Presentation is loading. Please wait.

Presentation is loading. Please wait.

ADUG 21-Oct 2013 Grahame Grieve

Published byΟλυμπία Στεφανόπουλος Modified over 5 years ago

Similar presentations

Presentation on theme: "ADUG 21-Oct 2013 Grahame Grieve"— Presentation transcript:

1 ADUG 21-Oct 2013 Grahame Grieve

2

3

4

5

6 The OAuth Protocol Allows an application to login users using someone else’s login details (without seeing their password) Protocol is web based Web sites Mobile Applications Desktop Applications

7

8 What are User Resources?
User Information Address Real world Identifying Information (name, etc) Google/Facebook friend list User specific services Post to facebook wall Storage (e.g. DropBox) Health Care information

9 OAuth Parties User Service Provider Service Consumer
User who wants to achieve something Service Provider Can authenticate the user (password etc) Has things the user owns Service Consumer Needs to use User’s resources (e.g. for the user) Trusted by the service provider and the user

10

11 OAuth Parties User Service Provider Service Consumer
User who wants to achieve something Service Provider Can authenticate the user (password etc) Has things the user owns Service Consumer Needs to use User’s resources (e.g. for the user) Trusted by the service provider and the user

12 Authorization vs Authentication
Service Consumer doesn’t know who the user is Just knows that the Service Provider authorises the consumer to do things on behalf of anonymous user Which may include identifying information … if service provider authenticated the user

13 OAuth Example Desktop Application
Allows user to load/save application configuration to their Dropbox store

14

15

16

17

18

19

20

21

22

23

24

25 OAuth Pro’s & Cons Delegate User Authentication problems
Well understood protocol Amazing services on offer Relatively Simple API Each implementation differs – it’s a technique Documentation confusing and byzantine Errors obtuse and misleading Not a full solution yet

26

Download ppt "ADUG 21-Oct 2013 Grahame Grieve"

Similar presentations

Yahoo! OpenID and OAuth 1 Allen Tom Yahoo! Membership Architect OpenID Foundation Board

Yahoo! OpenID and OAuth 1 Allen Tom Yahoo! Membership Architect OpenID Foundation Board
Performance Challenges for the Open Web Stanford CS193H 29 September 2008.

Performance Challenges for the Open Web Stanford CS193H 29 September 2008.
OAuth Phil Wilson, University of Bath, 2008. what the? OAuth provides a way to grant access to your data on some website to a third website, without.

OAuth Phil Wilson, University of Bath, what the? "OAuth provides a way to grant access to your data on some website to a third website, without.
WP8 Security and Privacy Identity Management 15. November 2012 Wolfgang Steigerwald (DT) Robert Seidl (NSN)

WP8 Security and Privacy Identity Management 15. November 2012 Wolfgang Steigerwald (DT) Robert Seidl (NSN)
Oracle IDM at First National Bank

Oracle IDM at First National Bank
Using Evernote and Google Docs in your web or mobile application (and potentially Dropbox and Skydrive) By Peter Messenger Senior Developer – Triple Point.

Using Evernote and Google Docs in your web or mobile application (and potentially Dropbox and Skydrive) By Peter Messenger Senior Developer – Triple Point.
Passwords suck Nico Smit November 2014. “The million passwords dilemma:”  Just like having a million keys suck, so also having a million usernames and.

Passwords suck Nico Smit November “The million passwords dilemma:”  Just like having a million keys suck, so also having a million usernames and.
Hannes Tschofenig MIT CFP Privacy & Security Working Group Feb. 2 nd 2011.

Hannes Tschofenig MIT CFP Privacy & Security Working Group Feb. 2 nd 2011.
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.

Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.
1. 2 3 4 5 6 7 8 9 10 11 12 13 14 15.

SIP Authorization Framework Use Cases Rifaat Shekh-Yusef, Jon Peterson IETF 91, SIPCore WG Honolulu, Hawaii, USA November 13, 2014 1.

SIP Authorization Framework Use Cases Rifaat Shekh-Yusef, Jon Peterson IETF 91, SIPCore WG Honolulu, Hawaii, USA November 13,
Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.

Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.
Valma Technical Aspects

Valma Technical Aspects
Identity Management Report By Jean Carreon and Marlon Gonzales.

Identity Management Report By Jean Carreon and Marlon Gonzales.
Survey of Identity Repository Security Models JSR 351, Sep 2012.

Survey of Identity Repository Security Models JSR 351, Sep 2012.
Unified Cloud Storage Group 9 Navneet Joshi Apoorva Gupta Gurinder Pal Singh.

Unified Cloud Storage Group 9 Navneet Joshi Apoorva Gupta Gurinder Pal Singh.
Ákos FROHNER – DataGrid Security Requirements- 2002-04-09 - n° 1 Security Group D7.5 Document and Open Issues

Ákos FROHNER – DataGrid Security Requirements n° 1 Security Group D7.5 Document and Open Issues
Internet and Social Media Security. Outline Statistics Facebook Hacking and Security Data Encryption Cell Phone Hacking.

Internet and Social Media Security. Outline Statistics Facebook Hacking and Security Data Encryption Cell Phone Hacking.
CAS Lightning Talk Jasig-Sakai 2012 Tuesday June 12th 2012 Atlanta, GA Andrew Petro - Unicon, Inc.

CAS Lightning Talk Jasig-Sakai 2012 Tuesday June 12th 2012 Atlanta, GA Andrew Petro - Unicon, Inc.
© 2011 wheresjenny.com FACEBOOK Social Network. © 2011 wheresjenny.com What can you do on facebook?

© 2011 wheresjenny.com FACEBOOK Social Network. © 2011 wheresjenny.com What can you do on facebook?

Similar presentations

Ads by Google