SlideShare ist ein Scribd-Unternehmen logo

The Identity Problem of the Web and how to solve it

Bastian Hofmann
Bastian Hofmann
TechnologieDesign
1 von 122
Downloaden Sie, um offline zu lesen
Bastian Hofmann ResearchGate GmbH The Identity Problem of the Web and how to solve it
Questions? Ask!
http://slideshare.net/bashofmann
Only one identity?
Identity is conveyed by communication Identity is not fixed but recreated by every communication with your fellows Expectations of different people result in different identities Lothar Krappmann
Paul Adams http://www.slideshare.net/padday/the-real-life-social-network-v2
Sign up again and again
Passwords are broken Same password for more than one service Saved unsecurely in the browser Names, birthdays, car brand, ... Disclosed to others Too short, too simple Sent over non encrypted connections
Single Sign On
Microsoft Live ID Launched 1999 as .net Passport
Facebook Connect
And there are much more
Nascar problem
Aggregation http://www.janrain.com/
OpenID http://openid.net/
The Client
http://bhofmann.myopenid.com
http://bhofmann.myopenid.com
HTTP POST http://bhofmann.myopenid.com stackoverflow.com
bhofmann.myopenid. com HTTP POST http://bhofmann.myopenid.com stackoverflow.com HTTP GET
bhofmann.myopenid. com HTTP POST http://bhofmann.myopenid.com stackoverflow.com <link rel="openid2.provider" href="http:// www.myopenid.com/server" />
myopenid.com/ server HTTP POST http://bhofmann.myopenid.com stackoverflow.com Establish shared secret (Diffie-Hellman)
HTTP Redirect http://myopenid.com/server? openid.identity=http:// bhofmann.myopenid.com&... stackoverflow.com
HTTP GET myopenid.com/ server? openid.identity= http:// bhofmann.myope nid.com&...
Login myopenid.com/ server? openid.identity= http:// bhofmann.myope nid.com&...
Grant permission myopenid.com/ server? openid.identity= http:// bhofmann.myope nid.com&...
HTTP Redirect http://stackoverflow.com/?assertion... myopenid.com/ server? openid.identity= http:// bhofmann.myope nid.com&...
HTTP GET stackoverflow.com Verify assertion
DEMO http://stackoverflow.com/ https://www.myopenid.com/
Authentication vs Authorization Who is the user? Is this really user X? VS Is X allowed to do something? Does X have the permission? Client sites want more than just a unique identifier (Social Graph)
But there are Spec Extensions
Additional parameters on the redirects
Simple Registration
openid.sreg.required=openid.sreg.fullname& openid.sreg.optional=openid.sreg.email,openid.sreg.gender openid.sreg.fullname=Bastian&openid.sreg.gender=male
Attribute Exchange
penid.ns.ax=http://openid.net/srv/ax/1.0 openid.ax.mode=fetch_request openid.ax.type.fname=http://example.com/schema/fullname openid.ax.type.gender=http://example.com/schema/gender openid.ax.type.fav_dog=http://example.com/schema/favourite_dog openid.ax.type.fav_movie=http://example.com/schema/ favourite_movie openid.ax.count.fav_movie=3 openid.ax.required=fname,gender openid.ax.if_available=fav_dog,fav_movie openid.ax.update_url=http://idconsumer.com/update? transaction_id=a6b5c41
openid.ns.ax=http://openid.net/srv/ax/1.0 openid.ax.mode=fetch_response openid.ax.type.fname=http://example.com/schema/fullname openid.ax.type.gender=http://example.com/schema/gender openid.ax.type.fav_dog=http://example.com/schema/favourite_dog openid.ax.type.fav_movie=http://example.com/schema/ favourite_movie openid.ax.value.fname=John Smith openid.ax.count.gender=0 openid.ax.value.fav_dog=Spot openid.ax.count.fav_movie=2 openid.ax.value.fav_movie.1=Movie1 openid.ax.value.fav_movie.2=Movie2 openid.ax.update_url=http://idconsumer.com/update? transaction_id=a6b5c41
openid.ns.ax=http://openid.net/srv/ax/1.0 openid.ax.mode=store_request openid.ax.type.fname=http://example.com/schema/fullname openid.ax.value.fname=Bob Smith openid.ax.type.fav_movie=http://example.com/schema/ favourite_movie openid.ax.count.fav_movie=2 openid.ax.value.fav_movie.1=Movie1 openid.ax.value.fav_movie.2=Movie2
openid.ns.ax=http://openid.net/srv/ax/1.0 openid.ax.mode=store_response_success
http://oauth.net/
Pre Registration of Client at Twitter: twitter.com - Shared Consumer Key - Shared Consumer Secret lanyrd.com
HTTP POST Connect with Twitter lanyrd.com
twitter.com HTTP POST Connect with Twitter HTTP GET lanyrd.com Consumer Key Redirect URI Signature (Consumer Secret)
twitter.com HTTP POST Connect with Twitter lanyrd.com Request Token Request Token Secret
HTTP Redirect http://twitter.com/authorize? requestToken=...&consumerKey=... lanyrd.com
HTTP GET twitter.com/ authorize
Login twitter.com/ authorize
Grant permission twitter.com/ authorize Create verifier and bind it to User and Request Token
HTTP Redirect Redirect URI?verifier=...&requestToken=.. twitter.com/ authorize
HTTP GET lanyrd.com (RedirectURI? verifier=...)
twitter.com HTTP GET HTTP GET lanyrd.com Consumer Key, RequestToken Verifier Signature (Consumer & Request Token Secret)
twitter.com HTTP GET lanyrd.com Access Token Access Token Secret
twitter.com HTTP GET lanyrd.com API Request Consumer Key, Access Token Signature (Consumer & Access Token Secret)
