How PayPal uses Open Identity
•
3 recomendaciones•1,031 vistas
PayPal uses Open Identity to provide authentication for its 123 million active users. It uses OpenID Connect, which allows users to login once and access their profile information across multiple applications. OpenID Connect builds upon OAuth 2.0 by adding standard identity features like profile information and login/logout sessions. This allows PayPal to offer a simple and secure sign-in process while also giving users control over how their profile data is shared.
Recomendados
Recomendados
Más contenido relacionado
La actualidad más candente
La actualidad más candente (20)
Destacado
Similar a How PayPal uses Open Identity
Similar a How PayPal uses Open Identity (20)
Más de PayPal
Más de PayPal (20)
Último
Último (20)
How PayPal uses Open Identity
- 1. How PayPal uses Open Identity Tim Messerschmidt Moosecon Developer Evangelist 1 March 2012, Hannover @SeraAndroid
- 2. Who am I? Tim Messerschmdit Developer Evangelist Startup Mentor Author 2
- 3. 3
- 4. What is identity in the Web? 4
- 5. 5
- 6. 6
- 7. PayPal Access • active users: 123.000.000 • Uses OpenID Connect • Interesting for commercial use cases – Adds integrity to existing applications – Clearly business- & merchant-oriented • Actively being worked on! – Expect new kick-ass features soon 7
- 8. 8
- 9. 9
- 10. 10
- 11. 11
- 12. Why OpenID Connect? 12
- 13. Authorization vs. Authentication 13
- 14. OAuth 1.0 14
- 15. OAuth 2.0 15
- 16. OAuth 2.0 & the Road to Hell Eran Hammer: http://hueniverse.com/2012/07/oauth-2-0-and-the-road-to-hell/ 16
- 17. “OAuth 2.0 offers little to none code reusability” 17
- 18. “What 2.0 offers is a blueprint for an authorization protocol” 18
- 19. On the Deadness of OAuth 2 Tim Bray: http://www.tbray.org/ongoing/When/201x/2012/07/28/Oauth2-dead 19
- 20. OAuth 2 is useful today 20
- 21. “OAuth 2 may not be perfect, and may have been harmed by the Enterprise crap, but the core of Web functionality […] seems to have survived.” 21
- 22. OpenID Connect 22
- 23. 23
- 24. 24
- 25. Session management • Highly demanded feature – Service can be used to login & logout • OAuth 2.0 requires users to revoke permission to “logout” • Token validation & refreshment • AN Optional feature 25
- 26. Authorization Flow Client Server 1. Open Authorization 2. Provide a login page Endpoint URL 3. Return the Authorization 4. Check callbacks for Token after a successful Authorization Token login 5. Request a valid Access 6. Check Authorization Token Token & return the Access Token 7. Retrieve user’s resources if it’s valid 26
- 27. OAuth 2.0 implementation can be easily changed to OpenID Connect 27
- 28. Why should I use this? 28
- 29. People forget passwords… “45 % admit to leaving a website instead of re- setting their password or answering security questions” * * Blue Inc. 2011 29
- 30. People don’t like to register… Out of 657 surveyed users 66 % think that social sign-in is a desirable alternative. * * Blue Inc. 2011 30
- 31. Verified profiles Email – as it’s the user’s login Address – ship my stuff here! Name – makes sense, too … and much more information! 31
- 32. 1. profile 5 scopes to 2. email access the 3. address profile: 4. phone 5. attributes 32
- 33. Leverage an existing profile 33
- 34. x.com/identity 34
- 35. Help? Problems? • paypal.com/dts – Developer Technical Services – Ticketing • StackOverflow.com – Tag “PayPal” – Actively being watched by Technical Service and Developer Evangelists like me 35
- 36. Questions? 36
- 37. Thanks! tmesserschmidt@paypal.com @seraandroid / @paypaleurodev slideshare.net/PayPalEUDevs 37