SlideShare a Scribd company logo

CIS13: So, You Want to Be a Relying Party: Federated Login with Google Identity Toolkit and Google+ Sign-In

CloudIDSummit
CloudIDSummit

Adam Dawes, Product Manager, Google Jonathan Beri, Developer Advocate, Google There’s never been a better time to become a relying party, and Google offers two tools to help developers do just that. Google Identity Toolkit makes it easy for a site to outsource its authentication system (including password login) and become a relying party to the most popular identity providers. Google+ Sign-In can create more engaging experiences in your app and drive more usage across devices.

TechnologyBusiness
1 of 42
Download to read offline
Google Confidential and Proprietary So you want to be a Relying Party: Google Identity Toolkit v3 Adam Dawes July 9, 2013 http://goo.gl/8pA1v
Google Confidential and Proprietary Google Identity Toolkit ● Challenges to getting out of the password business ● GITKit v3 Overview and UX walkthrough ● GITKit v3 Deployment ● What's coming
Google Confidential and Proprietary Challenge #1: I don't know how to get rid of my password db
Google Confidential and Proprietary Challenge #2: I need a complete solution for both passwords and IDPs
Google Confidential and Proprietary Challenge #3: I don't know how to 'slow roll' conversion to IDP sign-in
Google Confidential and Proprietary Challenge #4: I'm afraid NASCAR UX will confuse users
Google Confidential and Proprietary GITKit v3 Key Features ● Migrate passwords to hosted authentication service ● Single integration point for multiple email IDPs and passwords ● Fine-grained controls for password to IDP conversion ● Streamlined login and new account UX without NASCAR ● Account management widgets ● Detection of security event in multi-session scenarios
Google Confidential and Proprietary GITKit provides a complete auth solution across passwords and multiple IDPs Auth Engine Password Store GITKit ID Token Legacy passwords GITKit APIs Login GITKit
Google Confidential and Proprietary GITKit v3 UX Walkthrough: Password Login
Google Confidential and Proprietary Account Chooser ● Addresses the NASCAR problem by initiating login with an “account hint” ● Privacy-preserving HTML5 app with all accounts stored locally
Google Confidential and Proprietary GITKit v3 UX Walkthrough: Password Sign Up
Google Confidential and Proprietary GITKit v3 UX Walkthrough: Password to IDP Account Conversion
Google Confidential and Proprietary Incrementally roll out IDP support to password users Configure and roll out usage of selected IDPs
Google Confidential and Proprietary GITKit v3 UX Walkthrough: IDP Sign Up
1) Sign-in button 2) Account Chooser 3) Password Entry/ Sign-up widgets 2Aii 2Ai, 2Aiii 2B password db 5) GITKit Service 5A 5B Auth Engine 4) IDP Auth 6) Post-login account chip 3A, 3C 3B 2Aiv 3D
Google Confidential and Proprietary GITKit v3 UX Walkthrough: Account Management Widget
Google Confidential and Proprietary GITKit Deployment - Overview 1. Register at the Google Developer Console 2. Modify your session management 3. Provide 4 endpoints: Callback, Home, Signout, and Lost-password a. Home and Sign-out are easy. b. Callback is just a one-line branch to GITKit handler code. c. Lost-password is hard. 4. Customize the GITKit UI 5. Migrate your users and accounts
Google Confidential and Proprietary GITKit Session Management - Basic ● You have to retrieve & validate the GITKit cookie; easy with a JWT library. ● When your session is invalid, check the GITKit cookie and if it's valid, load up a new session from it. ● If you notice it's a new user, use GITKit APIs to retrieve whatever information GITKit has on that user.
Google Confidential and Proprietary GITKit Session Management - Advanced You can use GITKit to check if a multiply-logged-in user has changed their password in another session. 1. Maintain a global per-user last-password-change timestamp. 2. Whenever the GITKit cookie changes, retrieve last-password- change and update the timestamp. Also, extract and remember the timestamp of the cookie itself. 3. For each transaction, check the GITKit cookie timestamp against the last-password-change timestamp. If it’s earlier, end the session, delete the GITKit cookie, and force re-authorization.
Google Confidential and Proprietary Advanced Topics - Lost Password Handling GITKit provides a CAPTCHA-protected password-change module. But it requires significant work from you. 1. Register a “Service Account” for your app in the Developer Console. 2. When you get the lost-password notification, use the Service- Account flow to get an offline-access token for GITKit. 3. Use the token to retrieve a one-time code. 4. Email a special callback URL including the code to the user; when they click it, the flow will complete.
Google Confidential and Proprietary What's coming for GITKit ● Non-email IDPs starting with Google+ Sign-in ● Support for IDPs that offer additional scopes and web widgets that use them ● Native library support for Android and iOS including interoperability with libraries from other IDPs
Google Confidential and Proprietary Questions? Thanks! Documentation Google Search: 'Google Identity Toolkit' Demo favcolor.net/gat Trusted Tester Sign-up goo.gl/U3w3f This deck goo.gl/8pA1v

