SlideShare una empresa de Scribd logo

How OAuth and portable data can revolutionize your web app - Chris Messina

Carsonified Team
Carsonified Team
Tecnología
1 de 47
Descargar para leer sin conexión
(FOR THE WIN) OAuth FTW How OAuth and portable data can revolutionize your web app Chris Messina October 10, 2008 Future of Web Apps London, England
OAuth |ō| |ôˌθ| Noun. An open protocol that allows secure API authorization in a simple and standard method from desktop, web and mobile applications.
The story of OAuth starts with OpenID.
 factoryjoe.com
factoryjoe.com ?! X
! 
factoryjoe.com ? X Can has OpenID?
X (APPLICATION PROGRAMMING INTERFACE) B-b-but what about API apps?
?
!?!
How much are your username and password worth?
wayn.com
imeem.com
 PC Load Letter?! What the f...!
The Password Anti-pattern!
Passwords are not confetti.
Please stop throwing them around.
Especially if they’re not yours.
 OAuth replaces the need for usernames and passwords with tokens and a hashing signature.
let’s take a look
Brightkite > pings Fire Eagle for Request Token Fire Eagle > returns authorization realm
Brightkite > requests that user authorize Brightkite Fire Eagle > user authenticates through Yahoo! accounts
Fire Eagle > user grants authorization to Brightkite Fire Eagle > Fire Eagle redirects user to callback URL
Brightkite > asks FE to exchange Request Token for Access Token Fire Eagle > checks signature; if valid, returns Access Token ...subsequent requests are signed with this Access Token
users can manage access...
...and change access
or can revoke access later without having to change their primary account password (i.e. if they lose their phone or their computer gets stolen)
?
discovery
Identity -› Discovery -› Authorization
OpenID -› XRDS-Simple -› OAuth Endpoint (EXTENSIBLE RESOURCE IDENTIFIER RESOLUTION)
Identity -› Discovery -› [Authentication] -› Authorization
http://will.norris.name <meta http-equiv=quot;X-XRDS-Locationquot; content=quot;http://will.norris.name/?xrdsquot; />
OpenID XRDS <?xml version=quot;1.0quot; encoding=quot;UTF-8quot;?> <xrds:XRDS xmlns:xrds=quot;xri://$xrdsquot; xmlns:openid=quot;http://openid.net/xmlns/1.0quot; xmlns=quot;xri://$xrd*($v*2.0)quot;> <XRD> <Service priority=quot;0quot;> <Type>http://specs.openid.net/auth/2.0/signon</Type> <Type>http://openid.net/sreg/1.0</Type> <Type>http://openid.net/extensions/sreg/1.1</Type> <Type>http://schemas.openid.net/pape/policies/2007/06/phishing-resistant</Type> <Type>http://schemas.openid.net/pape/policies/2007/06/multi-factor</Type> <Type>http://schemas.openid.net/pape/policies/2007/06/multi-factor-physical</Type> <URI>https://pip.verisignlabs.com/server</URI> <LocalID>https://recordond.pip.verisignlabs.com/</LocalID> </Service> </XRD> </xrds:XRDS>
XRDS-Simple for Portable Contacts <?xml version=quot;1.0quot; encoding=quot;UTF-8quot;?> <xrds:XRDS xmlns:xrds=quot;xri://$xrdsquot; xmlns:openid=quot;http://openid.net/xmlns/1.0quot; xmlns=quot;xri://$xrd*($v*2.0)quot;> <XRD version=quot;2.0quot;> <Type>xri://$xrds*simple</Type> <Service> <Type>http://portablecontacts.net/spec/1.0</Type> <URI>http://pulse.plaxo.com/pulse/pdata/contacts</URI> </Service> <Service priority=quot;0quot;> <Type>http://specs.openid.net/auth/2.0/signon</Type> <Type>http://openid.net/sreg/1.0</Type> <Type>http://openid.net/extensions/sreg/1.1</Type> <Type>http://schemas.openid.net/pape/policies/2007/06/phishing-resistant</Type> <Type>http://openid.net/srv/ax/1.0</Type> <URI>http://www.myopenid.com/server</URI> <LocalID>http://brian.myopenid.com/</LocalID> </Service> </XRD> </xrds:XRDS>
XRDS-Simple for Portable Contacts <XRD version=quot;2.0quot;> <Type>xri://$xrds*simple</Type> <Service> <Type>http://portablecontacts.net/spec/1.0</Type> <URI>http://pulse.plaxo.com/pulse/pdata/contacts</URI> </Service> <Service priority=quot;0quot;> <Type>http://specs.openid.net/auth/2.0/signon</Type> <Type>http://openid.net/sreg/1.0</Type> <Type>http://openid.net/extensions/sreg/1.1</Type> <Type>http://schemas.openid.net/pape/policies/2007/06/... <Type>http://openid.net/srv/ax/1.0</Type> ...
XRDS-Simple for Portable Contacts <XRD version=quot;2.0quot;> <Type>xri://$xrds*simple</Type> <Service> <Type>http://portablecontacts.net/spec/1.0</Type> <URI>http://soocial.com/contacts.xml</URI> </Service> <Service priority=quot;0quot;> <Type>http://specs.openid.net/auth/2.0/signon</Type> <Type>http://openid.net/sreg/1.0</Type> <Type>http://openid.net/extensions/sreg/1.1</Type> <Type>http://schemas.openid.net/pape/policies/2007/06/... <Type>http://openid.net/srv/ax/1.0</Type> ...
adoption
•OpenSocial •Meetup.com •MySpace •Ma.gnolia •Google •Get Satisfaction •Yahoo! (Fire Eagle) •Agree2 •Netflix •SoundCloud •SmugMug •88Miles •Photobucket •Pownce •Plaxo •Brightkite •Soocial.com •Praized http://wiki.oauth.net/ServiceProviders
code
•C# •OCaml •Coldfusion •Perl •Java •PHP •Javascript •CakePHP •Jifty •Python •.NET •Ruby •Objective-C •...interest in XMPP http://oauth.net/code
the pitch
fin. oauth.net me -› factoryjoe.com

