SlideShare une entreprise Scribd logo

Saadhvi Summit - oAuth Standards

N
Nirmal Kumar

OAuth is an open standard that allows users to authorize third party applications to access private resources like photos, videos and contacts stored on another site without sharing the user's credentials. It provides a secure way for applications to obtain limited access to a user's account on another site without needing to know the user's password.

Technologie
1  sur  21
Télécharger pour lire hors ligne
OAuth 2.0 Open Protocol Standard for Authorization Saadhvi Summit Nirmal Kumar Date : 2 April 2012 - 4:00 PM IST
OAuth - Overview OAuth is an open standard for authorization. It allows users to share their private resources (e.g. photos, videos, contact lists) stored on one site with another site without having to hand out their credentials, typically supplying username and password tokens instead.  
Need for Authorization Standard            
Secure Way to Access User Resources ?     Is there a secure way to access your Flickr Photos and Albums by some external application say example Wordpress where you already have an account with wordpress ?.   Access user resources (photos, albums etc)
Secure Way to Access User Resources ?   Is there secure way to access your Gmail Addressbook or Contact List by some external application say Facebook where are you already own an account in facebook?     Access user contacts from Gmail Account    
Should i expose my Credentials? Access user contacts from Gmail Account should i need to expose Gmail Account Credentials to facebook? should i need to expose Flickr Account Credentials to facebook? Access user resources (photos, albums etc)
User Credentials Compromise  
User Credentials Compromise   1. Applications cannot be Trusted   2. User password might be misused to access other information in that account   3. User might use the same password for a variety application and this will create a security threat   4. Changing password will not be reflected in the trusted applications  
What OAuth Standard Provides             A way for an Application to interact with a service on users behalf without requiring user account credentials.        
The Car Valet Parking             Regular Key : Car Owner - Full Access - Provides necessary access to a valet through Valet Key - Can able to Revoke the Access in time of threats   Valet Key : Valet - Limited Access - Cannot change anything without authorization of the resource owner.  
How this works ? Authorizes Owns API Client Application++ API Provider Services User Resources Accesses
How this works ?   Import Contacts from your Google Account
Sample Twitter - Authorize             Revoke Access to Applications at any time.  
How this works ? Client Application sends Authorization Request to the API Service Provider with the ClientId Key and Secret   User will be redirected with a Prompt " Authorize Application X to access your Account ". User can either Authorize and Reject   User will be redirected to the Client Application if they authorized with a Authentication Code in the Url.   API Client Web Application can use this Authentication Code and Send a Request to the API Server to provide a Token.   Client Application uses that Token to access the Authorized data from the users account.
How this works ?
OAuth Benefits   1. Can be integrated in Web, Mobile and Other Home Devices 2. No more Password or User Credentials sharing with other Applications -> So no hassles for the user in terms of security 3. Developers just need to implement a redirect and a POST request -> Flexible for developers 4. Users can revokeaccess tokens for specific clients at any time 5. Nefarious clients can have their credentials revoked and all associated access tokens destroyed immediately    
List of OAuth Service Providersw this works ? Facebook OAuth 2.0 Foursquare OAuth 2.0 github OAuth 2.0 Google OAuth 2.0 Microsoft (Hotmail, Messenger, Xbox) OAuth 2.0 LinkedIn 2.0 MySpace OAuth 1.0a Netflix OAuth 1.0a StatusNet OAuth 1.0a Twitter OAuth 1.0a Vimeo OAuth 1.0a Yahoo! OAuth 1.0a
References   - http://en.wikipedia.org/wiki/OAuth#OAuth_2.0 - http://oauth.net/ - http://oauth.net/documentation/getting-started/ - https://code.google.com/apis/console/ - http://hueniverse.com/oauth/guide/workflow/ - https://developers.google.com/accounts/docs/OAuth2  
Demo Access Google Tasks from Tracksheet  
Questions ?  
Thank You..   Contact   Saadhvi Summit Nirmal Kumar   @nirmal_kumar

