+ All Categories
Home > Technology > Authentication for Droids

Authentication for Droids

Date post: 08-May-2015
Category:

Technology
Upload: paypal
View: 812 times
Download: 3 times
Download Report this document
Share this document with a friend
Description:
This talk about identity and authentication was held at Droidcon UK 2013. It goes into the differences of different authorization and authentication techniques and tries to shed some light on best practices. Technologies being covered are OAuth, OpenID and OpenID Connect.
41

Click here to load reader

Transcript
Page 1: Authentication for Droids

Authentication for DroidsThese are the droids you are looking for

Tim Messerschmidt@SeraAndroid

Page 2: Authentication for Droids

Developer Evangelist

Page 3: Authentication for Droids

Why am I here?

Page 4: Authentication for Droids

Rebuilding the Developer Experience:developer.paypal.com

Page 5: Authentication for Droids
Page 6: Authentication for Droids

Do we always use the same identity?

Page 7: Authentication for Droids

Should we always use the same identity?

Page 8: Authentication for Droids

Authentication vs.Authorization

Page 9: Authentication for Droids

Current standards

Page 10: Authentication for Droids

Basic Authenticationusername:password

Page 11: Authentication for Droids

Passwordswiki.scullsecurity.org/Passwords

Page 12: Authentication for Droids

Security Nightmare

4.7% of users have the password password8.5% have the passwords password or 1234569.8% have the passwords password, 123456, 1234567814% have a password from the top 10 passwords40% have a password from the top 100 passwords79% have a password from the top 500 passwords91% have a password from the top 1000 passwords

Page 13: Authentication for Droids

Allow your users to seetheir input

Page 14: Authentication for Droids

OAuth 1.0

Page 15: Authentication for Droids
Page 16: Authentication for Droids

RequestRequest Token

GrantRequest Token

Direct User to Service Obtain Authorization

Direct to ConsumerRequestAccess Token

GrantAccess Token

AccessResources

Consumer Service Provider

Page 17: Authentication for Droids

OAuth 1.0a

Page 18: Authentication for Droids

Signpost <3github.com/mttkay/signpost

Page 19: Authentication for Droids

OAuth 2.0

Page 20: Authentication for Droids

Direct User to Service Obtain Authorization

RequestAccess Token

GrantAccess Token

Direct to ConsumerAccessResources / Profile

Consumer Service Provider

Page 21: Authentication for Droids

URL url = new URL(”http://url.com/”);HttpURLConnection urlConnection =

(HttpURLConnection) url.openConnection();

setRequestProperty(”Authorization”, ”Bearer …”);

HTTP Header

“url.com/oauth?access_token=…”

URI parameter

Page 22: Authentication for Droids

Scribegithub.com/fernandezpablo85/scribe

PostmanLibgithub.com/fedepaol/PostmanLib--Rings-Twice--Android

Page 23: Authentication for Droids

OAuth 2.0 and the Road to Hellhttp://hueniverse.com/2012/07/oauth-2-0-and-the-road-to-hell/

Page 24: Authentication for Droids

http://homakov.blogspot.de/2013/03/oauth1-oauth2-oauth.html

Page 25: Authentication for Droids
Page 26: Authentication for Droids

Name

Email

Date of Birth

LocaleTime Zone

Address

Gender

Language

Phone Number

Creation Date

Page 27: Authentication for Droids

OpenID

Page 28: Authentication for Droids

BrowserIDPersona

Page 29: Authentication for Droids

How to combine both?

Page 30: Authentication for Droids

OpenID with OAuth Hybrid Extension

Page 31: Authentication for Droids

OpenID Connect

Page 32: Authentication for Droids
Page 33: Authentication for Droids

Identity ProvidersSocial vs. Concrete

Page 34: Authentication for Droids
Page 35: Authentication for Droids
Page 36: Authentication for Droids

Log in via PayPal in the browser or a WebView.