Recomendados

Tendances cles du marche des reseaux sociaux
Tendances cles du marche des reseaux sociauxTendances cles du marche des reseaux sociaux
Tendances cles du marche des reseaux sociauxYoung Planneur
 
The DiSo Project and the Open Web
The DiSo Project and the Open WebThe DiSo Project and the Open Web
The DiSo Project and the Open WebChris Messina
 
Enterprise AIR Development for JavaScript Developers
Enterprise AIR Development for JavaScript DevelopersEnterprise AIR Development for JavaScript Developers
Enterprise AIR Development for JavaScript DevelopersAndreCharland
 
Connecting to Web Services on Android
Connecting to Web Services on AndroidConnecting to Web Services on Android
Connecting to Web Services on Androidsullis
 
The Current State of OAuth 2
The Current State of OAuth 2The Current State of OAuth 2
The Current State of OAuth 2Aaron Parecki
 
Los Angeles HTML5 User Group Meeting Ask the Expert Session
Los Angeles HTML5 User Group Meeting Ask the Expert SessionLos Angeles HTML5 User Group Meeting Ask the Expert Session
Los Angeles HTML5 User Group Meeting Ask the Expert SessionPeter Lubbers
 
Silver Light By Nyros Developer
Silver Light By Nyros DeveloperSilver Light By Nyros Developer
Silver Light By Nyros DeveloperNyros Technologies
 
Web Services and Android - OSSPAC 2009
Web Services and Android - OSSPAC 2009Web Services and Android - OSSPAC 2009
Web Services and Android - OSSPAC 2009sullis
 

Recomendados

Tendances cles du marche des reseaux sociaux
Tendances cles du marche des reseaux sociauxTendances cles du marche des reseaux sociaux
Tendances cles du marche des reseaux sociauxYoung Planneur
 
The DiSo Project and the Open Web
The DiSo Project and the Open WebThe DiSo Project and the Open Web
The DiSo Project and the Open WebChris Messina
 
Enterprise AIR Development for JavaScript Developers
Enterprise AIR Development for JavaScript DevelopersEnterprise AIR Development for JavaScript Developers
Enterprise AIR Development for JavaScript DevelopersAndreCharland
 
Connecting to Web Services on Android
Connecting to Web Services on AndroidConnecting to Web Services on Android
Connecting to Web Services on Androidsullis
 
The Current State of OAuth 2
The Current State of OAuth 2The Current State of OAuth 2
The Current State of OAuth 2Aaron Parecki
 
Los Angeles HTML5 User Group Meeting Ask the Expert Session
Los Angeles HTML5 User Group Meeting Ask the Expert SessionLos Angeles HTML5 User Group Meeting Ask the Expert Session
Los Angeles HTML5 User Group Meeting Ask the Expert SessionPeter Lubbers
 
