How OAuth and portable data can revolutionize your web app - Chris Messina

OAuth FTW

Chris MessinaFuture of Web Apps

October 10, 2008London, England

How OAuth and portable data can revolutionize your web app

(FOR THE WIN)

OAuth |ō| |ôˌθ|Noun.

An open protocol that allows secure API authorization in a simple and standard method from desktop, web and mobile applications.

The story of OAuth starts with OpenID.

factoryjoe.com

Can has OpenID?

factoryjoe.com

B-b-but what about API apps?

(APPLICATION PROGRAMMING INTERFACE)

How much are your username and password worth?

wayn.com

imeem.com

PC Load Letter?! What the f...!

The Password Anti-pattern!

Passwords are not confetti.

Please stop throwing them around.

Especially if they’re not yours.

OAuth replaces the need for usernames and passwords with tokens and a hashing signature.

let’s take a look

Brightkite > pings Fire Eagle for Request Token

Fire Eagle > returns authorization realm

Brightkite > requests that user authorize Brightkite

Fire Eagle > user authenticates through Yahoo! accounts

Fire Eagle > user grants authorization to Brightkite

Fire Eagle > Fire Eagle redirects user to callback URL

Brightkite > asks FE to exchange Request Token for Access Token

Fire Eagle > checks signature; if valid, returns Access Token

...subsequent requests are signed with this Access Token

users can manage access...

...and change access

or can revoke access later without having to change their primary account password

(i.e. if they lose their phone or their computer gets stolen)

discovery

Identity -› Discovery -› Authorization

OpenID -› XRDS-Simple -› OAuth Endpoint

(EXTENSIBLE RESOURCE IDENTIFIER RESOLUTION)

Identity -› Discovery -› [Authentication] -› Authorization

http://will.norris.name

☟<meta http-equiv="X-XRDS-Location" content="http://will.norris.name/?xrds" />

OpenID XRDS

<?xml version="1.0" encoding="UTF-8"?><xrds:XRDS xmlns:xrds="xri://$xrds" xmlns:openid="http://openid.net/xmlns/1.0" xmlns="xri://$xrd*($v*2.0)"> <XRD> <Service priority="0"> <Type>http://specs.openid.net/auth/2.0/signon</Type> <Type>http://openid.net/sreg/1.0</Type> <Type>http://openid.net/extensions/sreg/1.1</Type> <Type>http://schemas.openid.net/pape/policies/2007/06/phishing-resistant</Type> <Type>http://schemas.openid.net/pape/policies/2007/06/multi-factor</Type> <Type>http://schemas.openid.net/pape/policies/2007/06/multi-factor-physical</Type> <URI>https://pip.verisignlabs.com/server</URI> <LocalID>https://recordond.pip.verisignlabs.com/</LocalID> </Service> </XRD></xrds:XRDS>

XRDS-Simple for Portable Contacts

<?xml version="1.0" encoding="UTF-8"?><xrds:XRDS xmlns:xrds="xri://$xrds" xmlns:openid="http://openid.net/xmlns/1.0" xmlns="xri://$xrd*($v*2.0)"> <XRD version="2.0"> <Type>xri://$xrds*simple</Type> <Service> <Type>http://portablecontacts.net/spec/1.0</Type> <URI>http://pulse.plaxo.com/pulse/pdata/contacts</URI> </Service> <Service priority="0"> <Type>http://specs.openid.net/auth/2.0/signon</Type> <Type>http://openid.net/sreg/1.0</Type> <Type>http://openid.net/extensions/sreg/1.1</Type> <Type>http://schemas.openid.net/pape/policies/2007/06/phishing-resistant</Type> <Type>http://openid.net/srv/ax/1.0</Type> <URI>http://www.myopenid.com/server</URI> <LocalID>http://brian.myopenid.com/</LocalID> </Service> </XRD></xrds:XRDS>

<XRD version="2.0"> <Type>xri://$xrds*simple</Type> <Service> <Type>http://portablecontacts.net/spec/1.0</Type> <URI>http://pulse.plaxo.com/pulse/pdata/contacts</URI> </Service> <Service priority="0"> <Type>http://specs.openid.net/auth/2.0/signon</Type> <Type>http://openid.net/sreg/1.0</Type> <Type>http://openid.net/extensions/sreg/1.1</Type> <Type>http://schemas.openid.net/pape/policies/2007/06/... <Type>http://openid.net/srv/ax/1.0</Type>