Recommandé

Introduction to OAuth2
Introduction to OAuth2 Introduction to OAuth2
Introduction to OAuth2 Sean Whitesell
 
Oauth 2.0
Oauth 2.0Oauth 2.0
Oauth 2.0Manish Kumar Singh
 
Linkedin & OAuth
Linkedin & OAuthLinkedin & OAuth
Linkedin & OAuthUmang Goyal
 
Silicon Valley Code Camp 2009: OAuth: What, Why and How
Silicon Valley Code Camp 2009: OAuth: What, Why and HowSilicon Valley Code Camp 2009: OAuth: What, Why and How
Silicon Valley Code Camp 2009: OAuth: What, Why and HowManish Pandit
 
OAuth in the new .NET world (OWIN)
OAuth in the new .NET world (OWIN)OAuth in the new .NET world (OWIN)
OAuth in the new .NET world (OWIN)Emad Alashi
 
LinkedIn OAuth: Zero To Hero
LinkedIn OAuth: Zero To HeroLinkedIn OAuth: Zero To Hero
LinkedIn OAuth: Zero To HeroTaylor Singletary
 
OAuth2 and LinkedIn
OAuth2 and LinkedInOAuth2 and LinkedIn
OAuth2 and LinkedInKamyar Mohager
 
OAuth - Alex Bilbie
OAuth - Alex BilbieOAuth - Alex Bilbie
OAuth - Alex BilbieEduserv
 

Recommandé

Introduction to OAuth2
Introduction to OAuth2 Introduction to OAuth2
Introduction to OAuth2 Sean Whitesell
 
Oauth 2.0
Oauth 2.0Oauth 2.0
Oauth 2.0Manish Kumar Singh
 
Linkedin & OAuth
Linkedin & OAuthLinkedin & OAuth
Linkedin & OAuthUmang Goyal
 
Silicon Valley Code Camp 2009: OAuth: What, Why and How
Silicon Valley Code Camp 2009: OAuth: What, Why and HowSilicon Valley Code Camp 2009: OAuth: What, Why and How
Silicon Valley Code Camp 2009: OAuth: What, Why and HowManish Pandit
 
OAuth in the new .NET world (OWIN)
OAuth in the new .NET world (OWIN)OAuth in the new .NET world (OWIN)
OAuth in the new .NET world (OWIN)Emad Alashi
 
LinkedIn OAuth: Zero To Hero
LinkedIn OAuth: Zero To HeroLinkedIn OAuth: Zero To Hero
LinkedIn OAuth: Zero To HeroTaylor Singletary
 
OAuth2 and LinkedIn
OAuth2 and LinkedInOAuth2 and LinkedIn
OAuth2 and LinkedInKamyar Mohager
 
OAuth - Alex Bilbie
OAuth - Alex BilbieOAuth - Alex Bilbie
OAuth - Alex BilbieEduserv
 
The State of OAuth2
The State of OAuth2The State of OAuth2
The State of OAuth2Aaron Parecki
 
A simple PHP LinkedIn OAuth 2.0 example
A simple PHP LinkedIn OAuth 2.0 exampleA simple PHP LinkedIn OAuth 2.0 example
A simple PHP LinkedIn OAuth 2.0 exampleMattia Reggiani
 
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013Aaron Parecki
 
Oauth2.0
Oauth2.0Oauth2.0
Oauth2.0Yasmine Gaber
 
OAuth 2
OAuth 2OAuth 2
OAuth 2ChrisWood262
 
Maintest
MaintestMaintest
MaintestMohan Kumar Tadikimalla
 
RESTful Day 5
RESTful Day 5RESTful Day 5
RESTful Day 5Akhil Mittal
 
OAuth big picture
OAuth big pictureOAuth big picture
OAuth big pictureMin Li
 
Is authorization always needed for sms messages in ringcentral-api
Is authorization always needed for sms messages in ringcentral-apiIs authorization always needed for sms messages in ringcentral-api
Is authorization always needed for sms messages in ringcentral-apiAnirban Sen Chowdhary
 
