SlideShare a Scribd company logo

CIS13: So, You Want to Be a Relying Party: Federated Login with Google Identity Toolkit and Google+ Sign-In

CloudIDSummit
CloudIDSummit

Adam Dawes, Product Manager, Google Jonathan Beri, Developer Advocate, Google There’s never been a better time to become a relying party, and Google offers two tools to help developers do just that. Google Identity Toolkit makes it easy for a site to outsource its authentication system (including password login) and become a relying party to the most popular identity providers. Google+ Sign-In can create more engaging experiences in your app and drive more usage across devices.

TechnologyBusiness
1 of 42
Download to read offline
Google Confidential and Proprietary So you want to be a Relying Party: Google Identity Toolkit v3 Adam Dawes July 9, 2013 http://goo.gl/8pA1v
Google Confidential and Proprietary Google Identity Toolkit ● Challenges to getting out of the password business ● GITKit v3 Overview and UX walkthrough ● GITKit v3 Deployment ● What's coming
Google Confidential and Proprietary Challenge #1: I don't know how to get rid of my password db
Google Confidential and Proprietary Challenge #2: I need a complete solution for both passwords and IDPs
Google Confidential and Proprietary Challenge #3: I don't know how to 'slow roll' conversion to IDP sign-in
Google Confidential and Proprietary Challenge #4: I'm afraid NASCAR UX will confuse users
Google Confidential and Proprietary GITKit v3 Key Features ● Migrate passwords to hosted authentication service ● Single integration point for multiple email IDPs and passwords ● Fine-grained controls for password to IDP conversion ● Streamlined login and new account UX without NASCAR ● Account management widgets ● Detection of security event in multi-session scenarios
Google Confidential and Proprietary GITKit provides a complete auth solution across passwords and multiple IDPs Auth Engine Password Store GITKit ID Token Legacy passwords GITKit APIs Login GITKit
Google Confidential and Proprietary GITKit v3 UX Walkthrough: Password Login
Google Confidential and Proprietary Account Chooser ● Addresses the NASCAR problem by initiating login with an “account hint” ● Privacy-preserving HTML5 app with all accounts stored locally
Google Confidential and Proprietary GITKit v3 UX Walkthrough: Password Sign Up
Google Confidential and Proprietary GITKit v3 UX Walkthrough: Password to IDP Account Conversion
Google Confidential and Proprietary Incrementally roll out IDP support to password users Configure and roll out usage of selected IDPs
Google Confidential and Proprietary GITKit v3 UX Walkthrough: IDP Sign Up
1) Sign-in button 2) Account Chooser 3) Password Entry/ Sign-up widgets 2Aii 2Ai, 2Aiii 2B password db 5) GITKit Service 5A 5B Auth Engine 4) IDP Auth 6) Post-login account chip 3A, 3C 3B 2Aiv 3D
Google Confidential and Proprietary GITKit v3 UX Walkthrough: Account Management Widget
Google Confidential and Proprietary GITKit Deployment - Overview 1. Register at the Google Developer Console 2. Modify your session management 3. Provide 4 endpoints: Callback, Home, Signout, and Lost-password a. Home and Sign-out are easy. b. Callback is just a one-line branch to GITKit handler code. c. Lost-password is hard. 4. Customize the GITKit UI 5. Migrate your users and accounts
Google Confidential and Proprietary GITKit Session Management - Basic ● You have to retrieve & validate the GITKit cookie; easy with a JWT library. ● When your session is invalid, check the GITKit cookie and if it's valid, load up a new session from it. ● If you notice it's a new user, use GITKit APIs to retrieve whatever information GITKit has on that user.
Google Confidential and Proprietary GITKit Session Management - Advanced You can use GITKit to check if a multiply-logged-in user has changed their password in another session. 1. Maintain a global per-user last-password-change timestamp. 2. Whenever the GITKit cookie changes, retrieve last-password- change and update the timestamp. Also, extract and remember the timestamp of the cookie itself. 3. For each transaction, check the GITKit cookie timestamp against the last-password-change timestamp. If it’s earlier, end the session, delete the GITKit cookie, and force re-authorization.
Google Confidential and Proprietary Advanced Topics - Lost Password Handling GITKit provides a CAPTCHA-protected password-change module. But it requires significant work from you. 1. Register a “Service Account” for your app in the Developer Console. 2. When you get the lost-password notification, use the Service- Account flow to get an offline-access token for GITKit. 3. Use the token to retrieve a one-time code. 4. Email a special callback URL including the code to the user; when they click it, the flow will complete.
Google Confidential and Proprietary What's coming for GITKit ● Non-email IDPs starting with Google+ Sign-in ● Support for IDPs that offer additional scopes and web widgets that use them ● Native library support for Android and iOS including interoperability with libraries from other IDPs
Google Confidential and Proprietary Questions? Thanks! Documentation Google Search: 'Google Identity Toolkit' Demo favcolor.net/gat Trusted Tester Sign-up goo.gl/U3w3f This deck goo.gl/8pA1v