Silver Light By Nyros Developer
Silver Light By Nyros DeveloperSilver Light By Nyros Developer
Silver Light By Nyros DeveloperNyros Technologies
 
Web Services and Android - OSSPAC 2009
Web Services and Android - OSSPAC 2009Web Services and Android - OSSPAC 2009
Web Services and Android - OSSPAC 2009sullis
 
GTAC: AtomPub, testing your server implementation
GTAC: AtomPub, testing your server implementationGTAC: AtomPub, testing your server implementation
GTAC: AtomPub, testing your server implementationDavid Calavera
 
Better watch your apps - MJ Keith
Better watch your apps - MJ KeithBetter watch your apps - MJ Keith
Better watch your apps - MJ Keithm j
 
Real time web (Orbited) at BCNE3
Real time web (Orbited) at BCNE3Real time web (Orbited) at BCNE3
Real time web (Orbited) at BCNE3Alex Kavanagh
 
OpenSocial - GTUG Stockholm Meeting Oct 1 2009
OpenSocial - GTUG Stockholm Meeting Oct 1 2009OpenSocial - GTUG Stockholm Meeting Oct 1 2009
OpenSocial - GTUG Stockholm Meeting Oct 1 2009Jacob Gyllenstierna
 
Google Devfest Singapore - OpenSocial
Google Devfest Singapore - OpenSocialGoogle Devfest Singapore - OpenSocial
Google Devfest Singapore - OpenSocialPatrick Chanezon
 
Widgets Tools Keynote
Widgets Tools KeynoteWidgets Tools Keynote
Widgets Tools KeynoteMichael Mahemoff
 
Web Application Security and Release of "WhiteHat Arsenal"
Web Application Security and Release of "WhiteHat Arsenal"Web Application Security and Release of "WhiteHat Arsenal"
Web Application Security and Release of "WhiteHat Arsenal"Jeremiah Grossman
 
Dart on Arm - Flutter Bangalore June 2021
Dart on Arm - Flutter Bangalore June 2021Dart on Arm - Flutter Bangalore June 2021
Dart on Arm - Flutter Bangalore June 2021Chris Swan
 
WordPress APIs
WordPress APIsWordPress APIs
WordPress APIsJoseph Scott
 
BNC Tech Forum 09: Lexcycle Stanza demo
BNC Tech Forum 09: Lexcycle Stanza demoBNC Tech Forum 09: Lexcycle Stanza demo
BNC Tech Forum 09: Lexcycle Stanza demoBookNet Canada
 
Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)Nordic APIs
 
GTLAB Installation Tutorial for SciDAC 2009
GTLAB Installation Tutorial for SciDAC 2009GTLAB Installation Tutorial for SciDAC 2009
GTLAB Installation Tutorial for SciDAC 2009marpierc
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecuritiesamiable_indian
 
In-house OAuth/OIDC Infrastructure as a Competitive Advantage #eic2021
In-house OAuth/OIDC Infrastructure as a Competitive Advantage #eic2021In-house OAuth/OIDC Infrastructure as a Competitive Advantage #eic2021
In-house OAuth/OIDC Infrastructure as a Competitive Advantage #eic2021Tatsuo Kudo
 
Enterprise Google Gadgets Integrated with Alfresco - Open Source ECM
Enterprise Google Gadgets Integrated with Alfresco - Open Source ECM Enterprise Google Gadgets Integrated with Alfresco - Open Source ECM
Enterprise Google Gadgets Integrated with Alfresco - Open Source ECM Alfresco Software
 
Privacy in Social Network Sites
Privacy in Social Network SitesPrivacy in Social Network Sites
Privacy in Social Network Sitesdariphagen
 
Ajax ons2
Ajax ons2Ajax ons2
Ajax ons2Chad Davis
 
How I built the demo's
How I built the demo'sHow I built the demo's
How I built the demo'sGlenn Jones
 
Comet web applications with Python, Django & Orbited
Comet web applications with Python, Django & OrbitedComet web applications with Python, Django & Orbited
Comet web applications with Python, Django & Orbitedskam
 
Daejeon IT Developer Conference Web Service Practice
Daejeon IT Developer Conference Web Service PracticeDaejeon IT Developer Conference Web Service Practice
Daejeon IT Developer Conference Web Service Practiceplusperson
 
Chris Lea - What does NoSQL Mean for You
Chris Lea - What does NoSQL Mean for YouChris Lea - What does NoSQL Mean for You
Chris Lea - What does NoSQL Mean for YouCarsonified Team
 