OpenID + OAuth • Combines OpenID Authentication and OAuth authorization openid.ns.oauth=http://specs.openid.net/extensions/oauth/1.0 &openid.oauth.consumer=123456 openid.ns.oauth=http://specs.openid.net/extensions/oauth/1.0 &openid.oauth.request_token=7890
OpenID is dead
„OpenID has been a burden on support since the day it was launched.“ „Fewer than 1% of all 37signals users are currently using OpenID.“ http://productblog.37signals.com/products/2011/01/well-be-retiring-our- support-of-openid-on-may-1.html
„OpenID is the worst possible "solution" I have ever seen in my entire life to a problem that most people don't really have.“ Yishan Wong (Facebook) http://www.quora.com/What-s-wrong-with-OpenID
Failures of OpenID 2.0 Complex to implement No marketing Do you have an OpenID? What is it? URL as identifier => Bad User Experience
Facebook Connect 250,000,000 monthly users
So let‘s all use Facebook?
How to fix it?
Easier to implement Better user experience Built on top of OAuth 2.0 More simple specification wider adption
What‘s wrong with OAuth? Does not work well with non web or JavaScript based clients The „Invalid Signature“ Problem Complicated Flow, many requests
http://oauth.net/
What‘s new in OAuth2? (Draft 10) No signatures Cookie-like Bearer Token Different client profiles No Token Secrets No Request Tokens Mandatory TSL/SSL Much more flexible regarding extensions http://tools.ietf.org/html/draft-ietf-oauth-v2
Web-Server Profile
Pre Registration of Client at Twitter: twitter.com - Shared Client ID - Shared Client Secret - Redirect URI lanyrd.com
HTTP(S) POST Connect with Twitter lanyrd.com
HTTPS Redirect http://twitter.com/authorize?&clientId=... lanyrd.com
HTTPS GET twitter.com/ authorize
Login twitter.com/ authorize
Grant permission twitter.com/ authorize Create authorization code and bind it to User and ClientID
HTTPS Redirect Redirect URI?authorizationCode=... twitter.com/ authorize
HTTPS GET lanyrd.com (RedirectURI? authorizationCode= ...)
twitter.com HTTPS GET lanyrd.com HTTPS GET Consumer Key Authorization Code Consumer Secret
twitter.com HTTPS GET lanyrd.com Access Token (Refresh Token)
twitter.com HTTPS GET lanyrd.com HTTPS API Request Access Token
twitter.com HTTPS GET lanyrd.com HTTPS GET Consumer Key Refresh Token Consumer Secret
twitter.com HTTPS GET lanyrd.com Access Token Refresh Token
User-Agent Profile
lanyrd.com Open Popup http://twitter.com/authorize?&clientId=...
lanyrd.com Open Popup http://twitter.com/authorize?&clientId=... twitter.co m/ authorize HTTPS GET
lanyrd.com Open Popup http://twitter.com/authorize?&clientId=... twitter.co m/ authorize Login
lanyrd.com Open Popup http://twitter.com/authorize?&clientId=... twitter.co m/ authorize Grant Permission
lanyrd.com twitter.co m/ lanyrd.com authorize HTTPS Redirect RedirectURI# RedirectURI#acces accessToken sToken
lanyrd.com Parse Access Token from Fragment Send it to opening window Close popup lanyrd.com RedirectURI# accessToken
Same Origin Policy
lanyrd.com HTTPS Ajax twitter.com Request to API Access Token
Same Origin Policy
JSONP
Cross Origin Request Sharing (CORS)
Client Backend lanyrd. api.twitter.com com AJAX Access-Control-Allow-Origin: * http://www.w3.org/TR/cors/
What happend to signatures? Bearer Tokens are fine over secure connection Vulnerable if discovery is introduced Or if TSL/SSL is not possible So OAuth 1.0 signatures alternatively available
Scopes Optional parameter for provider specific implementations Additional return values Access Control
Scope: „openid“ With access token additional values are returned UserID: URL to Portable Contacts endpoint Timestamp Signature http://openidconnect.com/
https://github.com/vznet/vz_id_democlient http://opensocial-demo.vz-modules.net/vzid/index.php
DEMO
OpenID Connect Discovery Get Identifier of user Call /.well-­‐known/host-­‐meta file at the domain of the user‘s provider Look for a link pointing to the OpenID Connect endpoints in the returned LRDD
http://example.com/.well- known/host-meta http://tools.ietf.org/html/draft-nottingham-site-meta
http://code.google.com/p/webfinger/
http://www.oexchange.org/
Phishing
@ E-mail address equals identity?
Can the browser help?
FOAF+SSL (WebID) http://esw.w3.org/Foaf%2Bssl
DEMO http://trunk.ontowiki.net/ http://www.w3.org/wiki/Foaf%2Bssl/IDP
Bad browser UI Syncing between different computers? More than one user on the same computer?
Mozilla UX Mockups
https://browserid.org/
DEMO http://myfavoritebeer.org/ https://addons.mozilla.org/en-US/firefox/addon/browser- sign-in/
Summing it up • We need a single sign on system for the web • Proprietary solutions are bad for users, site owners and developers • OpenID is cool, but has some problems • A new more simple and flexible spec is coming up • Browser vendors are working to solve this problem in the browser
Rate and Comment http://spkr8.com/t/8738
h"p://twi"er.com/Bas2anHofmann h"ps://profiles.google.com/bashofmann h"p://lanyrd.com/people/Bas2anHofmann/ h"p://slideshare.net/bashofmann mail@bas2anhofmann.de