Recommended

Cis14 google's account chooser
Cis14 google's account chooserCis14 google's account chooser
Cis14 google's account chooserCloudIDSummit
 
CIS14: Google's Identity Toolkit
CIS14: Google's Identity ToolkitCIS14: Google's Identity Toolkit
CIS14: Google's Identity ToolkitCloudIDSummit
 
Federated and fabulous identity
Federated and fabulous identityFederated and fabulous identity
Federated and fabulous identityAndre N. Klingsheim
 
AdWords API and OAuth 2.0
AdWords API and OAuth 2.0AdWords API and OAuth 2.0
AdWords API and OAuth 2.0marcwan
 
OAuth 2.0
OAuth 2.0 OAuth 2.0
OAuth 2.0 marcwan
 
Google auth dispelling the magic
Google auth dispelling the magicGoogle auth dispelling the magic
Google auth dispelling the magicZaar Hai
 
Google auth - dispelling the magic
Google auth - dispelling the magicGoogle auth - dispelling the magic
Google auth - dispelling the magicZaar Hai
 
[Webinar] WSO2 API Microgateway with Okta as Key Manager
[Webinar] WSO2 API Microgateway with Okta as Key Manager[Webinar] WSO2 API Microgateway with Okta as Key Manager
[Webinar] WSO2 API Microgateway with Okta as Key ManagerWSO2
 

Recommended

Cis14 google's account chooser
Cis14 google's account chooserCis14 google's account chooser
Cis14 google's account chooserCloudIDSummit
 
CIS14: Google's Identity Toolkit
CIS14: Google's Identity ToolkitCIS14: Google's Identity Toolkit
CIS14: Google's Identity ToolkitCloudIDSummit
 
Federated and fabulous identity
Federated and fabulous identityFederated and fabulous identity
Federated and fabulous identityAndre N. Klingsheim
 
AdWords API and OAuth 2.0
AdWords API and OAuth 2.0AdWords API and OAuth 2.0
AdWords API and OAuth 2.0marcwan
 
OAuth 2.0
OAuth 2.0 OAuth 2.0
OAuth 2.0 marcwan
 
Google auth dispelling the magic
Google auth dispelling the magicGoogle auth dispelling the magic
Google auth dispelling the magicZaar Hai
 
Google auth - dispelling the magic
Google auth - dispelling the magicGoogle auth - dispelling the magic
Google auth - dispelling the magicZaar Hai
 
[Webinar] WSO2 API Microgateway with Okta as Key Manager
[Webinar] WSO2 API Microgateway with Okta as Key Manager[Webinar] WSO2 API Microgateway with Okta as Key Manager
[Webinar] WSO2 API Microgateway with Okta as Key ManagerWSO2
 
Azure AD B2C Webinar Series: Custom Policies Part 2 Policy Walkthrough
Azure AD B2C Webinar Series: Custom Policies Part 2 Policy WalkthroughAzure AD B2C Webinar Series: Custom Policies Part 2 Policy Walkthrough
Azure AD B2C Webinar Series: Custom Policies Part 2 Policy WalkthroughVinu Gunasekaran
 
Normalization of Security Key User Experience
Normalization of Security Key User ExperienceNormalization of Security Key User Experience
Normalization of Security Key User ExperienceFIDO Alliance
 
Securing a Web App with Security Keys
Securing a Web App with Security KeysSecuring a Web App with Security Keys
Securing a Web App with Security KeysFIDO Alliance
 
The Whys and Hows of Deploying a Secure RPA Solution
The Whys and Hows of Deploying a Secure RPA SolutionThe Whys and Hows of Deploying a Secure RPA Solution
The Whys and Hows of Deploying a Secure RPA SolutionOption3
 
