oauth 2.0 #idit2012
TRANSCRIPT
OAuth 2.0
ID&IT Management Conference 2012
@nov
OpenID Foundation Japan Evangelist
OAuth.jp
Ruby Libraries
rack-oauth2
openid_connect
fb_graph
ID&IT Management Conference 2012
ID&IT Management Conference 2012
Current Trend
Mobile Game Social
ID&IT Management Conference 2012
Platform ♥ 3rd-party Developers
ID&IT Management Conference 2012
API Integration
Access Control for APIs
ID&IT Management Conference 2012
OAuth
No password sharing
Limited access lifetime
Expire a'er N weeks
Limited access scope
Status Update : OK
Read Inbox : NG
ID&IT Management Conference 2012
OAuth 2.0 in Enterprize
ID&IT Management Conference 2012
ID&IT Management Conference 2012
ResourceOwner
Client
ResourceServer
APIAccess
AccessToken
AuthorizationServer
AuthorizeClient Access
ID&IT Management Conference 2012
ResourceOwner
Client
ResourceServer
APIAccess
AccessToken
AuthorizationServer
AuthorizeClient Access
ID&IT Management Conference 2012
ResourceOwner
Client
ResourceServer
APIAccess
AccessToken
AuthorizationServer
AuthorizeClient Access
ID&IT Management Conference 2012
2 Response Types in Core
Code
Token
Extensions
Code + Token
and more..
Get Access Token
ID&IT Management Conference 2012
response_type = codeResource Owner Client Authorization Server
Initiate
Require Approval
Approve
Code
Code
Access Token
ID&IT Management Conference 2012
response_type = tokenResource Owner Client Authorization Server
Initiate
Require Approval
Approve
Access Token
ID&IT Management Conference 2012
Response Type
Code
Secure
2 HTTP request
Require Approval
Get Access Token
Token
Efficient
1 HTTP request
Both at once
+ extensions
ID&IT Management Conference 2012
♥OpenID Connect
~ OpenID based on OAuth 2.0 ~
ID&IT Management Conference 2012
ID&IT Management Conference 2012
So, why these matters?
ID&IT Management Conference 2012
Social
ID&IT Management Conference 2012
Cloud
ID&IT Management Conference 2012
API Economy
ID&IT Management Conference 2012
Discovery
Identity
Access Control
Streams
People
Applications
ID&IT Management Conference 2012
デジタルアイデンティティ技術最新動向 - @IT
ID&IT Management Conference 2012
openid-foundation-japan.github.com
slideshare.net/matake
github.com/nov
twitter.com/nov