Oauth

50 %
50 %
Information about Oauth

Published on March 30, 2008

Author: ehuard

Source: slideshare.net

Description

OAuth protocol - keeping your password to yourself in sharing of resources between sites.

OAuth: Mash-ups and Privacy Elise Huard @BarcampGhent 29/03/2007 [email_address]

Elise Huard @BarcampGhent

29/03/2007

[email_address]

Facebook contacts

Twitter contacts

LinkedIn contacts

So ... To share our list of contacts We ALSO give authorization to: Browse our mail Send mail in our name Delete mail ... Oauth is an answer to this.

To share our list of contacts

We ALSO give authorization to:

Browse our mail

Send mail in our name

Delete mail ...

Oauth is an answer to this.

OAuth Consumer site asks the service provider to give read-only access to chosen resources.

Consumer site asks the service provider to give read-only access to chosen resources.

Summary Introduction Brief History How does it work Implementation Resources Conclusion

Introduction

Brief History

How does it work

Implementation

Resources

Conclusion

History Blaine Cook (Twitter openId) & Chris Messina (open source advocate – Barcamp :-)) OAuth Core 1.0 final draft: October 2007

Blaine Cook (Twitter openId) & Chris Messina (open source advocate – Barcamp :-))

OAuth Core 1.0 final draft: October 2007

Summary Introduction Brief History How does it work Implementation Resources Conclusion

Introduction

Brief History

How does it work

Implementation

Resources

Conclusion

How does it work ? Example: Service provider: Resources : bookmarks Consumer : my app gathering bookmarks from different services

Example:

Service provider:

Resources : bookmarks

Consumer : my app gathering bookmarks from different services

Register consumer app Receive Customer secret Customer key

Receive

Customer secret

Customer key

User decides to access resource Dialog between Mag.nolia & consumer => gets Request Token (signed) http://ma.gnolia.com/oauth/get_request_token User is directed to service provider (with request token) – logs in (signed) http://ma.gnolia.com/oauth/authorize Authorized: back to consumer site

Dialog between Mag.nolia & consumer => gets Request Token (signed)

http://ma.gnolia.com/oauth/get_request_token

User is directed to service provider (with request token) – logs in (signed)

http://ma.gnolia.com/oauth/authorize

Authorized: back to consumer site

... Dialog to exchange request token for access token http://ma.gnolia.com/oauth/get_access_token Any subsequent request with access token (signed) Consumer app can use resource. Limited access – limited time !

Dialog to exchange request token for access token

http://ma.gnolia.com/oauth/get_access_token

Any subsequent request with access token (signed)

Consumer app can use resource.

Limited access – limited time !

Summary Introduction Brief History How does it work Implementation Resources Conclusion

Introduction

Brief History

How does it work

Implementation

Resources

Conclusion

Getting implemented Hopefully

Hopefully

Industry protocols Google AuthSub AOL OpenAuth Yahoo BBAuth Upcoming API Flickr API Amazon Web Services API ...

Google AuthSub

AOL OpenAuth

Yahoo BBAuth

Upcoming API

Flickr API

Amazon Web Services API

...

Summary Introduction Brief History How does it work Implementation Resources Conclusion

Introduction

Brief History

How does it work

Implementation

Resources

Conclusion

Resources Current standard : OAuth Core 1.0 http://oauth.net/ http://groups.google.com/group/oauth Other Data Portability standards http://microformats.org/ http://openid.net/ http://www.hueniverse.com/hueniverse/

Current standard : OAuth Core 1.0

http://oauth.net/

http://groups.google.com/group/oauth

Other Data Portability standards

http://microformats.org/

http://openid.net/

http://www.hueniverse.com/hueniverse/

Summary Introduction Brief History How does it work Implementation Resources Conclusion

Introduction

Brief History

How does it work

Implementation

Resources

Conclusion

Conclusion For Data portability: STANDARDS = GOOD Ask for OAuth.

For Data portability:

STANDARDS = GOOD

Ask for OAuth.

Add a comment

Related presentations

Related pages

OAuth – Wikipedia

OAuth ist ein offenes Protokoll, das eine standardisierte, sichere API-Autorisierung für Desktop-, Web- und Mobile-Applikationen erlaubt. Es wurde von ...
Read more

OAuth Community Site

The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service.
Read more

OAuth 2.0 — OAuth

Edit This Site The source code to this site is available on Github. Feel free to submit pull requests with changes!
Read more

OAuth - Wikipedia, the free encyclopedia

OAuth is an open standard for authorization, commonly used as a way for Internet users to log in to third party websites using their Microsoft, Google ...
Read more

OAuth FAQ | Twitter Developers

General What is OAuth? OAuth is an authentication protocol that allows users to approve application to act on their behalf without sharing their password.
Read more

OAuth | Twitter Developers

Send secure authorized requests to the Twitter API Twitter uses OAuth to provide authorized access to its API.
Read more

OAuth 2.0 (Live Connect)

Live Connect implementiert zur Benutzerauthentifizierung das OAuth 2.0-Protokoll. In diesem Artikel werden sowohl die von Live Connect genutzten ...
Read more

OAuth.io

Integrate 100+ OAuth providers in minutes. Setup your keys, install oauth.js, and you are ready to play !
Read more

OAuth | hueniverse

In case you are interested in what I've been up to since working on OAuth, I create an alternative solution called Oz. You can read about it in this blog post.
Read more

Flexible und sichere Internetdienste mit OAuth 2.0 | heise ...

Persönliche Daten und Internetdienste werden von einer Vielzahl unterschiedlicher Geräte aus genutzt. Explosionsartig stieg in den letzten Jahren die ...
Read more