Monitorando APIs com Application Insights
Monitorando APIs com Application InsightsMonitorando APIs com Application Insights
Monitorando APIs com Application InsightsGustavo Bellini Bigardi
 
Securing a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationSecuring a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationFIDO Alliance
 
Troubles with Large Identity Providers.pptx
Troubles with Large Identity Providers.pptxTroubles with Large Identity Providers.pptx
Troubles with Large Identity Providers.pptxYury Leonychev
 
Webinar: End to End Security & Operations with Chainguard and Weave GitOps
Webinar: End to End Security & Operations with Chainguard and Weave GitOpsWebinar: End to End Security & Operations with Chainguard and Weave GitOps
Webinar: End to End Security & Operations with Chainguard and Weave GitOpsWeaveworks
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Systems, Inc.
 
Scottish Summit 2022 - Microsoft Information Protection de-mystified
Scottish Summit 2022 - Microsoft Information Protection de-mystifiedScottish Summit 2022 - Microsoft Information Protection de-mystified
Scottish Summit 2022 - Microsoft Information Protection de-mystifiedAlbert Hoitingh
 
Expert Tips and Techniques for Using Google Tag Manager
Expert Tips and Techniques for Using Google Tag ManagerExpert Tips and Techniques for Using Google Tag Manager
Expert Tips and Techniques for Using Google Tag ManagerOWOX BI
 
Killing Passwords with JavaScript
Killing Passwords with JavaScriptKilling Passwords with JavaScript
Killing Passwords with JavaScriptFrancois Marier
 
Python Development - V2STech Corporate presentation
Python Development - V2STech Corporate presentationPython Development - V2STech Corporate presentation
Python Development - V2STech Corporate presentationV2STech Solutions Private limited
 
A Big (Query) Frog in a Small Pond, Jakub Motyl, BuffPanel
A Big (Query) Frog in a Small Pond, Jakub Motyl, BuffPanelA Big (Query) Frog in a Small Pond, Jakub Motyl, BuffPanel
A Big (Query) Frog in a Small Pond, Jakub Motyl, BuffPanelData Science Club
 
Most Advanced GTM Deployment. Ever!
Most Advanced GTM Deployment. Ever!Most Advanced GTM Deployment. Ever!
Most Advanced GTM Deployment. Ever!Phil Pearce
 
Presenting Data – An Alternative to the View Control
Presenting Data – An Alternative to the View ControlPresenting Data – An Alternative to the View Control
Presenting Data – An Alternative to the View ControlTeamstudio
 
2013.devcon3 liferay and google authenticator integration rafik_harabi
2013.devcon3 liferay and google authenticator integration rafik_harabi2013.devcon3 liferay and google authenticator integration rafik_harabi
2013.devcon3 liferay and google authenticator integration rafik_harabiRafik HARABI
 
The Many Flavors of OAuth - Understand Everything About OAuth2
The Many Flavors of OAuth - Understand Everything About OAuth2The Many Flavors of OAuth - Understand Everything About OAuth2
The Many Flavors of OAuth - Understand Everything About OAuth2Khor SoonHin
 
QuickBooks
QuickBooksQuickBooks
QuickBooksAmritanshu Sawarn
 
Cost-Effective Two-Factor Authentication
Cost-Effective Two-Factor AuthenticationCost-Effective Two-Factor Authentication
Cost-Effective Two-Factor AuthenticationWaihon Yew
 
CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content HighlightsCloudIDSummit
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016CloudIDSummit
 

More Related Content

Similar to CIS13: So, You Want to Be a Relying Party: Federated Login with Google Identity Toolkit and Google+ Sign-In

Azure AD B2C Webinar Series: Custom Policies Part 2 Policy Walkthrough
Azure AD B2C Webinar Series: Custom Policies Part 2 Policy WalkthroughAzure AD B2C Webinar Series: Custom Policies Part 2 Policy Walkthrough
Azure AD B2C Webinar Series: Custom Policies Part 2 Policy WalkthroughVinu Gunasekaran
 
Normalization of Security Key User Experience
Normalization of Security Key User ExperienceNormalization of Security Key User Experience
Normalization of Security Key User ExperienceFIDO Alliance
 
Securing a Web App with Security Keys
Securing a Web App with Security KeysSecuring a Web App with Security Keys
Securing a Web App with Security KeysFIDO Alliance
 
