Steve Ivy, profile picture
Uploaded bySteve Ivy
PPT, PDF3,143 views

Openid & Oauth: An Introduction

OpenID and OAuth are open standards for authentication and authorization on the web. OpenID allows users to log into multiple websites using a single digital identity while OAuth provides applications a secure delegated access to server resources on behalf of a resource owner. Both standards use open web technologies like HTTP, SSL and public-key cryptography to provide user-centric and application-to-application authentication and authorization in a distributed and extensible manner without single vendor lock-in.

Embed presentation

Downloaded 282 times
OpenID & Oauth Open Standards for Authentication and Authorization (An introduction)
The Open Web Unencumbered, Cross-Platform Standards Open Source / Free Software Implementations No Single-Vendor "Lock-In” Distributed Extensibility http://developer.mozilla.org/presentations/sxsw2007/the_open_web/
OpenID is… Lightweight Distributed User-Centric (not Site-Centric)
OpenID is also… Built on web standards DNS/HTTP/SSL Diffie-Hellman (PKI)
History 2005: Developed by Brad Fitzpatrick, Creator of LiveJournal 2006: Delegation, XRI support, extensions: OpenID 2.0 2007: OpenID Foundation 2008: More than 13,000 Consuming Sites http://en.wikipedia.org/wiki/OpenID#History
OpenID In The Wild
A Solution For… Maintaining Usernames Password Overload (insecurity) Site-centric Identity
Basics An OpenID is a URL http://redmonk.net Provider http://myopenid.com Relying Parties Delegation http://redmonk.myopenid.com
The Dance (Conversation)
DEMO LiveJournal User Ma.gnolia One-Time Authentication Persistent Authentication
The “Open” in OpenID Delegation support is required <link rel=“openid.delegate” /> Multiple accounts, multiple Providers No Lock-in
Q & A
Oauth is… “ OAuth is like a valet key for all your web services .  A valet key lets you give a valet the ability to park your car, but not the ability to get into the trunk or drive more than 2 miles or redline the RPMs on your high end German automobile.  In the same way, an OAuth key lets you give a web agent the ability to check your web mail but NOT the ability to pretend to be you and send mail to everybody in your address book.” http://journals.aol.com/panzerjohn/abstractioneer/entries/2007/09/21/oauth-your-valet-key-for-the-web/1550
Authentication Similar to: AuthSub (Google) BBAuth (Yahoo) Flickr Auth OpenAuth (AOL)
API Level Application To Application “ Agency”
Basics User Service Provider Consumer Protected Resources Tokens http://oauth.net/documentation/getting-started
The Dance (Conversation) (Developed from: http:// oauth.net/core/diagram.png )
Who’s Supporting Oauth? Google FireEagle (Yahoo) Ma.gnolia Amazon Flickr Digg And more…
Q & A
Sources http://www.slideshare.net/daveman692/open-id-overview-seoul-july-2007 http://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange http://en.wikipedia.org/wiki/OpenID#History http://wiki.openid.net/ http://openid.net http://oauth.net http://journals.aol.com/panzerjohn/abstractioneer/entries/2007/09/21/oauth-your-valet-key-for-the-web/1550 http://oauth.net/core/diagram.png http://www.slideshare.net/leahculver/oauth-open-api-authentication http://www.slideshare.net/daveman692/open-platforms-in-web-20
Your Host Steve Ivy [email_address] Open Standards, Open Source Agitator http://redmonk.net/
 

More Related Content

PDF
OAuth2 and Spring Security
byOrest Ivasiv
 
PDF
Stateless Auth using OAuth2 & JWT
byGaurav Roy
 
PDF
OpenID and OAuth
byAndrea Chiodoni
 
KEY
OpenID vs OAuth - Identity on the Web
byRichard Metzler
 
PDF
JavaOne 2014 - Securing RESTful Resources with OAuth2
byRodrigo Cândido da Silva
 
PDF
Spring security oauth2
byaxykim00
 
PDF
ConFoo 2015 - Securing RESTful resources with OAuth2
byRodrigo Cândido da Silva
 
