2. About me
Billy Cravens
ColdFusion since 4.0 (1999)
Houston CFUG manager
Former DFWCFUG board member
Other languages: PHP, .NET; node.js ninja in training
Remember the Wrox book?
3. About me
Supporter of Cystic Fibrosis (research)
www.CureCF.com
Twitter: @bdcravens
Web:
www.billycravens.com
billy.io
5. Pain points of traditional/
Advantages of federated login
Registration and conversion rates
(statistic here would be nice!)
Established user profiles
Customer care and password recovery costs
Social web
Facebook: 845 million users
Twitter: 300 millions users
Google: 350 million Gmail users
Linked In : 135 million users
15. oAuth 2.0 Workflow
Send user to User logs in and grants Send token to your
authentication URI permissions callback URI
API calls using
Verify token
token
20. Integrate into existing security
Authenticate your user
Authenticate with service
Capture user ID field of service, save to database
Notas del editor
\n
\n
\n
Session check: briefly show /session code (no more than 1 minute)\n\nCFLogin: briefly show /cflogin code (no more than 1 minute)\n\nOS options: don’t show examples\n
\n
Trust and perception:\n* people's unwillingness to grant *your* application access to their Twitter/FB/Google data. \n* Although most of these allow a level of access that is only used for auth, many users will not understand that and so may be hesitant to allow access. \n* you are placing trust in another authority, which is also an issue.\n* privacy issues: access to your website as data to mine\n\n
TODO: short blurb about Liberty Alliance. Discuss role in standard, merger into Kantara Initiative\n\nMS Passport: proprietary solution, some early adoption, Starbucks.com; \nbegan process of migrating Windows Live ID to OpenID, but never moved past CTP\n
\n
only one we’re interested in is Google\n\nin this presentation we’re only going to look at \n\n