The Whys and Hows of Deploying a Secure RPA Solution
The Whys and Hows of Deploying a Secure RPA SolutionThe Whys and Hows of Deploying a Secure RPA Solution
The Whys and Hows of Deploying a Secure RPA SolutionOption3
 
Monitorando APIs com Application Insights
Monitorando APIs com Application InsightsMonitorando APIs com Application Insights
Monitorando APIs com Application InsightsGustavo Bellini Bigardi
 
Securing a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationSecuring a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationFIDO Alliance
 
Troubles with Large Identity Providers.pptx
Troubles with Large Identity Providers.pptxTroubles with Large Identity Providers.pptx
Troubles with Large Identity Providers.pptxYury Leonychev
 
Webinar: End to End Security & Operations with Chainguard and Weave GitOps
Webinar: End to End Security & Operations with Chainguard and Weave GitOpsWebinar: End to End Security & Operations with Chainguard and Weave GitOps
Webinar: End to End Security & Operations with Chainguard and Weave GitOpsWeaveworks
 
Scottish Summit 2022 - Microsoft Information Protection de-mystified
Scottish Summit 2022 - Microsoft Information Protection de-mystifiedScottish Summit 2022 - Microsoft Information Protection de-mystified
Scottish Summit 2022 - Microsoft Information Protection de-mystifiedAlbert Hoitingh
 
Expert Tips and Techniques for Using Google Tag Manager
Expert Tips and Techniques for Using Google Tag ManagerExpert Tips and Techniques for Using Google Tag Manager
Expert Tips and Techniques for Using Google Tag ManagerOWOX BI
 
Killing Passwords with JavaScript
Killing Passwords with JavaScriptKilling Passwords with JavaScript
Killing Passwords with JavaScriptFrancois Marier
 
A Big (Query) Frog in a Small Pond, Jakub Motyl, BuffPanel
A Big (Query) Frog in a Small Pond, Jakub Motyl, BuffPanelA Big (Query) Frog in a Small Pond, Jakub Motyl, BuffPanel
A Big (Query) Frog in a Small Pond, Jakub Motyl, BuffPanelData Science Club
 
Most Advanced GTM Deployment. Ever!
Most Advanced GTM Deployment. Ever!Most Advanced GTM Deployment. Ever!
Most Advanced GTM Deployment. Ever!Phil Pearce
 
Presenting Data – An Alternative to the View Control
Presenting Data – An Alternative to the View ControlPresenting Data – An Alternative to the View Control
Presenting Data – An Alternative to the View ControlTeamstudio
 
2013.devcon3 liferay and google authenticator integration rafik_harabi
2013.devcon3 liferay and google authenticator integration rafik_harabi2013.devcon3 liferay and google authenticator integration rafik_harabi
2013.devcon3 liferay and google authenticator integration rafik_harabiRafik HARABI
 
The Many Flavors of OAuth - Understand Everything About OAuth2
The Many Flavors of OAuth - Understand Everything About OAuth2The Many Flavors of OAuth - Understand Everything About OAuth2
The Many Flavors of OAuth - Understand Everything About OAuth2Khor SoonHin
 
Cost-Effective Two-Factor Authentication
Cost-Effective Two-Factor AuthenticationCost-Effective Two-Factor Authentication
Cost-Effective Two-Factor AuthenticationWaihon Yew
 

Similar to CIS13: So, You Want to Be a Relying Party: Federated Login with Google Identity Toolkit and Google+ Sign-In (20)

Azure AD B2C Webinar Series: Custom Policies Part 2 Policy Walkthrough
Azure AD B2C Webinar Series: Custom Policies Part 2 Policy WalkthroughAzure AD B2C Webinar Series: Custom Policies Part 2 Policy Walkthrough
Azure AD B2C Webinar Series: Custom Policies Part 2 Policy Walkthrough
 
Normalization of Security Key User Experience
Normalization of Security Key User ExperienceNormalization of Security Key User Experience
Normalization of Security Key User Experience
 
Securing a Web App with Security Keys
Securing a Web App with Security KeysSecuring a Web App with Security Keys
Securing a Web App with Security Keys
 
The Whys and Hows of Deploying a Secure RPA Solution
The Whys and Hows of Deploying a Secure RPA SolutionThe Whys and Hows of Deploying a Secure RPA Solution
The Whys and Hows of Deploying a Secure RPA Solution
 