Tara Hunt - Your Social Media Strategy Wont Save You
Tara Hunt - Your Social Media Strategy Wont Save YouTara Hunt - Your Social Media Strategy Wont Save You
Tara Hunt - Your Social Media Strategy Wont Save YouCarsonified Team
 

Más contenido relacionado

Similar a How OAuth and portable data can revolutionize your web app - Chris Messina

GTAC: AtomPub, testing your server implementation
GTAC: AtomPub, testing your server implementationGTAC: AtomPub, testing your server implementation
GTAC: AtomPub, testing your server implementationDavid Calavera
 
Better watch your apps - MJ Keith
Better watch your apps - MJ KeithBetter watch your apps - MJ Keith
Better watch your apps - MJ Keithm j
 
Real time web (Orbited) at BCNE3
Real time web (Orbited) at BCNE3Real time web (Orbited) at BCNE3
Real time web (Orbited) at BCNE3Alex Kavanagh
 
OpenSocial - GTUG Stockholm Meeting Oct 1 2009
OpenSocial - GTUG Stockholm Meeting Oct 1 2009OpenSocial - GTUG Stockholm Meeting Oct 1 2009
OpenSocial - GTUG Stockholm Meeting Oct 1 2009Jacob Gyllenstierna
 
Google Devfest Singapore - OpenSocial
Google Devfest Singapore - OpenSocialGoogle Devfest Singapore - OpenSocial
Google Devfest Singapore - OpenSocialPatrick Chanezon
 
Web Application Security and Release of "WhiteHat Arsenal"
Web Application Security and Release of "WhiteHat Arsenal"Web Application Security and Release of "WhiteHat Arsenal"
Web Application Security and Release of "WhiteHat Arsenal"Jeremiah Grossman
 
Dart on Arm - Flutter Bangalore June 2021
Dart on Arm - Flutter Bangalore June 2021Dart on Arm - Flutter Bangalore June 2021
Dart on Arm - Flutter Bangalore June 2021Chris Swan
 
BNC Tech Forum 09: Lexcycle Stanza demo
BNC Tech Forum 09: Lexcycle Stanza demoBNC Tech Forum 09: Lexcycle Stanza demo
BNC Tech Forum 09: Lexcycle Stanza demoBookNet Canada
 
Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)Nordic APIs
 
GTLAB Installation Tutorial for SciDAC 2009
GTLAB Installation Tutorial for SciDAC 2009GTLAB Installation Tutorial for SciDAC 2009
GTLAB Installation Tutorial for SciDAC 2009marpierc
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecuritiesamiable_indian
 
In-house OAuth/OIDC Infrastructure as a Competitive Advantage #eic2021
In-house OAuth/OIDC Infrastructure as a Competitive Advantage #eic2021In-house OAuth/OIDC Infrastructure as a Competitive Advantage #eic2021
In-house OAuth/OIDC Infrastructure as a Competitive Advantage #eic2021Tatsuo Kudo
 
Enterprise Google Gadgets Integrated with Alfresco - Open Source ECM
Enterprise Google Gadgets Integrated with Alfresco - Open Source ECM Enterprise Google Gadgets Integrated with Alfresco - Open Source ECM
Enterprise Google Gadgets Integrated with Alfresco - Open Source ECM Alfresco Software
 
Privacy in Social Network Sites
Privacy in Social Network SitesPrivacy in Social Network Sites
Privacy in Social Network Sitesdariphagen
 
How I built the demo's
How I built the demo'sHow I built the demo's
How I built the demo'sGlenn Jones
 
Comet web applications with Python, Django & Orbited
Comet web applications with Python, Django & OrbitedComet web applications with Python, Django & Orbited
Comet web applications with Python, Django & Orbitedskam
 
Daejeon IT Developer Conference Web Service Practice
Daejeon IT Developer Conference Web Service PracticeDaejeon IT Developer Conference Web Service Practice
Daejeon IT Developer Conference Web Service Practiceplusperson
 

Similar a How OAuth and portable data can revolutionize your web app - Chris Messina (20)

GTAC: AtomPub, testing your server implementation
GTAC: AtomPub, testing your server implementationGTAC: AtomPub, testing your server implementation
GTAC: AtomPub, testing your server implementation
 
Better watch your apps - MJ Keith
Better watch your apps - MJ KeithBetter watch your apps - MJ Keith
Better watch your apps - MJ Keith
 
Real time web (Orbited) at BCNE3
Real time web (Orbited) at BCNE3Real time web (Orbited) at BCNE3
Real time web (Orbited) at BCNE3
 