PDF
CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
byCloudIDSummit
 
OAuth2 and Spring Security
byOrest Ivasiv
 
Stateless Auth using OAuth2 & JWT
byGaurav Roy
 
OpenID and OAuth
byAndrea Chiodoni
 
OpenID vs OAuth - Identity on the Web
byRichard Metzler
 
JavaOne 2014 - Securing RESTful Resources with OAuth2
byRodrigo Cândido da Silva
 
Spring security oauth2
byaxykim00
 
ConFoo 2015 - Securing RESTful resources with OAuth2
byRodrigo Cândido da Silva
 
CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
byCloudIDSummit
 

What's hot

PPTX
Help! I Have An Identity Crisis: A look at various mechanisms of Single Sign On
bySaloni Shah
 
PDF
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin
byJava User Group Latvia
 
ODP
Mohanraj - Securing Your Web Api With OAuth
byfossmy
 
PPTX
An Authentication and Authorization Architecture for a Microservices World
byVMware Tanzu
 
PPTX
JWT Authentication with AngularJS
byrobertjd
 
PDF
What the Heck is OAuth and OpenID Connect - DOSUG 2018
byMatt Raible
 
PDF
Full stack security
byDPC Consulting Ltd
 
PDF
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
byAlvaro Sanchez-Mariscal
 
PDF
Json web token api authorization
byGiulio De Donato
 
PPTX
REST Service Authetication with TLS & JWTs
byJon Todd
 
PDF
Authentication and Authorization Architecture in the MEAN Stack
byFITC
 
PDF
Introduction to SAML 2.0
byMika Koivisto
 
PDF
Keycloak Single Sign-On
byRavi Yasas
 
PPTX
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
byBrian Campbell
 
PDF
Authentication: Cookies vs JWTs and why you’re doing it wrong
byDerek Perkins
 
PDF
OAuth2 and LinkedIn
byKamyar Mohager
 
PPTX
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
byAaron Parecki
 
PDF
2016 pycontw web api authentication
byMicron Technology
 
PDF
The Ultimate Guide to Mobile API Security
byStormpath
 
PPTX
Securing Single Page Applications with Token Based Authentication
byStefan Achtsnit
 
Help! I Have An Identity Crisis: A look at various mechanisms of Single Sign On
bySaloni Shah
 
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin
byJava User Group Latvia
 
Mohanraj - Securing Your Web Api With OAuth
byfossmy
 
An Authentication and Authorization Architecture for a Microservices World
byVMware Tanzu
 
JWT Authentication with AngularJS
byrobertjd
 
What the Heck is OAuth and OpenID Connect - DOSUG 2018
byMatt Raible
 
Full stack security
byDPC Consulting Ltd
 
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
byAlvaro Sanchez-Mariscal
 
Json web token api authorization
byGiulio De Donato
 
REST Service Authetication with TLS & JWTs
byJon Todd
 
Authentication and Authorization Architecture in the MEAN Stack
byFITC
 
Introduction to SAML 2.0
byMika Koivisto
 
Keycloak Single Sign-On
byRavi Yasas
 
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
byBrian Campbell
 
Authentication: Cookies vs JWTs and why you’re doing it wrong
byDerek Perkins
 
OAuth2 and LinkedIn
byKamyar Mohager
 
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
byAaron Parecki
 
2016 pycontw web api authentication
byMicron Technology
 
The Ultimate Guide to Mobile API Security
byStormpath
 
Securing Single Page Applications with Token Based Authentication
byStefan Achtsnit
 

Viewers also liked

PPTX
Api security
byteodorcotruta
 
PPTX
Introduction to OAuth 2.0 - the technology you need but never really learned
byMikkel Flindt Heisterberg
 
