Presentation is loading. Please wait.

Presentation is loading. Please wait.

Authorization Made Simple….Sort of

Published by起薇 暴 Modified over 5 years ago

Similar presentations

Presentation on theme: "Authorization Made Simple….Sort of"— Presentation transcript:

1 Authorization Made Simple….Sort of
OAuth Authorization Made Simple….Sort of

2 Overview A brief history of OAuth Why does it exist? How Does it Work?
Authorization versus Authentication How Does it Work? Major Versions Revision A Signatures versus SSL

3 A Brief History Nov. 2006: Blaine Cooke, Chris Messina, and David Recordon meet with other OpenID users to discuss existing solutions A new authorization standard was needed April 2007: The OpenAuth Google group is born Later changed to Oauth to prevent conflict with AOL’s OpenAuth protocol July 2007: The group goes public December 2007: The 1.0 spec is finalized June 2009 – Revision A is released (following a security advisory release in April)

4 Why does it Exist No more username and password sharing
Separate authentication from authorization Standardization of authorization solutions Flikr Auth Google AuthSub Yahoo! BBAuth

5 Didn’t OpenID Do This? Common question on Stack Overflow and similar sites Answer: Partially *Imaged borrowed from wikipedia

6 Authorization v. Authentication
Who is this person? Verification of user credentials Association of credentials with user data Authorization What can the person with these credentials do? By providing my password, exchange is able to verify I am tstokes. By using the user information associated with tstokes, it is able to authorize me to view my mailbox, but not someone else’s.

7 How Does it Work?

8 Request Security Signatures – OAuth 1.0 Nonce Timestamp
OAuth allows dynamic determination of algorithm Nonce Unique request identifier Timestamp Allows expiration and re-use of Nonce values

9 References Eric Hammer-Lahav
Primary reference for history of Oauth Wikipedia: OpenID vs. Oauth Psuedo-Authentication Graphic OAuth Community Site IBM – Three Legged OAuth oauthsupport/ThreeLeggedOAuthDance.gif

Download ppt "Authorization Made Simple….Sort of"

Similar presentations

Yahoo! OpenID and OAuth 1 Allen Tom Yahoo! Membership Architect OpenID Foundation Board

Yahoo! OpenID and OAuth 1 Allen Tom Yahoo! Membership Architect OpenID Foundation Board
The How of OAuth OAuth Hackathon – Six Apart

The How of OAuth OAuth Hackathon – Six Apart
DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13

DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13
DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 Digital Signatures Authentication.

DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 Digital Signatures Authentication.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Session Hijacking Why web security depends on communications security and how TLS everywhere is the only solution. Scott Helme - 6th Aug 2013 - scotthel.me.

Session Hijacking Why web security depends on communications security and how TLS everywhere is the only solution. Scott Helme - 6th Aug scotthel.me.
Authentication & Kerberos

Authentication & Kerberos
Hannes Tschofenig, Blaine Cook (IETF#79, Beijing).

Hannes Tschofenig, Blaine Cook (IETF#79, Beijing).
‘Lord’ was a click away from £229m “They installed software on the company computers allowing them to steal [Sumitomo bank] staff user names and passwords”

‘Lord’ was a click away from £229m “They installed software on the company computers allowing them to steal [Sumitomo bank] staff user names and passwords”
Hannes Tschofenig (IETF#79, SAAG, Beijing). Acknowledgements I would like to thank to Pasi Eronen. I am re- using some of his slides in this presentation.

Hannes Tschofenig (IETF#79, SAAG, Beijing). Acknowledgements I would like to thank to Pasi Eronen. I am re- using some of his slides in this presentation.
By: Ansuya Chauhan.

By: Ansuya Chauhan.
Experimental OpenID Service for DOEGrids Summer Student Program 2008 Jan Durand ESnet 08/06/08.

Experimental OpenID Service for DOEGrids Summer Student Program 2008 Jan Durand ESnet 08/06/08.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Mashing Up with User-Centric Identity America Online LLC John Panzer, Praveen Alavilli.

Mashing Up with User-Centric Identity America Online LLC John Panzer, Praveen Alavilli.
Workflow OpenID Scenario Users get OpenID from provider Andy is given access to service, and then to workflow server. Andy installs workflow Workflow gets.

Workflow OpenID Scenario Users get OpenID from provider Andy is given access to service, and then to workflow server. Andy installs workflow Workflow gets.
Will Darby 91.514 5 April 2010.  What is Federated Security  Example Implementations  Security Assertion Markup Language (SAML) Overview  Alternative.

Will Darby April  What is Federated Security  Example Implementations  Security Assertion Markup Language (SAML) Overview  Alternative.
OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.

OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.
Public Key Distribution and X.509 Wade Trappe. Distribution of Public Keys There are several techniques proposed for the distribution of public keys:

Public Key Distribution and X.509 Wade Trappe. Distribution of Public Keys There are several techniques proposed for the distribution of public keys:
Single Sign-on Writ Large. What is OpenID?  Open, Decentralized single sign on standard  Allows users to use a single digital identity across multiple.

Single Sign-on Writ Large. What is OpenID?  Open, Decentralized single sign on standard  Allows users to use a single digital identity across multiple.

Similar presentations

Ads by Google