OAuth
OAuthOAuth
OAuthMohan Kumar Tadikimalla
 
Spring4 security oauth2
Spring4 security oauth2Spring4 security oauth2
Spring4 security oauth2Sang Shin
 
MainFinalOAuth
MainFinalOAuthMainFinalOAuth
MainFinalOAuthMohan Kumar Tadikimalla
 
Maintest3
Maintest3Maintest3
Maintest3Mohan Kumar Tadikimalla
 
A How-to Guide to OAuth & API Security
A How-to Guide to OAuth & API SecurityA How-to Guide to OAuth & API Security
A How-to Guide to OAuth & API SecurityCA API Management
 
Intro to API Security with Oauth 2.0
Intro to API Security with Oauth 2.0Intro to API Security with Oauth 2.0
Intro to API Security with Oauth 2.0Functional Imperative
 
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...Brian Campbell
 
OAuth OpenID Connect
OAuth OpenID ConnectOAuth OpenID Connect
OAuth OpenID ConnectLéopold Gault
 
Maintest2
Maintest2Maintest2
Maintest2Mohan Kumar Tadikimalla
 
OAuth 2.0
OAuth 2.0OAuth 2.0
OAuth 2.0Alex Bilbie
 
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...Good Dog Labs, Inc.
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTGaurav Roy
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTMobiliya
 

Contenu connexe

Tendances

A simple PHP LinkedIn OAuth 2.0 example
A simple PHP LinkedIn OAuth 2.0 exampleA simple PHP LinkedIn OAuth 2.0 example
A simple PHP LinkedIn OAuth 2.0 exampleMattia Reggiani
 
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013Aaron Parecki
 
OAuth big picture
OAuth big pictureOAuth big picture
OAuth big pictureMin Li
 
Is authorization always needed for sms messages in ringcentral-api
Is authorization always needed for sms messages in ringcentral-apiIs authorization always needed for sms messages in ringcentral-api
Is authorization always needed for sms messages in ringcentral-apiAnirban Sen Chowdhary
 
Spring4 security oauth2
Spring4 security oauth2Spring4 security oauth2
Spring4 security oauth2Sang Shin
 
A How-to Guide to OAuth & API Security
A How-to Guide to OAuth & API SecurityA How-to Guide to OAuth & API Security
A How-to Guide to OAuth & API SecurityCA API Management
 
Intro to API Security with Oauth 2.0
Intro to API Security with Oauth 2.0Intro to API Security with Oauth 2.0
Intro to API Security with Oauth 2.0Functional Imperative
 
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...Brian Campbell
 
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...Good Dog Labs, Inc.
 

Tendances (20)

The State of OAuth2
The State of OAuth2The State of OAuth2
The State of OAuth2
 
A simple PHP LinkedIn OAuth 2.0 example
A simple PHP LinkedIn OAuth 2.0 exampleA simple PHP LinkedIn OAuth 2.0 example
A simple PHP LinkedIn OAuth 2.0 example
 
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
 
Oauth2.0
Oauth2.0Oauth2.0
Oauth2.0
 
OAuth 2
OAuth 2OAuth 2
OAuth 2
 
Maintest
MaintestMaintest
Maintest
 
RESTful Day 5
RESTful Day 5RESTful Day 5
RESTful Day 5
 
OAuth big picture
OAuth big pictureOAuth big picture
OAuth big picture
 
Is authorization always needed for sms messages in ringcentral-api
Is authorization always needed for sms messages in ringcentral-apiIs authorization always needed for sms messages in ringcentral-api
Is authorization always needed for sms messages in ringcentral-api
 
OAuth
OAuthOAuth
OAuth
 
Spring4 security oauth2
Spring4 security oauth2Spring4 security oauth2
Spring4 security oauth2
 
