Mashing Up with User-Centric Identity America Online LLC John Panzer, Praveen Alavilli.

Slides:



Advertisements
Similar presentations
Yahoo! OpenID and OAuth 1 Allen Tom Yahoo! Membership Architect OpenID Foundation Board
Advertisements

Performance Challenges for the Open Web Stanford CS193H 29 September 2008.
1 SensorWebs and Security Experiences Dan Mandl Presented at WGISS Meeting in Toulouse, France May 11, 2009.
Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.
| Copyright© 2010 Microsoft Corporation Quick Start into Activating and Selling Office 365.
By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.
Donkey Project Introduction and ideas around February 21, 2003 Yuri Demchenko.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Will Darby April  What is Federated Security  Security Assertion Markup Language (SAML) Overview  Example Implementations  Alternative.
By: Ansuya Chauhan.
Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.
Spark Web 2.0 Tools for Communication and Collaboration David Grogan Manager, Curricular Technology Group UIT Academic Technology Tufts University What.
T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
1 Higgins 1: a species of Tasmanian long-tailed mouse 2: the name of an open source collaboration of IBM, Novell, Oracle, Parity…
 Lynn Ayres Program Manager Identity Services  Tore Sundelin Program Manager Identity Services BB29.
One Stop Mail Service Bhattacharya, Tonmoy, Bhattacharya, Tonmoy, Hariharan, Rama Krishnan, MS in Engineering Science,
Copyright B. Wilkinson, This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.
OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.
CertAnon A Proposal for an Anonymous WAN Authentication Service David Mirra CS410 January 30, 2007.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
WebFTS as a first WLCG/HEP FIM pilot
E-Business: Intra-Business E-Commerce
CONNECT as an Interoperability Platform - Demo. Agenda Demonstrate CONNECT “As an Evolving Interoperability Platform” –Incremental addition of features.
An Introduction to Information Card Barry Dorrans Charteris plc
Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.
IDENTITY MANAGEMENT Hoang Huu Hanh (PhD), OST – Hue University hanh-at-hueuni.edu.vn.
Chapter 10: Authentication Guide to Computer Network Security.
Open Stack For Open Web Payments Praveen Alavilli Ray Tanaka.
Session 11: Security with ASP.NET
COMP 6005 An Introduction To Computing Session Four: Internetworking and the World Wide Web.
Identity Management Report By Jean Carreon and Marlon Gonzales.
1 Multi Cloud Navid Pustchi April 25, 2014 World-Leading Research with Real-World Impact!
Registration Processing for the Wireless Internet Ian Gordon Director, Market Development Entrust Technologies.
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
International Telecommunication Union Geneva, 9(pm)-10 February 2009 ITU-T Security Standardization on Mobile Web Services Lee, Jae Seung Special Fellow,
PostalOne! / FAST Data Exchange - Vision 02/15/05.
Chad La Joie Shibboleth’s Future.
HTML ~ Web Design.
Introduction CFSNet is an initiative designed to provide an infrastructure supporting Web-based access, analysis, synthesis, reporting and distribution.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Shibboleth: An Introduction
© 2008 by Matt Flaherty & Mary Ruddy; made available under the EPL v1.0 Security & Identity : From present to future Matt Flaherty, IBM Mary Ruddy, Meristic.
Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Claims-Based Identity Solution Architect Briefing zoli.herczeg.ro Taken from David Chappel’s work at TechEd Berlin 2009.
Access Management 2.0: UMA for the #UMAam20 for questions 20 March 2014 tinyurl.com/umawg for slides, recording, and more 1.
Session: MIX09-T27F. Web Developers Customizable identity UX Single Sign On Access to user data ISVs Federation for selling their applications to organizations.
| 1 Open Access Advancing Text and Data Mining Libraries & Publishers working together to support Researchers What is Text Mining?
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Web 2.0 IS530 Fall 2009 Dr. Dania Bilal. Web 2.0 Is the Web that is being transformed into a computing platform for delivering web applications to end.
Secure Mobile Development with NetIQ Access Manager
05/03/2011Pomcor 1 Meeting the Privacy Goals of NSTIC in the Short Term Presentation at the 2011 Internet Identity Workshop Francisco Corella and Karen.
CERN IT Department CH-1211 Geneva 23 Switzerland t OIS Operating Systems & Information Services CERN IT Department CH-1211 Geneva 23 Switzerland.
What is Cloud Computing 1. Cloud computing is a service that helps you to perform the tasks over the Internet. The users can access resources as they.
Web 2.0: Concepts and Applications 6 Linking Data.
Access Policy - Federation March 23, 2016
Web Programming Language
Introduction to Windows Azure AppFabric
Federation made simple
Simple Authentication for the Web
Identity Federations - Overview
Data and Applications Security Developments and Directions
Prime Service Catalog 12.0 SAML 2.0 Single Sign-On Support
Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)
OpenID Connect Working Group
Office 365 Development.
Designing IIS Security (IIS – Internet Information Service)
OpenID Connect Working Group
Computer Network Information Center, Chinese Academy of Sciences
Presentation transcript:

