SlideShare ist ein Scribd-Unternehmen logo

Building and using web services with OAuth

Als PPT, PDF herunterladen
B
Bruce Boughton

My talk from Skillswap goes Portable, giving an introduction to OAuth

BildungTechnologie
1 von 41
BUILDING AND USING SECURE WEB SERVICES WITH OAUTH Skillswap Goes Portable, November 25, 2008 Bruce Boughton [email_address] http://bruceboughton.me.uk http://lab.madgex.com/
web services are about data let’s think about data...
DATA SHOULD BE PORTABLE (even your private data) ,[object Object],[object Object]
why?
CONTROL YOUR DATA Don't get locked into one vendor
Mash|ups < data > MORE INTERESTING http://pipes.yahoo.com/bruceboughton/skillswapmashup
RE-PURPOSE YOUR DATA in different contexts
INTERPRET IT ACCESS IT ,[object Object], 
Data should be available in STANDARD DATA FORMATS <xml/> POSH  JSON μ f
How can users let third parties ACCESS THEIR PRIVATE DATA? ,[object Object],
 
 
40-60% OF TWEETS VIA API* Blaine Cook co-authored OAuth ,[object Object]
 
http://kecute.wordpress.com/2007/11/05/cat-computer-geek/
we need an easy , user-friendly standard for third party api security
 
GOOGLE CONTACTS DEMO ,[object Object]
YOU CHOOSE who you share YOUR DATA with ,[object Object]
NO NEED to give out your PASSWORD ,[object Object]
FIRE EAGLE LOCATION DEMO ,[object Object]
Supports FINE-GRAINED privacy controls ,[object Object]
Google Yahoo OpenSocial Netflix MySpace Pownce Ma.gnolia SmugMug GetSatisfaction and more... ,[object Object]
one thing: OAuth != OpenID (but they do play nicely)
OpenID is authentication OAUTH IS ACCESS CONTROL
let’s get technical
Protected resources are exposed by service providers and used by consumer applications on behalf of users
e.g. My physical location is exposed by the Fire Eagle API and used by the Madgex Lab demo on my behalf
Consumer identity asserted using CONSUMER KEY and SECRET
Consumer gets an ACCESS TOKEN (tied to a user, usually re-usable) ,[object Object]
Consumer asks USER TO LOG IN and AUTHORIZE request ,[object Object]
Requests are SIGNED and include a TIMESTAMP and NONCE
This is just PLAIN OLD HTTP with added super powers
don’t worry, there are plenty of open source libraries
Ruby .NET Python PHP Java JavaScript Objective-C and more... http://oauth.net/code
do we have time for some code? OAuth.net library http://lab.madgex.com/oauth-net
[object Object],[object Object]
[object Object]
[object Object],[object Object]
[object Object]
QUESTIONS? OR BEER. Bruce Boughton [email_address] http://bruceboughton.me.uk http://lab.madgex.com/

Empfohlen

2015 akure gdg dev fest
2015 akure gdg dev fest2015 akure gdg dev fest
2015 akure gdg dev fest
Victor Akinwande
 
Unmanned LiDAR
Unmanned LiDARUnmanned LiDAR
Unmanned LiDAR
JuniperUnmanned
 
An Introduction to OAuth 2
An Introduction to OAuth 2An Introduction to OAuth 2
An Introduction to OAuth 2
Aaron Parecki
 
Introduction To Open Web Protocols
Introduction To Open Web ProtocolsIntroduction To Open Web Protocols
Introduction To Open Web Protocols
Mohan Krishnan
 
UserCentric Identity based Service Invocation
UserCentric Identity based Service InvocationUserCentric Identity based Service Invocation
UserCentric Identity based Service Invocation
guestd5dde6
 
OpenSocial and Mixi platform
OpenSocial and Mixi platformOpenSocial and Mixi platform
OpenSocial and Mixi platform
Pham Thinh
 
Oauth
OauthOauth
Oauth
ehuard
 
OAuth In The Real World : 10 actual implementations you can't guess
OAuth In The Real World : 10 actual implementations you can't guessOAuth In The Real World : 10 actual implementations you can't guess
OAuth In The Real World : 10 actual implementations you can't guess
Mehdi Medjaoui
 

Empfohlen

2015 akure gdg dev fest
2015 akure gdg dev fest2015 akure gdg dev fest
2015 akure gdg dev fest
Victor Akinwande
 