PPTX
Financial Grade OAuth & OpenID Connect
byNat Sakimura
 
PPTX
Mit 2014 introduction to open id connect and o-auth 2
byJustin Richer
 
PPTX
An Introduction to OAuth 2
byAaron Parecki
 
PDF
Implementing OAuth
byleahculver
 
PPTX
OAuth: The Next Big Thing in Security
byApigee | Google Cloud
 
PDF
OAuth for your API - The Big Picture
byApigee | Google Cloud
 
PDF
Open Standards in Identity Management
byPrabath Siriwardena
 
PDF
Introduction to OpenID Connect
byNat Sakimura
 
PDF
OAuth - Open API Authentication
byleahculver
 
PDF
Intro to API Security with Oauth 2.0
byFunctional Imperative
 
PDF
Securing your API Portfolio with API Management
byCA Technologies
 
PPT
Oreilly Preso Final
byHack the Hood
 
PDF
Building Tech Vision
byJosh Allen
 
PPTX
Online 101
byJosh Allen
 
PPTX
10 Reasons Why You Should Leverage Social Media in 2011
byE-Web Marketing
 
PDF
Content Repository, Versioning and Workspaces in TYPO3 Phoenix
byKarsten Dambekalns
 
PDF
Opensource Authentication and Authorization
byConFoo
 
PPTX
Radina the school
byRositsa Dimova
 
Api security
byteodorcotruta
 
Introduction to OAuth 2.0 - the technology you need but never really learned
byMikkel Flindt Heisterberg
 
Financial Grade OAuth & OpenID Connect
byNat Sakimura
 
Mit 2014 introduction to open id connect and o-auth 2
byJustin Richer
 
An Introduction to OAuth 2
byAaron Parecki
 
Implementing OAuth
byleahculver
 
OAuth: The Next Big Thing in Security
byApigee | Google Cloud
 
OAuth for your API - The Big Picture
byApigee | Google Cloud
 
Open Standards in Identity Management
byPrabath Siriwardena
 
Introduction to OpenID Connect
byNat Sakimura
 
OAuth - Open API Authentication
byleahculver
 
Intro to API Security with Oauth 2.0
byFunctional Imperative
 
Securing your API Portfolio with API Management
byCA Technologies
 
Oreilly Preso Final
byHack the Hood
 
Building Tech Vision
byJosh Allen
 
Online 101
byJosh Allen
 
10 Reasons Why You Should Leverage Social Media in 2011
byE-Web Marketing
 
Content Repository, Versioning and Workspaces in TYPO3 Phoenix
byKarsten Dambekalns
 
Opensource Authentication and Authorization
byConFoo
 
Radina the school
byRositsa Dimova
 

Similar to Openid & Oauth: An Introduction

PDF
Demystifying OAuth2 for PHP
bySWIFTotter Solutions
 
PPT
What is XAuth?
byStartup Product Academy, LLC
 
PPTX
OAuth
byAdi Challa
 
PDF
OAuth and OEmbed
byleahculver
 
PPTX
OAuth2 Presentaion
byBhargav Surimenu
 
PPTX
OAuth 2
byChrisWood262
 
PDF
Top X OAuth 2 Hacks
byAntonio Sanso
 
PPT
OAuth - Alex Bilbie
byEduserv
 
PPTX
Intro to OAuth2 and OpenID Connect
byLiamWadman
 
PDF
Introduction To Open Web Protocols
byMohan Krishnan
 
PPT
UserCentric Identity based Service Invocation
byguestd5dde6
 
ODP
Securing your Web API with OAuth
byMohan Krishnan
 
PDF
OAuth FTW
byChris Messina
 
PDF
How OAuth and portable data can revolutionize your web app - Chris Messina
byCarsonified Team
 
PDF
A How-to Guide to OAuth & API Security
byCA API Management
 
PDF
Flaws in Oauth 2.0 Can Oauth be used as a Security Server
byijtsrd
 
PPT
Open Id, O Auth And Webservices
byMyles Eftos
 
PDF
When and Why Would I use Oauth2?
byDave Syer
 
PDF
A technical insight into the concepts and terminologies behind oauth – an ope...
byeSAT Journals
 