Empfohlen

I put on my mink and wizard behat - Confoo Canada
I put on my mink and wizard behat - Confoo CanadaI put on my mink and wizard behat - Confoo Canada
I put on my mink and wizard behat - Confoo Canadaxsist10
 
I put on my mink and wizard behat
I put on my mink and wizard behatI put on my mink and wizard behat
I put on my mink and wizard behatxsist10
 
NEPHP '12: Create a RESTful API
NEPHP '12: Create a RESTful APINEPHP '12: Create a RESTful API
NEPHP '12: Create a RESTful APIAndrew Curioso
 
SEO and Social Media for Multilingual and Multidevice Sites
SEO and Social Media for Multilingual and Multidevice SitesSEO and Social Media for Multilingual and Multidevice Sites
SEO and Social Media for Multilingual and Multidevice Sitesluckyboost
 
OAuth for your API - The Big Picture
OAuth for your API - The Big PictureOAuth for your API - The Big Picture
OAuth for your API - The Big PictureApigee | Google Cloud
 
Account entrapment
Account entrapmentAccount entrapment
Account entrapmentbenlbroussard
 
Account Entrapment - Forcing a Victim into an Attacker’s Account
Account Entrapment - Forcing a Victim into an Attacker’s AccountAccount Entrapment - Forcing a Victim into an Attacker’s Account
Account Entrapment - Forcing a Victim into an Attacker’s AccountDenim Group
 
- Webexpo 2010
- Webexpo 2010- Webexpo 2010
- Webexpo 2010Petr Dvorak
 

Empfohlen

I put on my mink and wizard behat - Confoo Canada
I put on my mink and wizard behat - Confoo CanadaI put on my mink and wizard behat - Confoo Canada
I put on my mink and wizard behat - Confoo Canadaxsist10
 
I put on my mink and wizard behat
I put on my mink and wizard behatI put on my mink and wizard behat
I put on my mink and wizard behatxsist10
 
NEPHP '12: Create a RESTful API
NEPHP '12: Create a RESTful APINEPHP '12: Create a RESTful API
NEPHP '12: Create a RESTful APIAndrew Curioso
 
SEO and Social Media for Multilingual and Multidevice Sites
SEO and Social Media for Multilingual and Multidevice SitesSEO and Social Media for Multilingual and Multidevice Sites
SEO and Social Media for Multilingual and Multidevice Sitesluckyboost
 
OAuth for your API - The Big Picture
OAuth for your API - The Big PictureOAuth for your API - The Big Picture
OAuth for your API - The Big PictureApigee | Google Cloud
 
Account entrapment
Account entrapmentAccount entrapment
Account entrapmentbenlbroussard
 
Account Entrapment - Forcing a Victim into an Attacker’s Account
Account Entrapment - Forcing a Victim into an Attacker’s AccountAccount Entrapment - Forcing a Victim into an Attacker’s Account
Account Entrapment - Forcing a Victim into an Attacker’s AccountDenim Group
 