Mashing Up with User-Centric Identity America Online LLC John Panzer, Praveen Alavilli

Web 2.0  Data Sharing  Social Collaboration  Perpetual Beta  Incremental Evolution  Web as a Platform, and  Users in Control

Mashup  Wikipedia: "a website or application that combines content from more than one source into an integrated experience."  API[1] + API[2] + … +API[N]  Netvibes.com, imified.com, etc…

Role of Identity  Well.. to identify the user for ….  Personalization  Authorization / Access Control  Communication  Content Publishing  Maintaining Public Identity across Providers

But … it is also  A barrier to entry  Registration == drop off  ID fatigue among users  Expensive to maintain authentication infrastructure

Online Identity  Lives moving online  Virtual world identity != physical world identity  Fragmentation of identity across services  Limits value of services (network growth slowed)  Not necessary to bind identity and services together

User-Centric Identity  Providing user choice  Privacy protecting  Easy to adopt & use  Allowing collaboration  Supporting Long Tail applications  Internet scale

Open Protocols  Community driven  OpenID  CardSpace  Liberty (SAML)  Single Provider  Yahoo! BBAuth  Google Account API  AOL OpenAuth

Challenges w/ Adoption  Platform/OS dependencies  Programming language support  Too many APIs/protocols  Complex message formats

Challenges: User Experience  Sites with existing user base  Same ID/Password every where  Inconsistent login experience  ‘Deputization’ of services  Redirects

Challenges: Permission Management  Different ways to manage user permissions (consent)  Implicit vs explicit  Client vs server  Decentralized consent management  Managing given consents

Security Issues  XSS  Phishing  Authentication tokens for sites vs users  Managing sessions (client side vs server side)  Validating and invalidating authentication tokens

Privacy Issues  Same identifier everywhere  Public vs private personas  Anonymous and randomized identities

Reputation Services  Why is reputation important?  Who owns it?  Based on  Published content  Activity  Collaboration with other services (Mail, IM, etc.)  Actions to take  Restricted usage limits  Block/deny requests  Report to reputation services

Next Steps…  User Experience  Consistency is key  User Permissions  Ask user  Implied consents are bad  Report and consume reputation  Identity and associated data under user’s control  Support multiple public/private identities  Support switching Identity Providers  Adopt protocols that support all (most) of the above

AOL Open Authentication API  Light weight provisioning and authentication of AIM/ICQ/AOL users  Easy to integrate via browser redirect, AJAX, or direct models  Permission management  ‘Deputization’ of services through secure token exchange  AOL Open Services built on OpenAuth  Other services:  Integrated OpenID Provider (OP)  OpenID Authentication Token Exchange Extension  OpenID Consumer/Relying Party - accepts 3rd party OpenIDs  STS for CardSpace in future

Sign In Page

Permission Request Page

User Permission Management Page

Ficlets

Q & A Contact Info Praveen AlavilliJohn Panzer =praveen.alavilli=john.panzer

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.