PPTX
Maintest3
byMohan Kumar Tadikimalla
 
Demystifying OAuth2 for PHP
bySWIFTotter Solutions
 
What is XAuth?
byStartup Product Academy, LLC
 
OAuth
byAdi Challa
 
OAuth and OEmbed
byleahculver
 
OAuth2 Presentaion
byBhargav Surimenu
 
OAuth 2
byChrisWood262
 
Top X OAuth 2 Hacks
byAntonio Sanso
 
OAuth - Alex Bilbie
byEduserv
 
Intro to OAuth2 and OpenID Connect
byLiamWadman
 
Introduction To Open Web Protocols
byMohan Krishnan
 
UserCentric Identity based Service Invocation
byguestd5dde6
 
Securing your Web API with OAuth
byMohan Krishnan
 
OAuth FTW
byChris Messina
 
How OAuth and portable data can revolutionize your web app - Chris Messina
byCarsonified Team
 
A How-to Guide to OAuth & API Security
byCA API Management
 
Flaws in Oauth 2.0 Can Oauth be used as a Security Server
byijtsrd
 
Open Id, O Auth And Webservices
byMyles Eftos
 
When and Why Would I use Oauth2?
byDave Syer
 
A technical insight into the concepts and terminologies behind oauth – an ope...
byeSAT Journals
 
Maintest3
byMohan Kumar Tadikimalla
 

Recently uploaded

PDF
Automating ArcGIS Enterprise Compliance for Operational Excellence
bySafe Software
 
PPTX
Enhancing Web Security: Key Concepts & Strategies.pptx
byParham Abolghasemi
 
PPTX
Governance, Deployment & Methodologies for Agentic Automation [2/3]
bysuhanisingh58689
 
PPSX
AppSec Role Based Training OWASP Global AppSec USA 2025-11-06
byRobert Grupe, CSSLP CISSP PE PMP
 
PDF
Open Source SecurityCon 2025 in Atlanta - Transparency Exchange API: Where To...
byPavel Shukhman
 
PDF
Unveiling the Basics of Agentic AI - OSUG Mumbai
bythesubuiyer
 
PDF
WebXR in Android and Linux with OpenXR
byIgalia
 
PDF
Revolutionizing SQL Database Design for the Modern Era.pdf
bySQL DBM
 
PPTX
AI and Linux in 2025 - Jay LaCroix, Learn Linux TV
byAll Things Open
 
PDF
MathML Core in WebKit
byIgalia
 
PDF
Manage Files Using CLI - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
Career Blueprint: Mentor Tracks & Career Clinic - Part 2
byDianaGray10
 
PDF
Control Access to Files - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
Dr. Robert Krug - Specializes In Predictive Modeling
byDr. Robert Krug
 
PDF
Private Governance: How Decentralized Mechanisms Can Regulate the Crypto Economy
byFederico Ast
 
PDF
Install and Update Software - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
ENTSO-E's Response to the European Commission Call for Evidence on the Strate...
byReynir Orn Bachmann Gudmundsson
 
PDF
Create, View and Edit Text Files - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
Catalog Data - Keys to the Kingdom.pdf‎ ‎
byPrecisely
 
PPTX
Bulwark Pokemon League Top 8 graphic archive
byGc Howard
 
Automating ArcGIS Enterprise Compliance for Operational Excellence
bySafe Software
 
Enhancing Web Security: Key Concepts & Strategies.pptx
byParham Abolghasemi
 
Governance, Deployment & Methodologies for Agentic Automation [2/3]
bysuhanisingh58689
 
AppSec Role Based Training OWASP Global AppSec USA 2025-11-06
byRobert Grupe, CSSLP CISSP PE PMP
 
Open Source SecurityCon 2025 in Atlanta - Transparency Exchange API: Where To...
byPavel Shukhman
 
Unveiling the Basics of Agentic AI - OSUG Mumbai
bythesubuiyer
 
WebXR in Android and Linux with OpenXR
byIgalia
 
Revolutionizing SQL Database Design for the Modern Era.pdf
bySQL DBM
 
AI and Linux in 2025 - Jay LaCroix, Learn Linux TV
byAll Things Open
 
MathML Core in WebKit
byIgalia
 
Manage Files Using CLI - RHCSA (RH124).pdf
byLinuxCert Guru
 
Career Blueprint: Mentor Tracks & Career Clinic - Part 2
byDianaGray10
 
Control Access to Files - RHCSA (RH124).pdf
byLinuxCert Guru
 
Dr. Robert Krug - Specializes In Predictive Modeling
byDr. Robert Krug
 
Private Governance: How Decentralized Mechanisms Can Regulate the Crypto Economy
byFederico Ast
 