- Webexpo 2010
- Webexpo 2010- Webexpo 2010
- Webexpo 2010Petr Dvorak
 
WordCamp Mid-Atlantic WordPress Security
WordCamp Mid-Atlantic WordPress SecurityWordCamp Mid-Atlantic WordPress Security
WordCamp Mid-Atlantic WordPress SecurityBrad Williams
 
Browser Extensions for Web Hackers
Browser Extensions for Web HackersBrowser Extensions for Web Hackers
Browser Extensions for Web HackersMark Wubben
 
Progressive Enhancement 2.0 (jQuery Conference SF Bay Area 2011)
Progressive Enhancement 2.0 (jQuery Conference SF Bay Area 2011)Progressive Enhancement 2.0 (jQuery Conference SF Bay Area 2011)
Progressive Enhancement 2.0 (jQuery Conference SF Bay Area 2011)Nicholas Zakas
 
Cbcode volume2
Cbcode volume2Cbcode volume2
Cbcode volume2Madfex
 
VSA: The Virtual Scripted Attacker, Brucon 2012
VSA: The Virtual Scripted Attacker, Brucon 2012VSA: The Virtual Scripted Attacker, Brucon 2012
VSA: The Virtual Scripted Attacker, Brucon 2012Abraham Aranguren
 
Advanced Thesis Techniques and Tricks
Advanced Thesis Techniques and TricksAdvanced Thesis Techniques and Tricks
Advanced Thesis Techniques and TricksBrad Williams
 
Opening up the Social Web - Standards that are bridging the Islands
Opening up the Social Web - Standards that are bridging the IslandsOpening up the Social Web - Standards that are bridging the Islands
Opening up the Social Web - Standards that are bridging the IslandsBastian Hofmann
 
API Design - 3rd Edition
API Design - 3rd EditionAPI Design - 3rd Edition
API Design - 3rd EditionApigee | Google Cloud
 
WordPress Security - WordCamp NYC 2009
WordPress Security - WordCamp NYC 2009WordPress Security - WordCamp NYC 2009
WordPress Security - WordCamp NYC 2009Brad Williams
 
Everything You Need to Know About Being a Sex Blogger (But Were Afraid to Ask)
Everything You Need to Know About Being a Sex Blogger (But Were Afraid to Ask)Everything You Need to Know About Being a Sex Blogger (But Were Afraid to Ask)
Everything You Need to Know About Being a Sex Blogger (But Were Afraid to Ask)Viviane Tang
 
A Holistic View of Website Performance
A Holistic View of Website PerformanceA Holistic View of Website Performance
A Holistic View of Website PerformanceRene Churchill
 
Api
ApiApi
Apirandyhoyt
 
Crossing the Boundaries of Web Applications with OpenSocial
Crossing the Boundaries of Web Applications with OpenSocialCrossing the Boundaries of Web Applications with OpenSocial
Crossing the Boundaries of Web Applications with OpenSocialBastian Hofmann
 
What the Heck is OAuth and OIDC - UberConf 2018
What the Heck is OAuth and OIDC - UberConf 2018What the Heck is OAuth and OIDC - UberConf 2018
What the Heck is OAuth and OIDC - UberConf 2018Matt Raible
 
How to create OpenSocial Apps in 45 minutes
How to create OpenSocial Apps in 45 minutesHow to create OpenSocial Apps in 45 minutes
How to create OpenSocial Apps in 45 minutesBastian Hofmann
 
アプリ開発で知っておきたい認証技術 - OAuth 1.0 + OAuth 2.0 + OpenID Connect -
アプリ開発で知っておきたい認証技術 - OAuth 1.0 + OAuth 2.0 + OpenID Connect -アプリ開発で知っておきたい認証技術 - OAuth 1.0 + OAuth 2.0 + OpenID Connect -
アプリ開発で知っておきたい認証技術 - OAuth 1.0 + OAuth 2.0 + OpenID Connect -Naoki Nagazumi
 
What the Heck is OAuth and OIDC - Denver Developer Identity Workshop 2020
What the Heck is OAuth and OIDC - Denver Developer Identity Workshop 2020What the Heck is OAuth and OIDC - Denver Developer Identity Workshop 2020
What the Heck is OAuth and OIDC - Denver Developer Identity Workshop 2020Matt Raible
 
Implementing OAuth
Implementing OAuthImplementing OAuth
Implementing OAuthleahculver
 
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...CA API Management
 
OAuth and OEmbed
OAuth and OEmbedOAuth and OEmbed
OAuth and OEmbedleahculver
 
OAuth 2.0
OAuth 2.0OAuth 2.0
OAuth 2.0Uwe Friedrichsen
 
OAuth and Open-id
OAuth and Open-idOAuth and Open-id
OAuth and Open-idParisa Moosavinezhad
 

Weitere ähnliche Inhalte

Was ist angesagt?

