![BUILDING AND USING SECURE WEB SERVICES WITH OAUTH Skillswap Goes Portable, November 25, 2008 Bruce Boughton [email_address] http://bruceboughton.me.uk http://lab.madgex.com/](https://image.slidesharecdn.com/skillswap-presentation-1227661745256551-9/85/Building-and-using-web-services-with-OAuth-1-320.jpg)
More Related Content
Similar to Building and using web services with OAuth
Similar to Building and using web services with OAuth (20)
Recently uploaded
Recently uploaded (20)
Building and using web services with OAuth
- 1. BUILDING AND USING SECURE WEB SERVICES WITH OAUTH Skillswap Goes Portable, November 25, 2008 Bruce Boughton [email_address] http://bruceboughton.me.uk http://lab.madgex.com/
- 2. web services are about data let’s think about data...
- 4. why?
- 5. CONTROL YOUR DATA Don't get locked into one vendor
- 6. Mash|ups < data > MORE INTERESTING http://pipes.yahoo.com/bruceboughton/skillswapmashup
- 7. RE-PURPOSE YOUR DATA in different contexts
- 9. Data should be available in STANDARD DATA FORMATS <xml/> POSH JSON μ f
- 16. we need an easy , user-friendly standard for third party api security
- 24. one thing: OAuth != OpenID (but they do play nicely)
- 25. OpenID is authentication OAUTH IS ACCESS CONTROL
- 27. Protected resources are exposed by service providers and used by consumer applications on behalf of users
- 28. e.g. My physical location is exposed by the Fire Eagle API and used by the Madgex Lab demo on my behalf
- 29. Consumer identity asserted using CONSUMER KEY and SECRET
- 32. Requests are SIGNED and include a TIMESTAMP and NONCE
- 33. This is just PLAIN OLD HTTP with added super powers
- 34. don’t worry, there are plenty of open source libraries
- 35. Ruby .NET Python PHP Java JavaScript Objective-C and more... http://oauth.net/code
- 36. do we have time for some code? OAuth.net library http://lab.madgex.com/oauth-net
- 41. QUESTIONS? OR BEER. Bruce Boughton [email_address] http://bruceboughton.me.uk http://lab.madgex.com/