MainFinalOAuth
MainFinalOAuthMainFinalOAuth
MainFinalOAuth
 
Maintest3
Maintest3Maintest3
Maintest3
 
A How-to Guide to OAuth & API Security
A How-to Guide to OAuth & API SecurityA How-to Guide to OAuth & API Security
A How-to Guide to OAuth & API Security
 
Intro to API Security with Oauth 2.0
Intro to API Security with Oauth 2.0Intro to API Security with Oauth 2.0
Intro to API Security with Oauth 2.0
 
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
 
OAuth OpenID Connect
OAuth OpenID ConnectOAuth OpenID Connect
OAuth OpenID Connect
 
Maintest2
Maintest2Maintest2
Maintest2
 
OAuth 2.0
OAuth 2.0OAuth 2.0
OAuth 2.0
 
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
 

Similaire à Saadhvi Summit - oAuth Standards

Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTGaurav Roy
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTMobiliya
 
Oauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportOauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportGaurav Sharma
 
APIdays Paris 2018 - Learning the OAuth Dance (Without Stepping on Anyone's T...
APIdays Paris 2018 - Learning the OAuth Dance (Without Stepping on Anyone's T...APIdays Paris 2018 - Learning the OAuth Dance (Without Stepping on Anyone's T...
APIdays Paris 2018 - Learning the OAuth Dance (Without Stepping on Anyone's T...apidays
 
Securing your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID ConnectSecuring your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID ConnectManish Pandit
 
Intro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectIntro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectLiamWadman
 
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)gemziebeth
 
1000 ways to die in mobile oauth
1000 ways to die in mobile oauth1000 ways to die in mobile oauth
1000 ways to die in mobile oauthPriyanka Aash
 
OAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedOAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedCalvin Noronha
 
Implementing open authentication_in_your_app
Implementing open authentication_in_your_appImplementing open authentication_in_your_app
Implementing open authentication_in_your_appNuhil Mehdy
 

Similaire à Saadhvi Summit - oAuth Standards (20)

Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWT
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWT
 
O auth2.0 20141003
O auth2.0 20141003O auth2.0 20141003
O auth2.0 20141003
 
Oauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportOauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 support
 
OAuth
OAuthOAuth
OAuth
 
OAuth in the Wild
OAuth in the WildOAuth in the Wild
OAuth in the Wild
 
Introduction to OAuth2.0
Introduction to OAuth2.0Introduction to OAuth2.0
Introduction to OAuth2.0
 
APIdays Paris 2018 - Learning the OAuth Dance (Without Stepping on Anyone's T...
APIdays Paris 2018 - Learning the OAuth Dance (Without Stepping on Anyone's T...APIdays Paris 2018 - Learning the OAuth Dance (Without Stepping on Anyone's T...
APIdays Paris 2018 - Learning the OAuth Dance (Without Stepping on Anyone's T...
 
Securing your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID ConnectSecuring your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID Connect
 
Intro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectIntro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID Connect
 
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
 
OAuth2 primer
OAuth2 primerOAuth2 primer
OAuth2 primer
 
Introduction to OAuth2
Introduction to OAuth2Introduction to OAuth2
Introduction to OAuth2
 
Authentication and single sign on (sso)
Authentication and single sign on (sso)Authentication and single sign on (sso)
Authentication and single sign on (sso)
 
OAuth
OAuthOAuth
OAuth
 
1000 ways to die in mobile oauth
1000 ways to die in mobile oauth1000 ways to die in mobile oauth
1000 ways to die in mobile oauth
 
OAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedOAuth with Salesforce - Demystified
OAuth with Salesforce - Demystified
 
Implementing open authentication_in_your_app
Implementing open authentication_in_your_appImplementing open authentication_in_your_app
Implementing open authentication_in_your_app
 
Id fiware upm-dit
Id fiware upm-ditId fiware upm-dit
Id fiware upm-dit
 
REST API Authentication Methods.pdf
REST API Authentication Methods.pdfREST API Authentication Methods.pdf
REST API Authentication Methods.pdf
 