WordCamp Mid-Atlantic WordPress Security
WordCamp Mid-Atlantic WordPress SecurityWordCamp Mid-Atlantic WordPress Security
WordCamp Mid-Atlantic WordPress SecurityBrad Williams
 
Browser Extensions for Web Hackers
Browser Extensions for Web HackersBrowser Extensions for Web Hackers
Browser Extensions for Web HackersMark Wubben
 
Progressive Enhancement 2.0 (jQuery Conference SF Bay Area 2011)
Progressive Enhancement 2.0 (jQuery Conference SF Bay Area 2011)Progressive Enhancement 2.0 (jQuery Conference SF Bay Area 2011)
Progressive Enhancement 2.0 (jQuery Conference SF Bay Area 2011)Nicholas Zakas
 
Cbcode volume2
Cbcode volume2Cbcode volume2
Cbcode volume2Madfex
 
VSA: The Virtual Scripted Attacker, Brucon 2012
VSA: The Virtual Scripted Attacker, Brucon 2012VSA: The Virtual Scripted Attacker, Brucon 2012
VSA: The Virtual Scripted Attacker, Brucon 2012Abraham Aranguren
 
Advanced Thesis Techniques and Tricks
Advanced Thesis Techniques and TricksAdvanced Thesis Techniques and Tricks
Advanced Thesis Techniques and TricksBrad Williams
 
Opening up the Social Web - Standards that are bridging the Islands
Opening up the Social Web - Standards that are bridging the IslandsOpening up the Social Web - Standards that are bridging the Islands
Opening up the Social Web - Standards that are bridging the IslandsBastian Hofmann
 
WordPress Security - WordCamp NYC 2009
WordPress Security - WordCamp NYC 2009WordPress Security - WordCamp NYC 2009
WordPress Security - WordCamp NYC 2009Brad Williams
 
Everything You Need to Know About Being a Sex Blogger (But Were Afraid to Ask)
Everything You Need to Know About Being a Sex Blogger (But Were Afraid to Ask)Everything You Need to Know About Being a Sex Blogger (But Were Afraid to Ask)
Everything You Need to Know About Being a Sex Blogger (But Were Afraid to Ask)Viviane Tang
 
A Holistic View of Website Performance
A Holistic View of Website PerformanceA Holistic View of Website Performance
A Holistic View of Website PerformanceRene Churchill
 

Was ist angesagt? (12)

WordCamp Mid-Atlantic WordPress Security
WordCamp Mid-Atlantic WordPress SecurityWordCamp Mid-Atlantic WordPress Security
WordCamp Mid-Atlantic WordPress Security
 
Browser Extensions for Web Hackers
Browser Extensions for Web HackersBrowser Extensions for Web Hackers
Browser Extensions for Web Hackers
 
Progressive Enhancement 2.0 (jQuery Conference SF Bay Area 2011)
Progressive Enhancement 2.0 (jQuery Conference SF Bay Area 2011)Progressive Enhancement 2.0 (jQuery Conference SF Bay Area 2011)
Progressive Enhancement 2.0 (jQuery Conference SF Bay Area 2011)
 
Cbcode volume2
Cbcode volume2Cbcode volume2
Cbcode volume2
 
VSA: The Virtual Scripted Attacker, Brucon 2012
VSA: The Virtual Scripted Attacker, Brucon 2012VSA: The Virtual Scripted Attacker, Brucon 2012
VSA: The Virtual Scripted Attacker, Brucon 2012
 
Advanced Thesis Techniques and Tricks
Advanced Thesis Techniques and TricksAdvanced Thesis Techniques and Tricks
Advanced Thesis Techniques and Tricks
 
Opening up the Social Web - Standards that are bridging the Islands
Opening up the Social Web - Standards that are bridging the IslandsOpening up the Social Web - Standards that are bridging the Islands
Opening up the Social Web - Standards that are bridging the Islands
 
API Design - 3rd Edition
API Design - 3rd EditionAPI Design - 3rd Edition
API Design - 3rd Edition
 
WordPress Security - WordCamp NYC 2009
WordPress Security - WordCamp NYC 2009WordPress Security - WordCamp NYC 2009
WordPress Security - WordCamp NYC 2009
 
Everything You Need to Know About Being a Sex Blogger (But Were Afraid to Ask)
Everything You Need to Know About Being a Sex Blogger (But Were Afraid to Ask)Everything You Need to Know About Being a Sex Blogger (But Were Afraid to Ask)
Everything You Need to Know About Being a Sex Blogger (But Were Afraid to Ask)
 
A Holistic View of Website Performance
A Holistic View of Website PerformanceA Holistic View of Website Performance
A Holistic View of Website Performance
 
