1. Securing your ecosystem
@raffi
http://www.flickr.com/photos/mklingo/

2. Speaking at @fowa! Let’s talk about securing
ecosystems & let’s talk @twitterapi!
29 Jun via Twitter for iPhone
from Meet, Las Vegas
233 South 4th Street
Las Vegas, Nevada 89101
View Tweets at this place

4. >660K Developers on @twitterAPI

5. >900K Apps + The Official ones

6. >200M users on @twitter

8. Users are paramount
http://www.flickr.com/photos/ilya/

9. Users need 2 things protected
⇢ identity
⇢ data
http://www.flickr.com/photos/ilya/

10. Security is hard to bolt on “later”
http://www.flickr.com/photos/ragzrejected/

11. Govern your ecosystem
http://www.flickr.com/photos/mr_t_in_dc/

13. Case study in @twitterAPI

14. We used to be basic auth

15. raffi ← Username
:
totallysecure ← Password

16. Base64(raffi:totallysecure)
cmFmZmk6dG90YWxseXNlY3VyZQ==

17. GET /secure HTTP/1.1
Host: localhost
Authorization: Basic
cmFmZmk6dG90YWxseXNlY3VyZQ==

18. The password
antipattern

19. OAuth

20. The carrot

21. further protect our users
⇢ mandate the use of OAuth
⇢ understand where our traffic is coming from

22. This
conversion
was a
challenge

23. And... One more time, protect our users
⇢ break out a new permissions model
⇢ try to make it extremely clear to a user what apps are doing

24. Be really
really really
(really) ∞
explicit

25. Check back with me next year —
i might be able to say how it went

27. What would I do if i were you?
⇢ forget basic auth!
⇢ go straight to OAuth 2
⇢ understand your “problem”

28. Make sure to have the tools you need
http://www.flickr.com/photos/11872189@N00/

29. Our Users
@taylorswift13

31. Follow me
Questions? @raffi