oauth 1.0
DESCRIPTION
An OAuth 1.0 presentation I gave to an Italian TLC Telco, before OAuth consortium joined IETF.Shows also some differences and combinations with OpenIDTRANSCRIPT
OAuthSimone Tripodi - Asemantics S.r.l.
What’s OAuth?• An Open Protocol to allow secure API
authorization in a simple and standard method for mobile, desktop and web application;
• a protocol for developing password less APIs;
• a way for an application to interact with an API on a user’s behalf without knowing the user’s authentication credentials.
Hypothetical Scenarios
End User End User
ConsumerServiceProvider
ConsumerServiceProvider
“Import pictures from Picasainto Virgilio Photo Album”
“Allow Dailymotion readVirgilio’s User data”
Authorization flow
B2B shared information• Consumer Key: a value used by the
Consumer to identify itself to the Service Provider;
• Consumer Secret: a secret used by the Consumer to establish ownership of the Consumer Key;
• The Consumer establishes a Consumer Key and a Consumer Secret with the Service Provider to be authenticated; the Consumer needs to be registered!
OpenID & OAuth
• OpenID: helps determine who you are - AUTHENTICATION;
• OAuth: defines how to give access to protected data - AUTHORIZATION;
• They are complementary; a site that supports OAuth could also support OpenID for authentication!!!
OpenID & OAuth:Example integration
OAuth isProduction Ready!!!
• Yahoo!
• MySpace
• Digg
• Magnolia
• Plaxo
• ... and much more!
OAuth community
• Leaded by Brian Cook & Chris Messina;
• Active Google-group:http://groups.google.com/group/oauth/
• Blog: http://blog.oauth.net/
• Many available implementations from OS communities:Java - C# - JavaScript - Perl - PHP ...
Where are we?
here