Api
ApiApi
Api
 

Ähnlich wie The Identity Problem of the Web and how to solve it

Crossing the Boundaries of Web Applications with OpenSocial
Crossing the Boundaries of Web Applications with OpenSocialCrossing the Boundaries of Web Applications with OpenSocial
Crossing the Boundaries of Web Applications with OpenSocialBastian Hofmann
 
What the Heck is OAuth and OIDC - UberConf 2018
What the Heck is OAuth and OIDC - UberConf 2018What the Heck is OAuth and OIDC - UberConf 2018
What the Heck is OAuth and OIDC - UberConf 2018Matt Raible
 
How to create OpenSocial Apps in 45 minutes
How to create OpenSocial Apps in 45 minutesHow to create OpenSocial Apps in 45 minutes
How to create OpenSocial Apps in 45 minutesBastian Hofmann
 
アプリ開発で知っておきたい認証技術 - OAuth 1.0 + OAuth 2.0 + OpenID Connect -
アプリ開発で知っておきたい認証技術 - OAuth 1.0 + OAuth 2.0 + OpenID Connect -アプリ開発で知っておきたい認証技術 - OAuth 1.0 + OAuth 2.0 + OpenID Connect -
アプリ開発で知っておきたい認証技術 - OAuth 1.0 + OAuth 2.0 + OpenID Connect -Naoki Nagazumi
 
What the Heck is OAuth and OIDC - Denver Developer Identity Workshop 2020
What the Heck is OAuth and OIDC - Denver Developer Identity Workshop 2020What the Heck is OAuth and OIDC - Denver Developer Identity Workshop 2020
What the Heck is OAuth and OIDC - Denver Developer Identity Workshop 2020Matt Raible
 
Implementing OAuth
Implementing OAuthImplementing OAuth
Implementing OAuthleahculver
 
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...CA API Management
 
OAuth and OEmbed
OAuth and OEmbedOAuth and OEmbed
OAuth and OEmbedleahculver
 
OAuth 2.0 – A standard is coming of age by Uwe Friedrichsen
OAuth 2.0 – A standard is coming of age by Uwe FriedrichsenOAuth 2.0 – A standard is coming of age by Uwe Friedrichsen
OAuth 2.0 – A standard is coming of age by Uwe FriedrichsenCodemotion
 
Chrome Dev Summit 2020 Extended: Improve Your Web Authentication Security
Chrome Dev Summit 2020 Extended: Improve Your Web Authentication SecurityChrome Dev Summit 2020 Extended: Improve Your Web Authentication Security
Chrome Dev Summit 2020 Extended: Improve Your Web Authentication SecurityYu-Shuan Hsieh
 
Accessing APIs using OAuth on the federated (WordPress) web
Accessing APIs using OAuth on the federated (WordPress) webAccessing APIs using OAuth on the federated (WordPress) web
Accessing APIs using OAuth on the federated (WordPress) webFelix Arntz
 
OAuth Introduction
OAuth IntroductionOAuth Introduction
OAuth Introductionh_marvin
 
Authorization with oAuth
Authorization with oAuthAuthorization with oAuth
Authorization with oAuthVivastream
 
O auth how_to
O auth how_toO auth how_to
O auth how_tovivaqa
 
UserCentric Identity based Service Invocation
UserCentric Identity based Service InvocationUserCentric Identity based Service Invocation
UserCentric Identity based Service Invocationguestd5dde6
 
An Introduction to OAuth2
An Introduction to OAuth2An Introduction to OAuth2
An Introduction to OAuth2Aaron Parecki
 

Ähnlich wie The Identity Problem of the Web and how to solve it (20)

Crossing the Boundaries of Web Applications with OpenSocial
Crossing the Boundaries of Web Applications with OpenSocialCrossing the Boundaries of Web Applications with OpenSocial
Crossing the Boundaries of Web Applications with OpenSocial
 
What the Heck is OAuth and OIDC - UberConf 2018
What the Heck is OAuth and OIDC - UberConf 2018What the Heck is OAuth and OIDC - UberConf 2018
What the Heck is OAuth and OIDC - UberConf 2018
 
How to create OpenSocial Apps in 45 minutes
How to create OpenSocial Apps in 45 minutesHow to create OpenSocial Apps in 45 minutes
How to create OpenSocial Apps in 45 minutes
 
アプリ開発で知っておきたい認証技術 - OAuth 1.0 + OAuth 2.0 + OpenID Connect -
アプリ開発で知っておきたい認証技術 - OAuth 1.0 + OAuth 2.0 + OpenID Connect -アプリ開発で知っておきたい認証技術 - OAuth 1.0 + OAuth 2.0 + OpenID Connect -
アプリ開発で知っておきたい認証技術 - OAuth 1.0 + OAuth 2.0 + OpenID Connect -
 