Monitorando APIs com Application Insights
Monitorando APIs com Application InsightsMonitorando APIs com Application Insights
Monitorando APIs com Application Insights
 
Securing a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationSecuring a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web Authentication
 
Troubles with Large Identity Providers.pptx
Troubles with Large Identity Providers.pptxTroubles with Large Identity Providers.pptx
Troubles with Large Identity Providers.pptx
 
Webinar: End to End Security & Operations with Chainguard and Weave GitOps
Webinar: End to End Security & Operations with Chainguard and Weave GitOpsWebinar: End to End Security & Operations with Chainguard and Weave GitOps
Webinar: End to End Security & Operations with Chainguard and Weave GitOps
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password Manager
 
Scottish Summit 2022 - Microsoft Information Protection de-mystified
Scottish Summit 2022 - Microsoft Information Protection de-mystifiedScottish Summit 2022 - Microsoft Information Protection de-mystified
Scottish Summit 2022 - Microsoft Information Protection de-mystified
 
Expert Tips and Techniques for Using Google Tag Manager
Expert Tips and Techniques for Using Google Tag ManagerExpert Tips and Techniques for Using Google Tag Manager
Expert Tips and Techniques for Using Google Tag Manager
 
Killing Passwords with JavaScript
Killing Passwords with JavaScriptKilling Passwords with JavaScript
Killing Passwords with JavaScript
 
Python Development - V2STech Corporate presentation
Python Development - V2STech Corporate presentationPython Development - V2STech Corporate presentation
Python Development - V2STech Corporate presentation
 
A Big (Query) Frog in a Small Pond, Jakub Motyl, BuffPanel
A Big (Query) Frog in a Small Pond, Jakub Motyl, BuffPanelA Big (Query) Frog in a Small Pond, Jakub Motyl, BuffPanel
A Big (Query) Frog in a Small Pond, Jakub Motyl, BuffPanel
 
Most Advanced GTM Deployment. Ever!
Most Advanced GTM Deployment. Ever!Most Advanced GTM Deployment. Ever!
Most Advanced GTM Deployment. Ever!
 
Presenting Data – An Alternative to the View Control
Presenting Data – An Alternative to the View ControlPresenting Data – An Alternative to the View Control
Presenting Data – An Alternative to the View Control
 
2013.devcon3 liferay and google authenticator integration rafik_harabi
2013.devcon3 liferay and google authenticator integration rafik_harabi2013.devcon3 liferay and google authenticator integration rafik_harabi
2013.devcon3 liferay and google authenticator integration rafik_harabi
 
The Many Flavors of OAuth - Understand Everything About OAuth2
The Many Flavors of OAuth - Understand Everything About OAuth2The Many Flavors of OAuth - Understand Everything About OAuth2
The Many Flavors of OAuth - Understand Everything About OAuth2
 
QuickBooks
QuickBooksQuickBooks
QuickBooks
 
Cost-Effective Two-Factor Authentication
Cost-Effective Two-Factor AuthenticationCost-Effective Two-Factor Authentication
Cost-Effective Two-Factor Authentication
 

More from CloudIDSummit

CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content HighlightsCloudIDSummit
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016CloudIDSummit
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CloudIDSummit
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2CloudIDSummit
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CloudIDSummit
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CloudIDSummit
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CloudIDSummit
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CloudIDSummit
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCloudIDSummit
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCloudIDSummit
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CloudIDSummit
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCloudIDSummit
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCloudIDSummit
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCloudIDSummit
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCloudIDSummit
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...CloudIDSummit
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCloudIDSummit
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCloudIDSummit
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCloudIDSummit
 
CIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCloudIDSummit
 

More from CloudIDSummit (20)

CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content Highlights
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean Deuby
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
 
CIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of Things
 

Recently uploaded

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 

Recently uploaded (20)

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 

CIS13: So, You Want to Be a Relying Party: Federated Login with Google Identity Toolkit and Google+ Sign-In