OpenSocial - GTUG Stockholm Meeting Oct 1 2009
OpenSocial - GTUG Stockholm Meeting Oct 1 2009OpenSocial - GTUG Stockholm Meeting Oct 1 2009
OpenSocial - GTUG Stockholm Meeting Oct 1 2009
 
Google Devfest Singapore - OpenSocial
Google Devfest Singapore - OpenSocialGoogle Devfest Singapore - OpenSocial
Google Devfest Singapore - OpenSocial
 
Widgets Tools Keynote
Widgets Tools KeynoteWidgets Tools Keynote
Widgets Tools Keynote
 
Web Application Security and Release of "WhiteHat Arsenal"
Web Application Security and Release of "WhiteHat Arsenal"Web Application Security and Release of "WhiteHat Arsenal"
Web Application Security and Release of "WhiteHat Arsenal"
 
Dart on Arm - Flutter Bangalore June 2021
Dart on Arm - Flutter Bangalore June 2021Dart on Arm - Flutter Bangalore June 2021
Dart on Arm - Flutter Bangalore June 2021
 
WordPress APIs
WordPress APIsWordPress APIs
WordPress APIs
 
BNC Tech Forum 09: Lexcycle Stanza demo
BNC Tech Forum 09: Lexcycle Stanza demoBNC Tech Forum 09: Lexcycle Stanza demo
BNC Tech Forum 09: Lexcycle Stanza demo
 
Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)
 
GTLAB Installation Tutorial for SciDAC 2009
GTLAB Installation Tutorial for SciDAC 2009GTLAB Installation Tutorial for SciDAC 2009
GTLAB Installation Tutorial for SciDAC 2009
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecurities
 
In-house OAuth/OIDC Infrastructure as a Competitive Advantage #eic2021
In-house OAuth/OIDC Infrastructure as a Competitive Advantage #eic2021In-house OAuth/OIDC Infrastructure as a Competitive Advantage #eic2021
In-house OAuth/OIDC Infrastructure as a Competitive Advantage #eic2021
 
Enterprise Google Gadgets Integrated with Alfresco - Open Source ECM
Enterprise Google Gadgets Integrated with Alfresco - Open Source ECM Enterprise Google Gadgets Integrated with Alfresco - Open Source ECM
Enterprise Google Gadgets Integrated with Alfresco - Open Source ECM
 
Privacy in Social Network Sites
Privacy in Social Network SitesPrivacy in Social Network Sites
Privacy in Social Network Sites
 
Ajax ons2
Ajax ons2Ajax ons2
Ajax ons2
 
How I built the demo's
How I built the demo'sHow I built the demo's
How I built the demo's
 
Comet web applications with Python, Django & Orbited
Comet web applications with Python, Django & OrbitedComet web applications with Python, Django & Orbited
Comet web applications with Python, Django & Orbited
 
Daejeon IT Developer Conference Web Service Practice
Daejeon IT Developer Conference Web Service PracticeDaejeon IT Developer Conference Web Service Practice
Daejeon IT Developer Conference Web Service Practice
 

Más de Carsonified Team

Chris Lea - What does NoSQL Mean for You
Chris Lea - What does NoSQL Mean for YouChris Lea - What does NoSQL Mean for You
Chris Lea - What does NoSQL Mean for YouCarsonified Team
 
Tara Hunt - Your Social Media Strategy Wont Save You
Tara Hunt - Your Social Media Strategy Wont Save YouTara Hunt - Your Social Media Strategy Wont Save You
Tara Hunt - Your Social Media Strategy Wont Save YouCarsonified Team
 
Dion Almaer & Ben Galbraith - Build Once, Deploy Everywhere
Dion Almaer & Ben Galbraith - Build Once, Deploy EverywhereDion Almaer & Ben Galbraith - Build Once, Deploy Everywhere
Dion Almaer & Ben Galbraith - Build Once, Deploy EverywhereCarsonified Team
 
Steve Huffman - Lessons learned while at reddit.com
Steve Huffman - Lessons learned while at reddit.comSteve Huffman - Lessons learned while at reddit.com
Steve Huffman - Lessons learned while at reddit.comCarsonified Team
 
Neil Patel - What You Need to be Measuring and How to Do It
Neil Patel - What You Need to be Measuring and How to Do ItNeil Patel - What You Need to be Measuring and How to Do It
Neil Patel - What You Need to be Measuring and How to Do ItCarsonified Team
 