Install and Update Software - RHCSA (RH124).pdf
byLinuxCert Guru
 
ENTSO-E's Response to the European Commission Call for Evidence on the Strate...
byReynir Orn Bachmann Gudmundsson
 
Create, View and Edit Text Files - RHCSA (RH124).pdf
byLinuxCert Guru
 
Catalog Data - Keys to the Kingdom.pdf‎ ‎
byPrecisely
 
Bulwark Pokemon League Top 8 graphic archive
byGc Howard
 

Openid & Oauth: An Introduction

  • 1.
    OpenID & OauthOpen Standards for Authentication and Authorization (An introduction)
  • 2.
    The Open WebUnencumbered, Cross-Platform Standards Open Source / Free Software Implementations No Single-Vendor &quot;Lock-In” Distributed Extensibility http://developer.mozilla.org/presentations/sxsw2007/the_open_web/
  • 3.
    OpenID is… LightweightDistributed User-Centric (not Site-Centric)
  • 4.
    OpenID is also…Built on web standards DNS/HTTP/SSL Diffie-Hellman (PKI)
  • 5.
    History 2005: Developedby Brad Fitzpatrick, Creator of LiveJournal 2006: Delegation, XRI support, extensions: OpenID 2.0 2007: OpenID Foundation 2008: More than 13,000 Consuming Sites http://en.wikipedia.org/wiki/OpenID#History
  • 6.
  • 7.
    A Solution For…Maintaining Usernames Password Overload (insecurity) Site-centric Identity
  • 8.
    Basics An OpenIDis a URL http://redmonk.net Provider http://myopenid.com Relying Parties Delegation http://redmonk.myopenid.com
  • 9.
  • 10.
    DEMO LiveJournal UserMa.gnolia One-Time Authentication Persistent Authentication
  • 11.
    The “Open” inOpenID Delegation support is required <link rel=“openid.delegate” /> Multiple accounts, multiple Providers No Lock-in
  • 12.
  • 13.
    Oauth is… “OAuth is like a valet key for all your web services .  A valet key lets you give a valet the ability to park your car, but not the ability to get into the trunk or drive more than 2 miles or redline the RPMs on your high end German automobile.  In the same way, an OAuth key lets you give a web agent the ability to check your web mail but NOT the ability to pretend to be you and send mail to everybody in your address book.” http://journals.aol.com/panzerjohn/abstractioneer/entries/2007/09/21/oauth-your-valet-key-for-the-web/1550
  • 14.
    Authentication Similar to:AuthSub (Google) BBAuth (Yahoo) Flickr Auth OpenAuth (AOL)
  • 15.
    API Level ApplicationTo Application “ Agency”
  • 16.
    Basics User ServiceProvider Consumer Protected Resources Tokens http://oauth.net/documentation/getting-started
  • 17.
    The Dance (Conversation)(Developed from: http:// oauth.net/core/diagram.png )
  • 18.
    Who’s Supporting Oauth?Google FireEagle (Yahoo) Ma.gnolia Amazon Flickr Digg And more…
  • 19.
  • 20.
    Sources http://www.slideshare.net/daveman692/open-id-overview-seoul-july-2007 http://en.wikipedia.org/wiki/Diffie-Hellman_key_exchangehttp://en.wikipedia.org/wiki/OpenID#History http://wiki.openid.net/ http://openid.net http://oauth.net http://journals.aol.com/panzerjohn/abstractioneer/entries/2007/09/21/oauth-your-valet-key-for-the-web/1550 http://oauth.net/core/diagram.png http://www.slideshare.net/leahculver/oauth-open-api-authentication http://www.slideshare.net/daveman692/open-platforms-in-web-20
  • 21.
    Your Host SteveIvy [email_address] Open Standards, Open Source Agitator http://redmonk.net/
  • 22.