<XRD version="2.0"> <Type>xri://$xrds*simple</Type> <Service> <Type>http://portablecontacts.net/spec/1.0</Type> <URI>http://soocial.com/contacts.xml</URI> </Service> <Service priority="0"> <Type>http://specs.openid.net/auth/2.0/signon</Type> <Type>http://openid.net/sreg/1.0</Type> <Type>http://openid.net/extensions/sreg/1.1</Type> <Type>http://schemas.openid.net/pape/policies/2007/06/... <Type>http://openid.net/srv/ax/1.0</Type>

adoption

•OpenSocial

•MySpace

•Google

•Yahoo! (Fire Eagle)

•Netflix

•SmugMug

•Photobucket

•Plaxo

•Soocial.com

•Meetup.com

•Ma.gnolia

•Get Satisfaction

•Agree2

•SoundCloud

•88Miles

•Pownce

•Brightkite

•Praized

http://wiki.oauth.net/ServiceProviders

•Coldfusion

•Java

•Javascript

•Jifty

•.NET

•Objective-C

•OCaml

•Perl

•PHP

•CakePHP

•Python

•Ruby

•...interest in XMPP

http://oauth.net/code

the pitch

oauth.netme -› factoryjoe.com

How OAuth and portable data can revolutionize your web app - Chris Messina

Technology

Transcript of How OAuth and portable data can revolutionize your web app - Chris Messina

Hadron Collider Physics - Chris Quigg · The Large Hadron Collider will operate soon, breaking new ground in energy and sensitivity Chris Quigg Hadron Collider Physics · Benasque

Radiation. Safety. Portable Instruments & Area Monitors.

2 Portable LCD displays 7” with built-in DVD player

18/05.06.2018 128 · messina ΣΥΝΤΑΓΜΑΤΙΚΟ ΔΙΚΑΙΟ ΚΑΘΗΓΗΤΗΣ ΚΑΘΗΓΗΤΗΣ ΑΛΛΟΔΑΠΗΣ 9 tsebelis george university of michigan political science

04-H NEA KRISH TOY KAPITALISMOY-Chris Harman[e+]+++.pdf

Chris Harman Μαρξισμός- Θεωρία Και Πράξη 2009

Documento OmniPage senza nome - Polemos | Πόλεμος ... · psichiatria di Messina, con testimonianze dal manicomiO e dai reparti psichiatrici della città. 20 pagine formato

Chris Stewart, ESA EOP-Φ

LT36608 FK36000 Portable Fuel Cleanliness Analysis Kit Instruction · 2019-05-17 · cleanliness. A simple portable method for testing fuel cleanliness would provide a resource for

GRETA @ ReA12 separator Chris Campbell July 12, 2014.

FreeStyle™ Portable Oxygen Concentratorfiles.chartindustries.com/FreeStyleMN131-1C FreeStyle... · 2020. 3. 26. · FreeStyle™ Portable Oxygen Concentrator 260 Creekside Drive

Portable Bluetooth Speaker / LED light PPA44BT-W

Dr Chris Greening

Macrophotography of Wide Area Works of Art: a Portable ...annrep/read_ar/2010/contributions/pdfs/175_… · Macrophotography of Wide Area Works of Art: a Portable Mechanical Structure

D-Heart Portable ECG Device - R Braun Medizintechnik GmbH6 User Manual Smartphone ECG Device D-Heart The D-Heart Portable ECG Device is compliant with the following standards: •

Product Manual PL30-1064 Portable Grinders

Chris Hopkinson, Mike Demuth, Laura Chasmer, Scott Munro ... · Chris Hopkinson, Masaki Hayashi, Karen Miller, Derek Peddle. To generate DEMs from three typical sources: • BC TRIM

Bulletin PRECISION MEASURING INSTRUMENTS · 2768 Precision Wheatstone Bridge 2768. 275597 276910 5 2755 Portable Wheatstone Bridge 2769 Portable Double Bridge 182×226×128mm 2kg

TRAGBARER CD PLAYER // PORTABLE CD PLAYER // … · 2013-10-11 · size - a6s opc 310-b / opc 310-w tragbarer cd player // portable cd player // reproductor de cd portÁtil // lecteur

HIOKI Portable Resistance Meter RM3548 - panel meterspanelmeters.weschler.com/Asset/Hioki-RM3548.pdf · High-precision portable RESISTANCE METER measures from µΩ to M ... struction