Unmanned LiDAR
Unmanned LiDARUnmanned LiDAR
Unmanned LiDAR
JuniperUnmanned
 
An Introduction to OAuth 2
An Introduction to OAuth 2An Introduction to OAuth 2
An Introduction to OAuth 2
Aaron Parecki
 
Introduction To Open Web Protocols
Introduction To Open Web ProtocolsIntroduction To Open Web Protocols
Introduction To Open Web Protocols
Mohan Krishnan
 
UserCentric Identity based Service Invocation
UserCentric Identity based Service InvocationUserCentric Identity based Service Invocation
UserCentric Identity based Service Invocation
guestd5dde6
 
OpenSocial and Mixi platform
OpenSocial and Mixi platformOpenSocial and Mixi platform
OpenSocial and Mixi platform
Pham Thinh
 
Oauth
OauthOauth
Oauth
ehuard
 
OAuth In The Real World : 10 actual implementations you can't guess
OAuth In The Real World : 10 actual implementations you can't guessOAuth In The Real World : 10 actual implementations you can't guess
OAuth In The Real World : 10 actual implementations you can't guess
Mehdi Medjaoui
 
Devteach 2017 OAuth and Open id connect demystified
Devteach 2017 OAuth and Open id connect demystifiedDevteach 2017 OAuth and Open id connect demystified
Devteach 2017 OAuth and Open id connect demystified
Taswar Bhatti
 
OAuth Base Camp
OAuth Base CampOAuth Base Camp
OAuth Base Camp
Oliver Pfaff
 
CC Technology Summit 3 Update
CC Technology Summit 3 UpdateCC Technology Summit 3 Update
CC Technology Summit 3 Update
Nathan Yergler
 
Secure your web app presentation
Secure your web app presentationSecure your web app presentation
Secure your web app presentation
Frans Lytzen
 
Identity and o365 on Azure
Identity and o365 on AzureIdentity and o365 on Azure
Identity and o365 on Azure
Mostafa
 
Presentation On CLoudSweeper By Harini Anand
Presentation On CLoudSweeper By Harini AnandPresentation On CLoudSweeper By Harini Anand
Presentation On CLoudSweeper By Harini Anand
Harini Anandakumar
 
Secure Webservices
Secure WebservicesSecure Webservices
Secure Webservices
Matthias Käppler
 
Introduction to OData
Introduction to ODataIntroduction to OData
Introduction to OData
Mindfire Solutions
 
Monitoring as an entry point for collaboration
Monitoring as an entry point for collaborationMonitoring as an entry point for collaboration
Monitoring as an entry point for collaboration
Julien Pivotto
 
Fanug - Pragmatic Windows Phone Developer
Fanug - Pragmatic Windows Phone DeveloperFanug - Pragmatic Windows Phone Developer
Fanug - Pragmatic Windows Phone Developer
Sam Basu
 
Azure + WP7 - CodePaLOUsa
Azure + WP7 - CodePaLOUsaAzure + WP7 - CodePaLOUsa
Azure + WP7 - CodePaLOUsa
Sam Basu
 
Just fire lti at it!
Just fire lti at it!Just fire lti at it!
Just fire lti at it!
kingmook
 
Training thethings.iO
Training thethings.iOTraining thethings.iO
Training thethings.iO
Marc Pous
 
Oauth2.0
Oauth2.0Oauth2.0
Oauth2.0
Yasmine Gaber
 
OAuth and OEmbed
OAuth and OEmbedOAuth and OEmbed
OAuth and OEmbed
leahculver
 
Secure your Azure Web App 2019
Secure your Azure Web App 2019Secure your Azure Web App 2019
Secure your Azure Web App 2019
Frans Lytzen
 
Centralise legacy auth at the ingress gateway, SREday
Centralise legacy auth at the ingress gateway, SREdayCentralise legacy auth at the ingress gateway, SREday
Centralise legacy auth at the ingress gateway, SREday
Andrew Kirkpatrick
 
Centralise legacy auth at the ingress gateway
Centralise legacy auth at the ingress gatewayCentralise legacy auth at the ingress gateway
Centralise legacy auth at the ingress gateway
Andrew Kirkpatrick
 
Web 20 Security - Vordel
Web 20 Security - VordelWeb 20 Security - Vordel
Web 20 Security - Vordel
guest2a1135
 
Identity Enabling Web Services
Identity Enabling Web ServicesIdentity Enabling Web Services
Identity Enabling Web Services
Ashish Jain
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
christianmathematics
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University of Engineering & Technology, Jamshoro
 