What the Heck is OAuth and OIDC - Denver Developer Identity Workshop 2020
What the Heck is OAuth and OIDC - Denver Developer Identity Workshop 2020What the Heck is OAuth and OIDC - Denver Developer Identity Workshop 2020
What the Heck is OAuth and OIDC - Denver Developer Identity Workshop 2020
 
Implementing OAuth
Implementing OAuthImplementing OAuth
Implementing OAuth
 
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
 
OAuth and OEmbed
OAuth and OEmbedOAuth and OEmbed
OAuth and OEmbed
 
OAuth 2.0
OAuth 2.0OAuth 2.0
OAuth 2.0
 
OAuth and Open-id
OAuth and Open-idOAuth and Open-id
OAuth and Open-id
 
Demystifying OAuth2 for PHP
Demystifying OAuth2 for PHPDemystifying OAuth2 for PHP
Demystifying OAuth2 for PHP
 
OAuth 2.0 – A standard is coming of age by Uwe Friedrichsen
OAuth 2.0 – A standard is coming of age by Uwe FriedrichsenOAuth 2.0 – A standard is coming of age by Uwe Friedrichsen
OAuth 2.0 – A standard is coming of age by Uwe Friedrichsen
 
Some OAuth love
Some OAuth loveSome OAuth love
Some OAuth love
 
Chrome Dev Summit 2020 Extended: Improve Your Web Authentication Security
Chrome Dev Summit 2020 Extended: Improve Your Web Authentication SecurityChrome Dev Summit 2020 Extended: Improve Your Web Authentication Security
Chrome Dev Summit 2020 Extended: Improve Your Web Authentication Security
 
Accessing APIs using OAuth on the federated (WordPress) web
Accessing APIs using OAuth on the federated (WordPress) webAccessing APIs using OAuth on the federated (WordPress) web
Accessing APIs using OAuth on the federated (WordPress) web
 
OAuth Introduction
OAuth IntroductionOAuth Introduction
OAuth Introduction
 
Authorization with oAuth
Authorization with oAuthAuthorization with oAuth
Authorization with oAuth
 
O auth how_to
O auth how_toO auth how_to
O auth how_to
 
UserCentric Identity based Service Invocation
UserCentric Identity based Service InvocationUserCentric Identity based Service Invocation
UserCentric Identity based Service Invocation
 
An Introduction to OAuth2
An Introduction to OAuth2An Introduction to OAuth2
An Introduction to OAuth2
 

Mehr von Bastian Hofmann

Introduction to rg\injection
Introduction to rg\injectionIntroduction to rg\injection
Introduction to rg\injectionBastian Hofmann
 
IGNITE OpenSocial 2.0 - Viva La OpenAppRevolution!
IGNITE OpenSocial 2.0 - Viva La OpenAppRevolution! IGNITE OpenSocial 2.0 - Viva La OpenAppRevolution!
IGNITE OpenSocial 2.0 - Viva La OpenAppRevolution! Bastian Hofmann
 
Crossing the Boundaries of Web Applications with OpenSocial
Crossing the Boundaries of Web Applications with OpenSocialCrossing the Boundaries of Web Applications with OpenSocial
Crossing the Boundaries of Web Applications with OpenSocialBastian Hofmann
 
Crossing the Boundaries of Web Applications with OpenSocial
Crossing the Boundaries of Web Applications with OpenSocialCrossing the Boundaries of Web Applications with OpenSocial
Crossing the Boundaries of Web Applications with OpenSocialBastian Hofmann
 
Distributed Identities with OpenID
Distributed Identities with OpenIDDistributed Identities with OpenID
Distributed Identities with OpenIDBastian Hofmann
 
Mashing up JavaScript – Advanced Techniques for modern Web Apps
Mashing up JavaScript – Advanced Techniques for modern Web AppsMashing up JavaScript – Advanced Techniques for modern Web Apps
Mashing up JavaScript – Advanced Techniques for modern Web AppsBastian Hofmann
 
Creating social games for millions of users
Creating social games for millions of usersCreating social games for millions of users
Creating social games for millions of usersBastian Hofmann
 
How to create social apps for millions of users
How to create social apps for millions of users How to create social apps for millions of users
How to create social apps for millions of users Bastian Hofmann
 
Distributed Identities with OpenID
Distributed Identities with OpenIDDistributed Identities with OpenID
Distributed Identities with OpenIDBastian Hofmann
 
OpenSocial - Past, Present, Future
OpenSocial - Past, Present, FutureOpenSocial - Past, Present, Future
OpenSocial - Past, Present, FutureBastian Hofmann
 
Distributed Social Networking
Distributed Social NetworkingDistributed Social Networking
Distributed Social NetworkingBastian Hofmann
 