Molly Holzschlag - How HTML 5 is Going to Completely Change your Web App
Molly Holzschlag - How HTML 5 is Going to Completely Change your Web AppMolly Holzschlag - How HTML 5 is Going to Completely Change your Web App
Molly Holzschlag - How HTML 5 is Going to Completely Change your Web AppCarsonified Team
 
Mike Mcderment - Marketing Metrics and the Systems You Need to Measure Them
Mike Mcderment - Marketing Metrics and the Systems You Need to Measure ThemMike Mcderment - Marketing Metrics and the Systems You Need to Measure Them
Mike Mcderment - Marketing Metrics and the Systems You Need to Measure ThemCarsonified Team
 
Fred Wilson - The 10 Golden Principles for Successful Web Apps
Fred Wilson - The 10 Golden Principles for Successful Web AppsFred Wilson - The 10 Golden Principles for Successful Web Apps
Fred Wilson - The 10 Golden Principles for Successful Web AppsCarsonified Team
 
Alex Payne - Speedy, Stable, and Secure: Better Web Applications Through Func...
Alex Payne - Speedy, Stable, and Secure: Better Web Applications Through Func...Alex Payne - Speedy, Stable, and Secure: Better Web Applications Through Func...
Alex Payne - Speedy, Stable, and Secure: Better Web Applications Through Func...Carsonified Team
 
Aaron Patzer - How to Take Your Start-up to the Next Level
Aaron Patzer - How to Take Your Start-up to the Next LevelAaron Patzer - How to Take Your Start-up to the Next Level
Aaron Patzer - How to Take Your Start-up to the Next LevelCarsonified Team
 
Taking your Site from One to One Million Users by Kevin Rose
Taking your Site from One to One Million Users by Kevin RoseTaking your Site from One to One Million Users by Kevin Rose
Taking your Site from One to One Million Users by Kevin RoseCarsonified Team
 
The New Marketing, by Ryan Carson
The New Marketing, by Ryan CarsonThe New Marketing, by Ryan Carson
The New Marketing, by Ryan CarsonCarsonified Team
 
FOWA Tour- Andy McLoughlin
FOWA Tour- Andy McLoughlinFOWA Tour- Andy McLoughlin
FOWA Tour- Andy McLoughlinCarsonified Team
 
FOWA Tour- Graeme Mathieson
FOWA Tour- Graeme MathiesonFOWA Tour- Graeme Mathieson
FOWA Tour- Graeme MathiesonCarsonified Team
 
FOWA Bristol/ Leeds- Dan Rubin
FOWA Bristol/ Leeds- Dan RubinFOWA Bristol/ Leeds- Dan Rubin
FOWA Bristol/ Leeds- Dan RubinCarsonified Team
 

Más de Carsonified Team (20)

Chris Lea - What does NoSQL Mean for You
Chris Lea - What does NoSQL Mean for YouChris Lea - What does NoSQL Mean for You
Chris Lea - What does NoSQL Mean for You
 
Tara Hunt - Your Social Media Strategy Wont Save You
Tara Hunt - Your Social Media Strategy Wont Save YouTara Hunt - Your Social Media Strategy Wont Save You
Tara Hunt - Your Social Media Strategy Wont Save You
 
Dion Almaer & Ben Galbraith - Build Once, Deploy Everywhere
Dion Almaer & Ben Galbraith - Build Once, Deploy EverywhereDion Almaer & Ben Galbraith - Build Once, Deploy Everywhere
Dion Almaer & Ben Galbraith - Build Once, Deploy Everywhere
 
Steve Huffman - Lessons learned while at reddit.com
Steve Huffman - Lessons learned while at reddit.comSteve Huffman - Lessons learned while at reddit.com
Steve Huffman - Lessons learned while at reddit.com
 
Neil Patel - What You Need to be Measuring and How to Do It
Neil Patel - What You Need to be Measuring and How to Do ItNeil Patel - What You Need to be Measuring and How to Do It
Neil Patel - What You Need to be Measuring and How to Do It
 
Molly Holzschlag - How HTML 5 is Going to Completely Change your Web App
Molly Holzschlag - How HTML 5 is Going to Completely Change your Web AppMolly Holzschlag - How HTML 5 is Going to Completely Change your Web App
Molly Holzschlag - How HTML 5 is Going to Completely Change your Web App
 
Mike Mcderment - Marketing Metrics and the Systems You Need to Measure Them
Mike Mcderment - Marketing Metrics and the Systems You Need to Measure ThemMike Mcderment - Marketing Metrics and the Systems You Need to Measure Them
Mike Mcderment - Marketing Metrics and the Systems You Need to Measure Them
 