Recommended

Cis14 google's account chooser
Cis14 google's account chooserCis14 google's account chooser
Cis14 google's account chooserCloudIDSummit
 
CIS14: Google's Identity Toolkit
CIS14: Google's Identity ToolkitCIS14: Google's Identity Toolkit
CIS14: Google's Identity ToolkitCloudIDSummit
 
Federated and fabulous identity
Federated and fabulous identityFederated and fabulous identity
Federated and fabulous identityAndre N. Klingsheim
 
AdWords API and OAuth 2.0
AdWords API and OAuth 2.0AdWords API and OAuth 2.0
AdWords API and OAuth 2.0marcwan
 
OAuth 2.0
OAuth 2.0 OAuth 2.0
OAuth 2.0 marcwan
 
Google auth dispelling the magic
Google auth dispelling the magicGoogle auth dispelling the magic
Google auth dispelling the magicZaar Hai
 
Google auth - dispelling the magic
Google auth - dispelling the magicGoogle auth - dispelling the magic
Google auth - dispelling the magicZaar Hai
 
[Webinar] WSO2 API Microgateway with Okta as Key Manager
[Webinar] WSO2 API Microgateway with Okta as Key Manager[Webinar] WSO2 API Microgateway with Okta as Key Manager
[Webinar] WSO2 API Microgateway with Okta as Key ManagerWSO2
 

Recommended

Cis14 google's account chooser
Cis14 google's account chooserCis14 google's account chooser
Cis14 google's account chooserCloudIDSummit
 
CIS14: Google's Identity Toolkit
CIS14: Google's Identity ToolkitCIS14: Google's Identity Toolkit
CIS14: Google's Identity ToolkitCloudIDSummit
 
Federated and fabulous identity
Federated and fabulous identityFederated and fabulous identity
Federated and fabulous identityAndre N. Klingsheim
 
AdWords API and OAuth 2.0
AdWords API and OAuth 2.0AdWords API and OAuth 2.0
AdWords API and OAuth 2.0marcwan
 
OAuth 2.0
OAuth 2.0 OAuth 2.0
OAuth 2.0 marcwan
 
Google auth dispelling the magic
Google auth dispelling the magicGoogle auth dispelling the magic
Google auth dispelling the magicZaar Hai
 
Google auth - dispelling the magic
Google auth - dispelling the magicGoogle auth - dispelling the magic
Google auth - dispelling the magicZaar Hai
 
[Webinar] WSO2 API Microgateway with Okta as Key Manager
[Webinar] WSO2 API Microgateway with Okta as Key Manager[Webinar] WSO2 API Microgateway with Okta as Key Manager
[Webinar] WSO2 API Microgateway with Okta as Key ManagerWSO2
 
Azure AD B2C Webinar Series: Custom Policies Part 2 Policy Walkthrough
Azure AD B2C Webinar Series: Custom Policies Part 2 Policy WalkthroughAzure AD B2C Webinar Series: Custom Policies Part 2 Policy Walkthrough
Azure AD B2C Webinar Series: Custom Policies Part 2 Policy WalkthroughVinu Gunasekaran
 
Normalization of Security Key User Experience
Normalization of Security Key User ExperienceNormalization of Security Key User Experience
Normalization of Security Key User ExperienceFIDO Alliance
 
Securing a Web App with Security Keys
Securing a Web App with Security KeysSecuring a Web App with Security Keys
Securing a Web App with Security KeysFIDO Alliance
 
The Whys and Hows of Deploying a Secure RPA Solution
The Whys and Hows of Deploying a Secure RPA SolutionThe Whys and Hows of Deploying a Secure RPA Solution
The Whys and Hows of Deploying a Secure RPA SolutionOption3
 