  • 1. Google Confidential and Proprietary So you want to be a Relying Party: Google Identity Toolkit v3 Adam Dawes July 9, 2013 http://goo.gl/8pA1v
  • 2. Google Confidential and Proprietary Google Identity Toolkit ● Challenges to getting out of the password business ● GITKit v3 Overview and UX walkthrough ● GITKit v3 Deployment ● What's coming
  • 3. Google Confidential and Proprietary Challenge #1: I don't know how to get rid of my password db
  • 4. Google Confidential and Proprietary Challenge #2: I need a complete solution for both passwords and IDPs
  • 5. Google Confidential and Proprietary Challenge #3: I don't know how to 'slow roll' conversion to IDP sign-in
  • 6. Google Confidential and Proprietary Challenge #4: I'm afraid NASCAR UX will confuse users
  • 7. Google Confidential and Proprietary GITKit v3 Key Features ● Migrate passwords to hosted authentication service ● Single integration point for multiple email IDPs and passwords ● Fine-grained controls for password to IDP conversion ● Streamlined login and new account UX without NASCAR ● Account management widgets ● Detection of security event in multi-session scenarios
  • 8. Google Confidential and Proprietary GITKit provides a complete auth solution across passwords and multiple IDPs Auth Engine Password Store GITKit ID Token Legacy passwords GITKit APIs Login GITKit
  • 9. Google Confidential and Proprietary GITKit v3 UX Walkthrough: Password Login
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15. Google Confidential and Proprietary Account Chooser ● Addresses the NASCAR problem by initiating login with an “account hint” ● Privacy-preserving HTML5 app with all accounts stored locally
  • 16. Google Confidential and Proprietary GITKit v3 UX Walkthrough: Password Sign Up
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23. Google Confidential and Proprietary GITKit v3 UX Walkthrough: Password to IDP Account Conversion
  • 24. Google Confidential and Proprietary Incrementally roll out IDP support to password users Configure and roll out usage of selected IDPs
  • 25.
  • 26.
  • 27.
  • 28. Google Confidential and Proprietary GITKit v3 UX Walkthrough: IDP Sign Up
  • 29.
  • 30.
  • 31.
  • 32.
  • 33. 1) Sign-in button 2) Account Chooser 3) Password Entry/ Sign-up widgets 2Aii 2Ai, 2Aiii 2B password db 5) GITKit Service 5A 5B Auth Engine 4) IDP Auth 6) Post-login account chip 3A, 3C 3B 2Aiv 3D
  • 34. Google Confidential and Proprietary GITKit v3 UX Walkthrough: Account Management Widget
  • 35.
  • 36.
  • 37. Google Confidential and Proprietary GITKit Deployment - Overview 1. Register at the Google Developer Console 2. Modify your session management 3. Provide 4 endpoints: Callback, Home, Signout, and Lost-password a. Home and Sign-out are easy. b. Callback is just a one-line branch to GITKit handler code. c. Lost-password is hard. 4. Customize the GITKit UI 5. Migrate your users and accounts
  • 38. Google Confidential and Proprietary GITKit Session Management - Basic ● You have to retrieve & validate the GITKit cookie; easy with a JWT library. ● When your session is invalid, check the GITKit cookie and if it's valid, load up a new session from it. ● If you notice it's a new user, use GITKit APIs to retrieve whatever information GITKit has on that user.
  • 39. Google Confidential and Proprietary GITKit Session Management - Advanced You can use GITKit to check if a multiply-logged-in user has changed their password in another session. 1. Maintain a global per-user last-password-change timestamp. 2. Whenever the GITKit cookie changes, retrieve last-password- change and update the timestamp. Also, extract and remember the timestamp of the cookie itself. 3. For each transaction, check the GITKit cookie timestamp against the last-password-change timestamp. If it’s earlier, end the session, delete the GITKit cookie, and force re-authorization.
  • 40. Google Confidential and Proprietary Advanced Topics - Lost Password Handling GITKit provides a CAPTCHA-protected password-change module. But it requires significant work from you. 1. Register a “Service Account” for your app in the Developer Console. 2. When you get the lost-password notification, use the Service- Account flow to get an offline-access token for GITKit. 3. Use the token to retrieve a one-time code. 4. Email a special callback URL including the code to the user; when they click it, the flow will complete.
  • 41. Google Confidential and Proprietary What's coming for GITKit ● Non-email IDPs starting with Google+ Sign-in ● Support for IDPs that offer additional scopes and web widgets that use them ● Native library support for Android and iOS including interoperability with libraries from other IDPs
  • 42. Google Confidential and Proprietary Questions? Thanks! Documentation Google Search: 'Google Identity Toolkit' Demo favcolor.net/gat Trusted Tester Sign-up goo.gl/U3w3f This deck goo.gl/8pA1v