Authentication for Droids

Post on 08-May-2015

812 views 3 download

Preview:

Click to see full reader
Report this document
SHARE

description

This talk about identity and authentication was held at Droidcon UK 2013. It goes into the differences of different authorization and authentication techniques and tries to shed some light on best practices. Technologies being covered are OAuth, OpenID and OpenID Connect.

transcript

Authentication for DroidsThese are the droids you are looking for

Tim Messerschmidt@SeraAndroid

Developer Evangelist

Why am I here?

Rebuilding the Developer Experience:developer.paypal.com

Do we always use the same identity?

Should we always use the same identity?

Authentication vs.Authorization

Current standards

Basic Authenticationusername:password

Passwordswiki.scullsecurity.org/Passwords

Security Nightmare

4.7% of users have the password password8.5% have the passwords password or 1234569.8% have the passwords password, 123456, 1234567814% have a password from the top 10 passwords40% have a password from the top 100 passwords79% have a password from the top 500 passwords91% have a password from the top 1000 passwords

Allow your users to seetheir input

OAuth 1.0

RequestRequest Token

GrantRequest Token

Direct User to Service Obtain Authorization

Direct to ConsumerRequestAccess Token

GrantAccess Token

AccessResources

Consumer Service Provider

OAuth 1.0a

Signpost <3github.com/mttkay/signpost

OAuth 2.0

Direct User to Service Obtain Authorization

RequestAccess Token

GrantAccess Token

Direct to ConsumerAccessResources / Profile

Consumer Service Provider

URL url = new URL(”http://url.com/”);HttpURLConnection urlConnection =

(HttpURLConnection) url.openConnection();

setRequestProperty(”Authorization”, ”Bearer …”);

HTTP Header

“url.com/oauth?access_token=…”

URI parameter

Scribegithub.com/fernandezpablo85/scribe

PostmanLibgithub.com/fedepaol/PostmanLib--Rings-Twice--Android

OAuth 2.0 and the Road to Hellhttp://hueniverse.com/2012/07/oauth-2-0-and-the-road-to-hell/

http://homakov.blogspot.de/2013/03/oauth1-oauth2-oauth.html

Name

Email

Date of Birth

LocaleTime Zone

Address

Gender

Language

Phone Number

Creation Date

OpenID

BrowserIDPersona

How to combine both?

OpenID with OAuth Hybrid Extension

OpenID Connect

Identity ProvidersSocial vs. Concrete

Log in via PayPal in the browser or a WebView.

Yeah, nice.. but why?

People forget passwords…

45% admit to leaving a website instead of re-setting their password or answering security questions *

* Blue Inc. 2011

Also they hate to register

Out of 657 surveyed users 66% think that social sign-in is a desirable alternative. *

* Blue Inc. 2011

Wrap upIdentity does matterDifference between authentication and authorizationUser Experience should be enhanced not impaired

Questions?tmesserschmidt@paypal.com@SeraAndroidslideshare.com/paypal

Top related

DigitalPersona, Inc. Biometric Authentication for Digital Authentication
Documents
Arrays ADVANCED EV3 PROGRAMMING LESSON 1 By Droids Robotics.
Documents
Building Droids - Medi Droid by Tarik Ali_02.pdf
Documents
Shintaro Kanaoya 'Droids Eye View: A Developer' Chorus Worldwide
Presentations & Public Speaking
DIGIPASS Authentication for Office 365 - VASCO · supports the deployment, ... DIGIPASS Authentication for Office 365. DIGIPASS Authentication for Office 365 DIGIPASS Authentication
Documents
BEGINNER EV3 PROGRAMMING LESSON By: Droids Robotics Topics Covered: Switches.
Documents
These Aren’t the Droids You’re Looking For
Documents
Racing with Droids
Education
Star Wars: The Essential Guide to Droids
Documents
Droids arrived today...Sorry Wing
Documents
Scavengers Guide to Droids
Documents
Star Wars - Fantastic Technology Droids
Documents
Star Wars D6 - Conversion - Scavengers Guide to Droids
Documents
Jon Weimer, 3ds Max Modeling Bots, Mechs, And Droids
Documents
Disruption, Diversity, Dilbert, Distance & Droids...1 Disruption, Diversity, Dilbert, Distance & Droids: the ‘D’s reshaping the contact centre. Dr Nicola J. Millard Principal Innovation
Documents
Star Wars - The New Essential Guide To Droids
Documents
Droids in Disarray: Detecting Frame Confusion …...Droids in Disarray: Detecting Frame Confusion in Hybrid Android Apps 3 the WebView component and enable JavaScript execution, while
Documents
Building Droids with JavaScript
Technology
INTERMEDIATE PROGRAMMING LESSON By: Droids Robotics Debugging Techniques.
Documents
BEGINNER PROGRAMMING LESSON By: Droids Robotics Basic Line Follower.
Documents

Copyright © 2018 DOCUMENTS