Monitorando APIs com Application Insights
Monitorando APIs com Application InsightsMonitorando APIs com Application Insights
Monitorando APIs com Application InsightsGustavo Bellini Bigardi
 
Securing a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationSecuring a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationFIDO Alliance
 
Troubles with Large Identity Providers.pptx
Troubles with Large Identity Providers.pptxTroubles with Large Identity Providers.pptx
Troubles with Large Identity Providers.pptxYury Leonychev
 
Webinar: End to End Security & Operations with Chainguard and Weave GitOps
Webinar: End to End Security & Operations with Chainguard and Weave GitOpsWebinar: End to End Security & Operations with Chainguard and Weave GitOps
Webinar: End to End Security & Operations with Chainguard and Weave GitOpsWeaveworks
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Systems, Inc.
 
Scottish Summit 2022 - Microsoft Information Protection de-mystified
Scottish Summit 2022 - Microsoft Information Protection de-mystifiedScottish Summit 2022 - Microsoft Information Protection de-mystified
Scottish Summit 2022 - Microsoft Information Protection de-mystifiedAlbert Hoitingh
 
Expert Tips and Techniques for Using Google Tag Manager
Expert Tips and Techniques for Using Google Tag ManagerExpert Tips and Techniques for Using Google Tag Manager
Expert Tips and Techniques for Using Google Tag ManagerOWOX BI
 
Killing Passwords with JavaScript
Killing Passwords with JavaScriptKilling Passwords with JavaScript
Killing Passwords with JavaScriptFrancois Marier
 
Python Development - V2STech Corporate presentation
Python Development - V2STech Corporate presentationPython Development - V2STech Corporate presentation
Python Development - V2STech Corporate presentationV2STech Solutions Private limited
 
A Big (Query) Frog in a Small Pond, Jakub Motyl, BuffPanel
A Big (Query) Frog in a Small Pond, Jakub Motyl, BuffPanelA Big (Query) Frog in a Small Pond, Jakub Motyl, BuffPanel
A Big (Query) Frog in a Small Pond, Jakub Motyl, BuffPanelData Science Club
 
Most Advanced GTM Deployment. Ever!
Most Advanced GTM Deployment. Ever!Most Advanced GTM Deployment. Ever!
Most Advanced GTM Deployment. Ever!Phil Pearce
 
Presenting Data – An Alternative to the View Control
Presenting Data – An Alternative to the View ControlPresenting Data – An Alternative to the View Control
Presenting Data – An Alternative to the View ControlTeamstudio
 
2013.devcon3 liferay and google authenticator integration rafik_harabi
2013.devcon3 liferay and google authenticator integration rafik_harabi2013.devcon3 liferay and google authenticator integration rafik_harabi
2013.devcon3 liferay and google authenticator integration rafik_harabiRafik HARABI
 
The Many Flavors of OAuth - Understand Everything About OAuth2
The Many Flavors of OAuth - Understand Everything About OAuth2The Many Flavors of OAuth - Understand Everything About OAuth2
The Many Flavors of OAuth - Understand Everything About OAuth2Khor SoonHin
 
QuickBooks
QuickBooksQuickBooks
QuickBooksAmritanshu Sawarn
 
Cost-Effective Two-Factor Authentication
Cost-Effective Two-Factor AuthenticationCost-Effective Two-Factor Authentication
Cost-Effective Two-Factor AuthenticationWaihon Yew
 
CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content HighlightsCloudIDSummit
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016CloudIDSummit
 

More Related Content

Similar to CIS13: So, You Want to Be a Relying Party: Federated Login with Google Identity Toolkit and Google+ Sign-In

Azure AD B2C Webinar Series: Custom Policies Part 2 Policy Walkthrough
Azure AD B2C Webinar Series: Custom Policies Part 2 Policy WalkthroughAzure AD B2C Webinar Series: Custom Policies Part 2 Policy Walkthrough
Azure AD B2C Webinar Series: Custom Policies Part 2 Policy WalkthroughVinu Gunasekaran
 
Normalization of Security Key User Experience
Normalization of Security Key User ExperienceNormalization of Security Key User Experience
Normalization of Security Key User ExperienceFIDO Alliance
 
Securing a Web App with Security Keys
Securing a Web App with Security KeysSecuring a Web App with Security Keys
Securing a Web App with Security KeysFIDO Alliance
 
