OAuth 2.0 Security IETF OAuth WG Conference Call, 14th December 2012.
Oauth Vs Password Antipattern
-
Upload
bruceboughton -
Category
Technology
-
view
4.897 -
download
1
description
Transcript of Oauth Vs Password Antipattern
Barcamp Brighton 3
OAuth versus the Password Anti-PatternBruce Boughton
6-7 September 2008
http://lab.madgex.com/oauth-net/[email protected]://siliconbea.ch/
The Password Anti-Pattern
Problem Solved
Google Contacts Data APIWindows Live Contacts APIYahoo! Address Book API
AuthSubWL ID Delegated AuthBBAuth
And this is just for authentication!
OAuth
An open protocol to allow secure API authentication in a simple and standard method from desktop and web applications.
http://lab.madgex.com/oauth-net/googlecontacts/
http://whereami.lab.madgex.com/
consumers
service providers
users
Asserting Identity and Authority
Requests signed using consumer & token secrets
Request token: consumer identified, requesting authorization
Access token: consumer authorized by user to act on their behalf, may now fetch protected resources
Extensible and Flexible
OAuth Core 1.0 provides base
Supports at least web, desktop consumers
Extensions add functionality
OAuth.netOpen source .NET library
http://lab.madgex.com/oauth-net/[email protected]
Bringing OAuth to .NET developers
Build consumers and service providers for .NET 2.0 and newer
Hides complexity of protocol from developer
Very permissive MIT license
Developed as part of ongoing innovation work
Configuring the Fire Eagle service
Requesting the user’s location
Handling authorization (when required)
Using the protected resource
http://oauthproviderdemo.madgex.com/
Want to know more?
http://lab.madgex.com/oauth-net/[email protected]
http://siliconbea.ch/[email protected]