This talk is about Open Identity and using it to create an amazing user experience. Also it handles topics like secure API communication to protect your service and users from different kind of attacks like CSRF.
The difference between Authentication and Authorization are being highlighted and OAuth, OpenID Connect etc. get explained.
12. Request
Request
Token
Grant
Request
Token
Direct
User
to
Service
Obtain
AuthorizaEon
Direct
to
Consumer
Request
Access
Token
Grant
Access
Token
Access
Resources
Consumer
Service
Provider
15. Direct
User
to
Service
Obtain
AuthorizaEon
Request
Access
Token
Greant
Access
Token
Direct
to
Consumer
Access
Resources
/
Profile
Consumer
Service
Provider
16. OAuth
2.0
and
the
Road
to
Hell
hPp://hueniverse.com/2012/07/oauth-‐2-‐0-‐and-‐the-‐road-‐to-‐hell/
27. Yeah,
nice..
but
why?
People
forget
passwords…
45%
admit
to
leaving
a
website
instead
of
re-‐
se$ng
their
password
or
answering
security
quesEons
*
*
Blue
Inc.
2011
28. Also
they
hate
to
register
Out
of
657
surveyed
users
66%
think
that
social
sign-‐in
is
a
desirable
alternaEve.
*
*
Blue
Inc.
2011