The Whys and Hows of Deploying a Secure RPA Solution
The Whys and Hows of Deploying a Secure RPA SolutionThe Whys and Hows of Deploying a Secure RPA Solution
The Whys and Hows of Deploying a Secure RPA SolutionOption3
 
Monitorando APIs com Application Insights
Monitorando APIs com Application InsightsMonitorando APIs com Application Insights
Monitorando APIs com Application InsightsGustavo Bellini Bigardi
 
Securing a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationSecuring a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationFIDO Alliance
 
Troubles with Large Identity Providers.pptx
Troubles with Large Identity Providers.pptxTroubles with Large Identity Providers.pptx
Troubles with Large Identity Providers.pptxYury Leonychev
 
Webinar: End to End Security & Operations with Chainguard and Weave GitOps
Webinar: End to End Security & Operations with Chainguard and Weave GitOpsWebinar: End to End Security & Operations with Chainguard and Weave GitOps
Webinar: End to End Security & Operations with Chainguard and Weave GitOpsWeaveworks
 
Scottish Summit 2022 - Microsoft Information Protection de-mystified
Scottish Summit 2022 - Microsoft Information Protection de-mystifiedScottish Summit 2022 - Microsoft Information Protection de-mystified
Scottish Summit 2022 - Microsoft Information Protection de-mystifiedAlbert Hoitingh
 
Expert Tips and Techniques for Using Google Tag Manager
Expert Tips and Techniques for Using Google Tag ManagerExpert Tips and Techniques for Using Google Tag Manager
Expert Tips and Techniques for Using Google Tag ManagerOWOX BI
 
Killing Passwords with JavaScript
Killing Passwords with JavaScriptKilling Passwords with JavaScript
Killing Passwords with JavaScriptFrancois Marier
 
A Big (Query) Frog in a Small Pond, Jakub Motyl, BuffPanel
A Big (Query) Frog in a Small Pond, Jakub Motyl, BuffPanelA Big (Query) Frog in a Small Pond, Jakub Motyl, BuffPanel
A Big (Query) Frog in a Small Pond, Jakub Motyl, BuffPanelData Science Club
 
Most Advanced GTM Deployment. Ever!
Most Advanced GTM Deployment. Ever!Most Advanced GTM Deployment. Ever!
Most Advanced GTM Deployment. Ever!Phil Pearce
 
Presenting Data – An Alternative to the View Control
Presenting Data – An Alternative to the View ControlPresenting Data – An Alternative to the View Control
Presenting Data – An Alternative to the View ControlTeamstudio
 
2013.devcon3 liferay and google authenticator integration rafik_harabi
2013.devcon3 liferay and google authenticator integration rafik_harabi2013.devcon3 liferay and google authenticator integration rafik_harabi
2013.devcon3 liferay and google authenticator integration rafik_harabiRafik HARABI
 
The Many Flavors of OAuth - Understand Everything About OAuth2
The Many Flavors of OAuth - Understand Everything About OAuth2The Many Flavors of OAuth - Understand Everything About OAuth2
The Many Flavors of OAuth - Understand Everything About OAuth2Khor SoonHin
 
Cost-Effective Two-Factor Authentication
Cost-Effective Two-Factor AuthenticationCost-Effective Two-Factor Authentication
Cost-Effective Two-Factor AuthenticationWaihon Yew
 

Similar to CIS13: So, You Want to Be a Relying Party: Federated Login with Google Identity Toolkit and Google+ Sign-In (20)

Azure AD B2C Webinar Series: Custom Policies Part 2 Policy Walkthrough
Azure AD B2C Webinar Series: Custom Policies Part 2 Policy WalkthroughAzure AD B2C Webinar Series: Custom Policies Part 2 Policy Walkthrough
Azure AD B2C Webinar Series: Custom Policies Part 2 Policy Walkthrough
 
Normalization of Security Key User Experience
Normalization of Security Key User ExperienceNormalization of Security Key User Experience
Normalization of Security Key User Experience
 
Securing a Web App with Security Keys
Securing a Web App with Security KeysSecuring a Web App with Security Keys
Securing a Web App with Security Keys
 
The Whys and Hows of Deploying a Secure RPA Solution
The Whys and Hows of Deploying a Secure RPA SolutionThe Whys and Hows of Deploying a Secure RPA Solution
The Whys and Hows of Deploying a Secure RPA Solution
 