Weitere ähnliche Inhalte

Ähnlich wie Building and using web services with OAuth

Fanug - Pragmatic Windows Phone Developer
Fanug - Pragmatic Windows Phone DeveloperFanug - Pragmatic Windows Phone Developer
Fanug - Pragmatic Windows Phone Developer
Sam Basu
 
Azure + WP7 - CodePaLOUsa
Azure + WP7 - CodePaLOUsaAzure + WP7 - CodePaLOUsa
Azure + WP7 - CodePaLOUsa
Sam Basu
 

Ähnlich wie Building and using web services with OAuth (20)

Devteach 2017 OAuth and Open id connect demystified
Devteach 2017 OAuth and Open id connect demystifiedDevteach 2017 OAuth and Open id connect demystified
Devteach 2017 OAuth and Open id connect demystified
 
OAuth Base Camp
OAuth Base CampOAuth Base Camp
OAuth Base Camp
 
CC Technology Summit 3 Update
CC Technology Summit 3 UpdateCC Technology Summit 3 Update
CC Technology Summit 3 Update
 
Secure your web app presentation
Secure your web app presentationSecure your web app presentation
Secure your web app presentation
 
Identity and o365 on Azure
Identity and o365 on AzureIdentity and o365 on Azure
Identity and o365 on Azure
 
Presentation On CLoudSweeper By Harini Anand
Presentation On CLoudSweeper By Harini AnandPresentation On CLoudSweeper By Harini Anand
Presentation On CLoudSweeper By Harini Anand
 
Secure Webservices
Secure WebservicesSecure Webservices
Secure Webservices
 
Introduction to OData
Introduction to ODataIntroduction to OData
Introduction to OData
 
Monitoring as an entry point for collaboration
Monitoring as an entry point for collaborationMonitoring as an entry point for collaboration
Monitoring as an entry point for collaboration
 
Fanug - Pragmatic Windows Phone Developer
Fanug - Pragmatic Windows Phone DeveloperFanug - Pragmatic Windows Phone Developer
Fanug - Pragmatic Windows Phone Developer
 
Azure + WP7 - CodePaLOUsa
Azure + WP7 - CodePaLOUsaAzure + WP7 - CodePaLOUsa
Azure + WP7 - CodePaLOUsa
 
Just fire lti at it!
Just fire lti at it!Just fire lti at it!
Just fire lti at it!
 
Training thethings.iO
Training thethings.iOTraining thethings.iO
Training thethings.iO
 
Oauth2.0
Oauth2.0Oauth2.0
Oauth2.0
 
OAuth and OEmbed
OAuth and OEmbedOAuth and OEmbed
OAuth and OEmbed
 
Secure your Azure Web App 2019
Secure your Azure Web App 2019Secure your Azure Web App 2019
Secure your Azure Web App 2019
 
Centralise legacy auth at the ingress gateway, SREday
Centralise legacy auth at the ingress gateway, SREdayCentralise legacy auth at the ingress gateway, SREday
Centralise legacy auth at the ingress gateway, SREday
 
Centralise legacy auth at the ingress gateway
Centralise legacy auth at the ingress gatewayCentralise legacy auth at the ingress gateway
Centralise legacy auth at the ingress gateway
 
Web 20 Security - Vordel
Web 20 Security - VordelWeb 20 Security - Vordel
Web 20 Security - Vordel
 
Identity Enabling Web Services
Identity Enabling Web ServicesIdentity Enabling Web Services
Identity Enabling Web Services
 

Kürzlich hochgeladen

Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
KarakKing
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
heathfieldcps1
 

Kürzlich hochgeladen (20)

This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
Philosophy of china and it's charactistics
Philosophy of china and it's charactisticsPhilosophy of china and it's charactistics
Philosophy of china and it's charactistics
 
Tatlong Kwento ni Lola basyang-1.pdf arts
Tatlong Kwento ni Lola basyang-1.pdf artsTatlong Kwento ni Lola basyang-1.pdf arts
Tatlong Kwento ni Lola basyang-1.pdf arts
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
 
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
OSCM Unit 2_Operations Processes & Systems
OSCM Unit 2_Operations Processes & SystemsOSCM Unit 2_Operations Processes & Systems
OSCM Unit 2_Operations Processes & Systems
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structure
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptx
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 

Building and using web services with OAuth