Fred Wilson - The 10 Golden Principles for Successful Web Apps
Fred Wilson - The 10 Golden Principles for Successful Web AppsFred Wilson - The 10 Golden Principles for Successful Web Apps
Fred Wilson - The 10 Golden Principles for Successful Web Apps
 
Alex Payne - Speedy, Stable, and Secure: Better Web Applications Through Func...
Alex Payne - Speedy, Stable, and Secure: Better Web Applications Through Func...Alex Payne - Speedy, Stable, and Secure: Better Web Applications Through Func...
Alex Payne - Speedy, Stable, and Secure: Better Web Applications Through Func...
 
Aaron Patzer - How to Take Your Start-up to the Next Level
Aaron Patzer - How to Take Your Start-up to the Next LevelAaron Patzer - How to Take Your Start-up to the Next Level
Aaron Patzer - How to Take Your Start-up to the Next Level
 
Taking your Site from One to One Million Users by Kevin Rose
Taking your Site from One to One Million Users by Kevin RoseTaking your Site from One to One Million Users by Kevin Rose
Taking your Site from One to One Million Users by Kevin Rose
 
The New Marketing, by Ryan Carson
The New Marketing, by Ryan CarsonThe New Marketing, by Ryan Carson
The New Marketing, by Ryan Carson
 
FOWA Tour- Richard Healy
FOWA Tour- Richard HealyFOWA Tour- Richard Healy
FOWA Tour- Richard Healy
 
FOWA Tour- Andy McLoughlin
FOWA Tour- Andy McLoughlinFOWA Tour- Andy McLoughlin
FOWA Tour- Andy McLoughlin
 
FOWA Tour- Dorothy Briggs
FOWA Tour- Dorothy BriggsFOWA Tour- Dorothy Briggs
FOWA Tour- Dorothy Briggs
 
FOWA Tour- Ryan Carson
FOWA Tour- Ryan CarsonFOWA Tour- Ryan Carson
FOWA Tour- Ryan Carson
 
FOWA Tour- Roan Lavery
FOWA Tour- Roan LaveryFOWA Tour- Roan Lavery
FOWA Tour- Roan Lavery
 
FOWA Tour- Graeme Mathieson
FOWA Tour- Graeme MathiesonFOWA Tour- Graeme Mathieson
FOWA Tour- Graeme Mathieson
 
FOWA Bristol/ Leeds- Dan Rubin
FOWA Bristol/ Leeds- Dan RubinFOWA Bristol/ Leeds- Dan Rubin
FOWA Bristol/ Leeds- Dan Rubin
 
FOWA Bristol- Ian Broom
FOWA Bristol- Ian BroomFOWA Bristol- Ian Broom
FOWA Bristol- Ian Broom
 

Último

Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 

Último (20)

Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 

How OAuth and portable data can revolutionize your web app - Chris Messina

  • 1. (FOR THE WIN) OAuth FTW How OAuth and portable data can revolutionize your web app Chris Messina October 10, 2008 Future of Web Apps London, England
  • 2. OAuth |ō| |ôˌθ| Noun. An open protocol that allows secure API authorization in a simple and standard method from desktop, web and mobile applications.
  • 3. The story of OAuth starts with OpenID.
  • 7. factoryjoe.com ? X Can has OpenID?
  • 8. X (APPLICATION PROGRAMMING INTERFACE) B-b-but what about API apps?
  • 9.
  • 10. ?
  • 11. !?!
  • 12. How much are your username and password worth?
  • 14.
  • 16.
  • 17.
  • 18. PC Load Letter?! What the f...!
  • 20. Passwords are not confetti.
  • 21. Please stop throwing them around.
  • 23.  OAuth replaces the need for usernames and passwords with tokens and a hashing signature.
  • 25. Brightkite > pings Fire Eagle for Request Token Fire Eagle > returns authorization realm
  • 26. Brightkite > requests that user authorize Brightkite Fire Eagle > user authenticates through Yahoo! accounts
  • 27. Fire Eagle > user grants authorization to Brightkite Fire Eagle > Fire Eagle redirects user to callback URL
  • 28. Brightkite > asks FE to exchange Request Token for Access Token Fire Eagle > checks signature; if valid, returns Access Token ...subsequent requests are signed with this Access Token
  • 29. users can manage access...
  • 31. or can revoke access later without having to change their primary account password (i.e. if they lose their phone or their computer gets stolen)
  • 32. ?
  • 34. Identity -› Discovery -› Authorization
  • 35. OpenID -› XRDS-Simple -› OAuth Endpoint (EXTENSIBLE RESOURCE IDENTIFIER RESOLUTION)
  • 36. Identity -› Discovery -› [Authentication] -› Authorization
  • 38. OpenID XRDS <?xml version=quot;1.0quot; encoding=quot;UTF-8quot;?> <xrds:XRDS xmlns:xrds=quot;xri://$xrdsquot; xmlns:openid=quot;http://openid.net/xmlns/1.0quot; xmlns=quot;xri://$xrd*($v*2.0)quot;> <XRD> <Service priority=quot;0quot;> <Type>http://specs.openid.net/auth/2.0/signon</Type> <Type>http://openid.net/sreg/1.0</Type> <Type>http://openid.net/extensions/sreg/1.1</Type> <Type>http://schemas.openid.net/pape/policies/2007/06/phishing-resistant</Type> <Type>http://schemas.openid.net/pape/policies/2007/06/multi-factor</Type> <Type>http://schemas.openid.net/pape/policies/2007/06/multi-factor-physical</Type> <URI>https://pip.verisignlabs.com/server</URI> <LocalID>https://recordond.pip.verisignlabs.com/</LocalID> </Service> </XRD> </xrds:XRDS>
  • 39. XRDS-Simple for Portable Contacts <?xml version=quot;1.0quot; encoding=quot;UTF-8quot;?> <xrds:XRDS xmlns:xrds=quot;xri://$xrdsquot; xmlns:openid=quot;http://openid.net/xmlns/1.0quot; xmlns=quot;xri://$xrd*($v*2.0)quot;> <XRD version=quot;2.0quot;> <Type>xri://$xrds*simple</Type> <Service> <Type>http://portablecontacts.net/spec/1.0</Type> <URI>http://pulse.plaxo.com/pulse/pdata/contacts</URI> </Service> <Service priority=quot;0quot;> <Type>http://specs.openid.net/auth/2.0/signon</Type> <Type>http://openid.net/sreg/1.0</Type> <Type>http://openid.net/extensions/sreg/1.1</Type> <Type>http://schemas.openid.net/pape/policies/2007/06/phishing-resistant</Type> <Type>http://openid.net/srv/ax/1.0</Type> <URI>http://www.myopenid.com/server</URI> <LocalID>http://brian.myopenid.com/</LocalID> </Service> </XRD> </xrds:XRDS>
  • 40. XRDS-Simple for Portable Contacts <XRD version=quot;2.0quot;> <Type>xri://$xrds*simple</Type> <Service> <Type>http://portablecontacts.net/spec/1.0</Type> <URI>http://pulse.plaxo.com/pulse/pdata/contacts</URI> </Service> <Service priority=quot;0quot;> <Type>http://specs.openid.net/auth/2.0/signon</Type> <Type>http://openid.net/sreg/1.0</Type> <Type>http://openid.net/extensions/sreg/1.1</Type> <Type>http://schemas.openid.net/pape/policies/2007/06/... <Type>http://openid.net/srv/ax/1.0</Type> ...
  • 41. XRDS-Simple for Portable Contacts <XRD version=quot;2.0quot;> <Type>xri://$xrds*simple</Type> <Service> <Type>http://portablecontacts.net/spec/1.0</Type> <URI>http://soocial.com/contacts.xml</URI> </Service> <Service priority=quot;0quot;> <Type>http://specs.openid.net/auth/2.0/signon</Type> <Type>http://openid.net/sreg/1.0</Type> <Type>http://openid.net/extensions/sreg/1.1</Type> <Type>http://schemas.openid.net/pape/policies/2007/06/... <Type>http://openid.net/srv/ax/1.0</Type> ...
  • 43. •OpenSocial •Meetup.com •MySpace •Ma.gnolia •Google •Get Satisfaction •Yahoo! (Fire Eagle) •Agree2 •Netflix •SoundCloud •SmugMug •88Miles •Photobucket •Pownce •Plaxo •Brightkite •Soocial.com •Praized http://wiki.oauth.net/ServiceProviders
  • 44. code
  • 45. •C# •OCaml •Coldfusion •Perl •Java •PHP •Javascript •CakePHP •Jifty •Python •.NET •Ruby •Objective-C •...interest in XMPP http://oauth.net/code
  • 47. fin. oauth.net me -› factoryjoe.com