1 / 26

ADUG 21-Oct 2013 Grahame Grieve

ADUG 21-Oct 2013 Grahame Grieve. The OAuth Protocol. Allows an application to login users using someone else’s login details (without seeing their password) Protocol is web based Web sites Mobile Applications Desktop Applications. What are User Resources?. User Information Email Address

gali
Télécharger la présentation

ADUG 21-Oct 2013 Grahame Grieve

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ADUG 21-Oct 2013 Grahame Grieve

  2. The OAuth Protocol • Allows an application to login users using someone else’s login details (without seeing their password) • Protocol is web based • Web sites • Mobile Applications • Desktop Applications

  3. What are User Resources? • User Information • Email Address • Real world Identifying Information (name, etc) • Google/Facebook friend list • User specific services • Post to facebook wall • Storage (e.g. DropBox) • Health Care information

  4. OAuth Parties • User • User who wants to achieve something • Service Provider • Can authenticate the user (password etc) • Has things the user owns • Service Consumer • Needs to use User’s resources (e.g. for the user) • Trusted by the service provider and the user

  5. OAuth Parties • User • User who wants to achieve something • Service Provider • Can authenticate the user (password etc) • Has things the user owns • Service Consumer • Needs to use User’s resources (e.g. for the user) • Trusted by the service provider and the user

  6. Authorization vs Authentication • Service Consumer doesn’t know who the user is • Just knows that the Service Provider authorises the consumer to do things on behalf of anonymous user • Which may include identifying information… if service provider authenticated the user

  7. OAuth Example • Desktop Application • Allows user to load/save application configuration to their Dropbox store

  8. OAuth Pro’s & Cons • Delegate User Authentication problems • Well understood protocol • Amazing services on offer • Relatively Simple API • Each implementation differs – it’s a technique • Documentation confusing and byzantine • Errors obtuse and misleading • Not a full solution yet

  9. http://www.healthintersections.com.au/?p=1554

More Related