Dernier

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 

Dernier (20)

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 

Saadhvi Summit - oAuth Standards

  • 1. OAuth 2.0 Open Protocol Standard for Authorization Saadhvi Summit Nirmal Kumar Date : 2 April 2012 - 4:00 PM IST
  • 2. OAuth - Overview OAuth is an open standard for authorization. It allows users to share their private resources (e.g. photos, videos, contact lists) stored on one site with another site without having to hand out their credentials, typically supplying username and password tokens instead.  
  • 3. Need for Authorization Standard            
  • 4. Secure Way to Access User Resources ?     Is there a secure way to access your Flickr Photos and Albums by some external application say example Wordpress where you already have an account with wordpress ?.   Access user resources (photos, albums etc)
  • 5. Secure Way to Access User Resources ?   Is there secure way to access your Gmail Addressbook or Contact List by some external application say Facebook where are you already own an account in facebook?     Access user contacts from Gmail Account    
  • 6. Should i expose my Credentials? Access user contacts from Gmail Account should i need to expose Gmail Account Credentials to facebook? should i need to expose Flickr Account Credentials to facebook? Access user resources (photos, albums etc)
  • 8. User Credentials Compromise   1. Applications cannot be Trusted   2. User password might be misused to access other information in that account   3. User might use the same password for a variety application and this will create a security threat   4. Changing password will not be reflected in the trusted applications  
  • 9. What OAuth Standard Provides             A way for an Application to interact with a service on users behalf without requiring user account credentials.        
  • 10. The Car Valet Parking             Regular Key : Car Owner - Full Access - Provides necessary access to a valet through Valet Key - Can able to Revoke the Access in time of threats   Valet Key : Valet - Limited Access - Cannot change anything without authorization of the resource owner.  
  • 11. How this works ? Authorizes Owns API Client Application++ API Provider Services User Resources Accesses
  • 12. How this works ?   Import Contacts from your Google Account
  • 13. Sample Twitter - Authorize             Revoke Access to Applications at any time.  
  • 14. How this works ? Client Application sends Authorization Request to the API Service Provider with the ClientId Key and Secret   User will be redirected with a Prompt " Authorize Application X to access your Account ". User can either Authorize and Reject   User will be redirected to the Client Application if they authorized with a Authentication Code in the Url.   API Client Web Application can use this Authentication Code and Send a Request to the API Server to provide a Token.   Client Application uses that Token to access the Authorized data from the users account.
  • 16. OAuth Benefits   1. Can be integrated in Web, Mobile and Other Home Devices 2. No more Password or User Credentials sharing with other Applications -> So no hassles for the user in terms of security 3. Developers just need to implement a redirect and a POST request -> Flexible for developers 4. Users can revokeaccess tokens for specific clients at any time 5. Nefarious clients can have their credentials revoked and all associated access tokens destroyed immediately    
  • 17. List of OAuth Service Providersw this works ? Facebook OAuth 2.0 Foursquare OAuth 2.0 github OAuth 2.0 Google OAuth 2.0 Microsoft (Hotmail, Messenger, Xbox) OAuth 2.0 LinkedIn 2.0 MySpace OAuth 1.0a Netflix OAuth 1.0a StatusNet OAuth 1.0a Twitter OAuth 1.0a Vimeo OAuth 1.0a Yahoo! OAuth 1.0a
  • 18. References   - http://en.wikipedia.org/wiki/OAuth#OAuth_2.0 - http://oauth.net/ - http://oauth.net/documentation/getting-started/ - https://code.google.com/apis/console/ - http://hueniverse.com/oauth/guide/workflow/ - https://developers.google.com/accounts/docs/OAuth2  
  • 19. Demo Access Google Tasks from Tracksheet  
  • 21. Thank You..   Contact   Saadhvi Summit Nirmal Kumar   @nirmal_kumar