Technical Background of VZ-ID
Technical Background of VZ-IDTechnical Background of VZ-ID
Technical Background of VZ-IDBastian Hofmann
 
Advanced Capabilities of OpenSocial Apps
Advanced Capabilities of OpenSocial AppsAdvanced Capabilities of OpenSocial Apps
Advanced Capabilities of OpenSocial AppsBastian Hofmann
 
Creating OpenSocial Apps for millions of users
Creating OpenSocial Apps for millions of usersCreating OpenSocial Apps for millions of users
Creating OpenSocial Apps for millions of usersBastian Hofmann
 
How to make your social games successfull
How to make your social games successfullHow to make your social games successfull
How to make your social games successfullBastian Hofmann
 
Opening up the Social Web - Standards that are bridging the Islands
Opening up the Social Web - Standards that are bridging the Islands Opening up the Social Web - Standards that are bridging the Islands
Opening up the Social Web - Standards that are bridging the Islands Bastian Hofmann
 
Distributed Identities with OpenID
Distributed Identities with OpenIDDistributed Identities with OpenID
Distributed Identities with OpenIDBastian Hofmann
 
Creating OpenSocial Apps
Creating OpenSocial AppsCreating OpenSocial Apps
Creating OpenSocial AppsBastian Hofmann
 

Mehr von Bastian Hofmann (20)

Introduction to rg\injection
Introduction to rg\injectionIntroduction to rg\injection
Introduction to rg\injection
 
IGNITE OpenSocial 2.0 - Viva La OpenAppRevolution!
IGNITE OpenSocial 2.0 - Viva La OpenAppRevolution! IGNITE OpenSocial 2.0 - Viva La OpenAppRevolution!
IGNITE OpenSocial 2.0 - Viva La OpenAppRevolution!
 
Mashing up JavaScript
Mashing up JavaScriptMashing up JavaScript
Mashing up JavaScript
 
Crossing the Boundaries of Web Applications with OpenSocial
Crossing the Boundaries of Web Applications with OpenSocialCrossing the Boundaries of Web Applications with OpenSocial
Crossing the Boundaries of Web Applications with OpenSocial
 
Crossing the Boundaries of Web Applications with OpenSocial
Crossing the Boundaries of Web Applications with OpenSocialCrossing the Boundaries of Web Applications with OpenSocial
Crossing the Boundaries of Web Applications with OpenSocial
 
Distributed Identities with OpenID
Distributed Identities with OpenIDDistributed Identities with OpenID
Distributed Identities with OpenID
 
Mashing up JavaScript – Advanced Techniques for modern Web Apps
Mashing up JavaScript – Advanced Techniques for modern Web AppsMashing up JavaScript – Advanced Techniques for modern Web Apps
Mashing up JavaScript – Advanced Techniques for modern Web Apps
 
Mashing up JavaScript
Mashing up JavaScriptMashing up JavaScript
Mashing up JavaScript
 
Creating social games for millions of users
Creating social games for millions of usersCreating social games for millions of users
Creating social games for millions of users
 
How to create social apps for millions of users
How to create social apps for millions of users How to create social apps for millions of users
How to create social apps for millions of users
 
Distributed Identities with OpenID
Distributed Identities with OpenIDDistributed Identities with OpenID
Distributed Identities with OpenID
 
OpenSocial - Past, Present, Future
OpenSocial - Past, Present, FutureOpenSocial - Past, Present, Future
OpenSocial - Past, Present, Future
 
Distributed Social Networking
Distributed Social NetworkingDistributed Social Networking
Distributed Social Networking
 
Technical Background of VZ-ID
Technical Background of VZ-IDTechnical Background of VZ-ID
Technical Background of VZ-ID
 
Advanced Capabilities of OpenSocial Apps
Advanced Capabilities of OpenSocial AppsAdvanced Capabilities of OpenSocial Apps
Advanced Capabilities of OpenSocial Apps
 
Creating OpenSocial Apps for millions of users
Creating OpenSocial Apps for millions of usersCreating OpenSocial Apps for millions of users
Creating OpenSocial Apps for millions of users
 
How to make your social games successfull
How to make your social games successfullHow to make your social games successfull
How to make your social games successfull
 
Opening up the Social Web - Standards that are bridging the Islands
Opening up the Social Web - Standards that are bridging the Islands Opening up the Social Web - Standards that are bridging the Islands
Opening up the Social Web - Standards that are bridging the Islands
 
Distributed Identities with OpenID
Distributed Identities with OpenIDDistributed Identities with OpenID
Distributed Identities with OpenID
 
Creating OpenSocial Apps
Creating OpenSocial AppsCreating OpenSocial Apps
Creating OpenSocial Apps
 

Kürzlich hochgeladen

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 

Kürzlich hochgeladen (20)

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 

The Identity Problem of the Web and how to solve it