Monitorando APIs com Application Insights
Monitorando APIs com Application InsightsMonitorando APIs com Application Insights
Monitorando APIs com Application Insights
 
Securing a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationSecuring a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web Authentication
 
Troubles with Large Identity Providers.pptx
Troubles with Large Identity Providers.pptxTroubles with Large Identity Providers.pptx
Troubles with Large Identity Providers.pptx
 
Webinar: End to End Security & Operations with Chainguard and Weave GitOps
Webinar: End to End Security & Operations with Chainguard and Weave GitOpsWebinar: End to End Security & Operations with Chainguard and Weave GitOps
Webinar: End to End Security & Operations with Chainguard and Weave GitOps
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password Manager
 
Scottish Summit 2022 - Microsoft Information Protection de-mystified
Scottish Summit 2022 - Microsoft Information Protection de-mystifiedScottish Summit 2022 - Microsoft Information Protection de-mystified
Scottish Summit 2022 - Microsoft Information Protection de-mystified
 
Expert Tips and Techniques for Using Google Tag Manager
Expert Tips and Techniques for Using Google Tag ManagerExpert Tips and Techniques for Using Google Tag Manager
Expert Tips and Techniques for Using Google Tag Manager
 
Killing Passwords with JavaScript
Killing Passwords with JavaScriptKilling Passwords with JavaScript
Killing Passwords with JavaScript
 
Python Development - V2STech Corporate presentation
Python Development - V2STech Corporate presentationPython Development - V2STech Corporate presentation
Python Development - V2STech Corporate presentation
 
A Big (Query) Frog in a Small Pond, Jakub Motyl, BuffPanel
A Big (Query) Frog in a Small Pond, Jakub Motyl, BuffPanelA Big (Query) Frog in a Small Pond, Jakub Motyl, BuffPanel
A Big (Query) Frog in a Small Pond, Jakub Motyl, BuffPanel
 
Most Advanced GTM Deployment. Ever!
Most Advanced GTM Deployment. Ever!Most Advanced GTM Deployment. Ever!
Most Advanced GTM Deployment. Ever!
 
Presenting Data – An Alternative to the View Control
Presenting Data – An Alternative to the View ControlPresenting Data – An Alternative to the View Control
Presenting Data – An Alternative to the View Control
 
2013.devcon3 liferay and google authenticator integration rafik_harabi
2013.devcon3 liferay and google authenticator integration rafik_harabi2013.devcon3 liferay and google authenticator integration rafik_harabi
2013.devcon3 liferay and google authenticator integration rafik_harabi
 
The Many Flavors of OAuth - Understand Everything About OAuth2
The Many Flavors of OAuth - Understand Everything About OAuth2The Many Flavors of OAuth - Understand Everything About OAuth2
The Many Flavors of OAuth - Understand Everything About OAuth2
 
QuickBooks
QuickBooksQuickBooks
QuickBooks
 
Cost-Effective Two-Factor Authentication
Cost-Effective Two-Factor AuthenticationCost-Effective Two-Factor Authentication
Cost-Effective Two-Factor Authentication
 

More from CloudIDSummit

CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content HighlightsCloudIDSummit
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016CloudIDSummit
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CloudIDSummit
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2CloudIDSummit
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CloudIDSummit
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CloudIDSummit
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CloudIDSummit
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CloudIDSummit
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCloudIDSummit
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCloudIDSummit
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CloudIDSummit
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCloudIDSummit
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCloudIDSummit
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCloudIDSummit
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCloudIDSummit
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...CloudIDSummit
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCloudIDSummit
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCloudIDSummit
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCloudIDSummit
 
CIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCloudIDSummit
 

More from CloudIDSummit (20)

CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content Highlights
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean Deuby
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
 
CIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of Things
 

Recently uploaded

Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 

Recently uploaded (20)

Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 

CIS13: So, You Want to Be a Relying Party: Federated Login with Google Identity Toolkit and Google+ Sign-In