Page 37: Authentication for Droids

Yeah, nice.. but why?

People forget passwords…

45% admit to leaving a website instead of re-setting their password or answering security questions *

* Blue Inc. 2011

Page 38: Authentication for Droids

Also they hate to register

Out of 657 surveyed users 66% think that social sign-in is a desirable alternative. *

* Blue Inc. 2011

Page 39: Authentication for Droids
Page 40: Authentication for Droids

Wrap upIdentity does matterDifference between authentication and authorizationUser Experience should be enhanced not impaired

Page 41: Authentication for Droids

[email protected]@SeraAndroidslideshare.com/paypal


Recommended
Robotic Process Automation: These ARE the droids you’re ... · Robotic Process Automation: These ARE . the droids you’re looking for . By Aaron Hartman. I ’m sure I’m not

Robotic Process Automation: These ARE the droids you’re ... · Robotic Process Automation: These ARE . the droids you’re looking for . By Aaron Hartman. I ’m sure I’m not

Documents

BEGINNER PROGRAMMING LESSON By: Droids Robotics Basic Line Follower.

BEGINNER PROGRAMMING LESSON By: Droids Robotics Basic Line Follower.

Documents

Racing with Droids

Racing with Droids

Education

Persuasive Appeals and Techniques These are not the droids you’re looking for.

Persuasive Appeals and Techniques These are not the droids you’re looking for.

Documents

Disruption, Diversity, Dilbert, Distance & Droids...1 Disruption, Diversity, Dilbert, Distance & Droids: the ‘D’s reshaping the contact centre. Dr Nicola J. Millard Principal Innovation

Disruption, Diversity, Dilbert, Distance & Droids...1 Disruption, Diversity, Dilbert, Distance & Droids: the ‘D’s reshaping the contact centre. Dr Nicola J. Millard Principal Innovation

Documents

Star Wars - The New Essential Guide To Droids

Star Wars - The New Essential Guide To Droids

Documents

Open only for Humans; Droids and Robots should go for CSE 462 next door ;-)

Open only for Humans; Droids and Robots should go for CSE 462 next door ;-)

Documents

These Are Not the Droids You Are Looking For: Making Social Media More Human

These Are Not the Droids You Are Looking For: Making Social Media More Human

Education

Droids Guide By ShoryukenToTheChin

Droids Guide By ShoryukenToTheChin

Documents

DIGIPASS Authentication for Office 365 - VASCO · supports the deployment, ... DIGIPASS Authentication for Office 365. DIGIPASS Authentication for Office 365 DIGIPASS Authentication

DIGIPASS Authentication for Office 365 - VASCO · supports the deployment, ... DIGIPASS Authentication for Office 365. DIGIPASS Authentication for Office 365 DIGIPASS Authentication

Documents

Jon Weimer, 3ds Max Modeling Bots, Mechs, And Droids

Jon Weimer, 3ds Max Modeling Bots, Mechs, And Droids

Documents

Shintaro Kanaoya 'Droids Eye View: A Developer' Chorus Worldwide

Shintaro Kanaoya 'Droids Eye View: A Developer' Chorus Worldwide

Presentations & Public Speaking

These are the droids you are looking for - Authority Link-building 101 - Berlin #BAC2015

These are the droids you are looking for - Authority Link-building 101 - Berlin #BAC2015

Business

Building Droids with JavaScript

Building Droids with JavaScript

Technology

Star Wars: The Essential Guide to Droids

Star Wars: The Essential Guide to Droids

Documents

DigitalPersona, Inc. Biometric Authentication for Digital Authentication

DigitalPersona, Inc. Biometric Authentication for Digital Authentication

Documents

Star Wars: Droids Stats

Star Wars: Droids Stats

Documents

Building Droids - Medi Droid by Tarik Ali_02.pdf

Building Droids - Medi Droid by Tarik Ali_02.pdf

Documents