Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Openid & Oauth: An Introduction


Published on

Open Standards for Authentication and Authorization (An introduction).

This presentation was originally given for about 80 developers at an internal tech day.

Published in: Technology, Design

Openid & Oauth: An Introduction

  1. 1. OpenID & Oauth Open Standards for Authentication and Authorization (An introduction)
  2. 2. The Open Web <ul><li>Unencumbered, Cross-Platform Standards </li></ul><ul><li>Open Source / Free Software Implementations </li></ul><ul><li>No Single-Vendor &quot;Lock-In” </li></ul><ul><li>Distributed Extensibility </li></ul>
  3. 3. OpenID is… <ul><li>Lightweight </li></ul><ul><li>Distributed </li></ul><ul><li>User-Centric (not Site-Centric) </li></ul>
  4. 4. OpenID is also… <ul><li>Built on web standards </li></ul><ul><li>DNS/HTTP/SSL </li></ul><ul><li>Diffie-Hellman (PKI) </li></ul>
  5. 5. History <ul><li>2005: Developed by Brad Fitzpatrick, Creator of LiveJournal </li></ul><ul><li>2006: Delegation, XRI support, extensions: OpenID 2.0 </li></ul><ul><li>2007: OpenID Foundation </li></ul><ul><li>2008: More than 13,000 Consuming Sites </li></ul>
  6. 6. OpenID In The Wild
  7. 7. A Solution For… <ul><li>Maintaining Usernames </li></ul><ul><li>Password Overload (insecurity) </li></ul><ul><li>Site-centric Identity </li></ul>
  8. 8. Basics <ul><li>An OpenID is a URL </li></ul><ul><ul><li> </li></ul></ul><ul><li>Provider </li></ul><ul><ul><li> </li></ul></ul><ul><li>Relying Parties </li></ul><ul><li>Delegation </li></ul><ul><ul><li> </li></ul></ul>
  9. 9. The Dance (Conversation)
  10. 10. DEMO <ul><li>LiveJournal User </li></ul><ul><li>Ma.gnolia </li></ul><ul><li>One-Time Authentication </li></ul><ul><li>Persistent Authentication </li></ul>
  11. 11. The “Open” in OpenID <ul><li>Delegation support is required </li></ul><ul><li><link rel=“openid.delegate” /> </li></ul><ul><li>Multiple accounts, multiple Providers </li></ul><ul><li>No Lock-in </li></ul>
  12. 12. Q & A
  13. 13. Oauth is… <ul><li>“ OAuth is like a valet key for all your web services .  A valet key lets you give a valet the ability to park your car, but not the ability to get into the trunk or drive more than 2 miles or redline the RPMs on your high end German automobile.  In the same way, an OAuth key lets you give a web agent the ability to check your web mail but NOT the ability to pretend to be you and send mail to everybody in your address book.” </li></ul><ul><li> </li></ul>
  14. 14. Authentication <ul><li>Similar to: </li></ul><ul><li>AuthSub (Google) </li></ul><ul><li>BBAuth (Yahoo) </li></ul><ul><li>Flickr Auth </li></ul><ul><li>OpenAuth (AOL) </li></ul>
  15. 15. API Level <ul><li>Application To Application </li></ul><ul><li>“ Agency” </li></ul>
  16. 16. Basics <ul><li>User </li></ul><ul><li>Service Provider </li></ul><ul><li>Consumer </li></ul><ul><li>Protected Resources </li></ul><ul><li>Tokens </li></ul>
  17. 17. The Dance (Conversation) <ul><li>(Developed from: http:// ) </li></ul>
  18. 18. Who’s Supporting Oauth? <ul><li>Google </li></ul><ul><li>FireEagle (Yahoo) </li></ul><ul><li>Ma.gnolia </li></ul><ul><li>Amazon </li></ul><ul><li>Flickr </li></ul><ul><li>Digg </li></ul><ul><li>And more… </li></ul>
  19. 19. Q & A
  20. 20. Sources <ul><li> </li></ul><ul><li> </li></ul><ul><li> </li></ul><ul><li> </li></ul><ul><li> </li></ul><ul><li> </li></ul><ul><li> </li></ul><ul><li> </li></ul><ul><li> </li></ul><ul><li> </li></ul>
  21. 21. Your Host <ul><li>Steve Ivy </li></ul><ul><li>[email_address] </li></ul><ul><li>Open Standards, Open Source Agitator </li></ul><ul><li> </li></ul>