  • 1. Google Confidential and Proprietary So you want to be a Relying Party: Google Identity Toolkit v3 Adam Dawes July 9, 2013 http://goo.gl/8pA1v
  • 2. Google Confidential and Proprietary Google Identity Toolkit ● Challenges to getting out of the password business ● GITKit v3 Overview and UX walkthrough ● GITKit v3 Deployment ● What's coming
  • 3. Google Confidential and Proprietary Challenge #1: I don't know how to get rid of my password db
  • 4. Google Confidential and Proprietary Challenge #2: I need a complete solution for both passwords and IDPs
  • 5. Google Confidential and Proprietary Challenge #3: I don't know how to 'slow roll' conversion to IDP sign-in
  • 6. Google Confidential and Proprietary Challenge #4: I'm afraid NASCAR UX will confuse users
  • 7. Google Confidential and Proprietary GITKit v3 Key Features ● Migrate passwords to hosted authentication service ● Single integration point for multiple email IDPs and passwords ● Fine-grained controls for password to IDP conversion ● Streamlined login and new account UX without NASCAR ● Account management widgets ● Detection of security event in multi-session scenarios
  • 8. Google Confidential and Proprietary GITKit provides a complete auth solution across passwords and multiple IDPs Auth Engine Password Store GITKit ID Token Legacy passwords GITKit APIs Login GITKit
  • 9. Google Confidential and Proprietary GITKit v3 UX Walkthrough: Password Login
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15. Google Confidential and Proprietary Account Chooser ● Addresses the NASCAR problem by initiating login with an “account hint” ● Privacy-preserving HTML5 app with all accounts stored locally
  • 16. Google Confidential and Proprietary GITKit v3 UX Walkthrough: Password Sign Up
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23. Google Confidential and Proprietary GITKit v3 UX Walkthrough: Password to IDP Account Conversion
  • 24. Google Confidential and Proprietary Incrementally roll out IDP support to password users Configure and roll out usage of selected IDPs
  • 25.
  • 26.
  • 27.
  • 28. Google Confidential and Proprietary GITKit v3 UX Walkthrough: IDP Sign Up
  • 29.
  • 30.
  • 31.
  • 32.
  • 33. 1) Sign-in button 2) Account Chooser 3) Password Entry/ Sign-up widgets 2Aii 2Ai, 2Aiii 2B password db 5) GITKit Service 5A 5B Auth Engine 4) IDP Auth 6) Post-login account chip 3A, 3C 3B 2Aiv 3D
  • 34. Google Confidential and Proprietary GITKit v3 UX Walkthrough: Account Management Widget
  • 35.
  • 36.
  • 37. Google Confidential and Proprietary GITKit Deployment - Overview 1. Register at the Google Developer Console 2. Modify your session management 3. Provide 4 endpoints: Callback, Home, Signout, and Lost-password a. Home and Sign-out are easy. b. Callback is just a one-line branch to GITKit handler code. c. Lost-password is hard. 4. Customize the GITKit UI 5. Migrate your users and accounts
  • 38. Google Confidential and Proprietary GITKit Session Management - Basic ● You have to retrieve & validate the GITKit cookie; easy with a JWT library. ● When your session is invalid, check the GITKit cookie and if it's valid, load up a new session from it. ● If you notice it's a new user, use GITKit APIs to retrieve whatever information GITKit has on that user.
  • 39. Google Confidential and Proprietary GITKit Session Management - Advanced You can use GITKit to check if a multiply-logged-in user has changed their password in another session. 1. Maintain a global per-user last-password-change timestamp. 2. Whenever the GITKit cookie changes, retrieve last-password- change and update the timestamp. Also, extract and remember the timestamp of the cookie itself. 3. For each transaction, check the GITKit cookie timestamp against the last-password-change timestamp. If it’s earlier, end the session, delete the GITKit cookie, and force re-authorization.
  • 40. Google Confidential and Proprietary Advanced Topics - Lost Password Handling GITKit provides a CAPTCHA-protected password-change module. But it requires significant work from you. 1. Register a “Service Account” for your app in the Developer Console. 2. When you get the lost-password notification, use the Service- Account flow to get an offline-access token for GITKit. 3. Use the token to retrieve a one-time code. 4. Email a special callback URL including the code to the user; when they click it, the flow will complete.
  • 41. Google Confidential and Proprietary What's coming for GITKit ● Non-email IDPs starting with Google+ Sign-in ● Support for IDPs that offer additional scopes and web widgets that use them ● Native library support for Android and iOS including interoperability with libraries from other IDPs
  • 42. Google Confidential and Proprietary Questions? Thanks! Documentation Google Search: 'Google Identity Toolkit' Demo favcolor.net/gat Trusted Tester Sign-up goo.gl/U3w3f This deck goo.gl/8pA1v