuable possession, valued in tens of thousands of dollars. They are convenient places to leave our other valuables like computers and clothing. Yet we are sometimes required to give them to young, low-paid workers whom we’ve never met before.
http://www.istockphoto.com/stock-photo-15802228-young-man-in-hoodie-smiling.php?st=6167408How can we trust them?
In this situation we can give them a valet key – an authorization token with limited rights that can operate the vehicle but not grant access to the trunk, glovebox - or the rest of our keychain.