8. AOL OpenAuth and Open Services Untrusted Site (ex. netvibes.com) User (Browser) 1. Access protected content 2. Redirect to OpenAuth 3. login 4. Login page 5. sn/pwd 6. Redirect to site w/ token 7. Redirect to site w/ token 8. Get buddylist W/ token 9. Validate token 10. Return buddy list AIM Service 11. Return Personalized content
With the growing acceptance of OpenID across the web as a simple and easy way to exchange Online Identities, now is the time to look at how the new protocol OAuth helps in doing Identity based Service Invocations to help in building useful Web 2.0 applications (including Widgets and Gadgets for Social Networks) all under user’s control. This session introduces the OAuth protocol and how it can be used in various use cases. While doing so we will cover how it fits into the existing deployments with OpenID and possibly, other Authentication protocols as well. We will also discuss how OAuth fits into the two most common models where both User Identity and Services are managed by the same Provider or by different Providers. This of course opens up lot of questions about how OAuth and OpenID would work with each other and how the user’s permissions are managed. We will also look at how easy it is to add OAuth support into an existing Service using AOL’s WebAIM Service as an example.