SlideShare a Scribd company logo

Open Id, O Auth And Webservices

Download as PPT, PDF
Myles Eftos
Myles Eftos

This document provides an overview of OpenID, OAuth, and web services for single sign-on and authorization. It describes how OpenID allows a user to log in to multiple websites using one identity and how OAuth allows websites to access user data from another site without needing the user's password. REST and SOAP web services approaches are also briefly discussed.

Technology
1 of 44
OpenID, OAuth and Webservices A developers guide Web Directions 2008 - Myles Eftos
Our lives in digits So many web apps - so many usernames, so many passwords How do we access our data? How can we do that safely ? How can we do it easily ?
Meet Jim Uses Twitter, Gmail, Digg, Newsgator, LinkedIn + many more His housemate finds his username and password Hilarity ensues
OpenID to the rescue! There are consumers, and there are providers Everyone gets a URL Magic happens…
Step 1 User enters their OpenID URL
Step 2 Consumer discovers link tags for delegation <link rel=&quot;openid.server&quot; href=&quot;http://my.openid.server&quot;> <link rel=&quot;openid.delegate&quot; href=&quot;http://madpilot.openid.server&quot;>
Step 3 Consumer redirects to the Provider login screen openid.mode = checkid_setup openid.identity = http://myid.openid.com openid.return_to = http://www.consumer.com?rp_nouce=[RANDOM] openid.trustroot = http://www.consumer.com
Step 4 User enters credentials
Step 5 Provider redirects to Consumer with return_url parameters openid.mode = id_res openid.return_to = http://www.consumer.com?rp_nouce=[RANDOM] openid.identity = http://madpilot.openid.com openid.signed = mode,identity,return_to openid.assoc_handle = [some hash] openid.sig = [Base64 encoded HMAC signature]
Step 6 Consumer POSTs back to validate what was returned openid.mode = check_authentication openid.signed = mode,identity,return_to openid.assoc_handle = [same hash as before] openid.sig = [Same Base64 encoded HMAC signature as before] openid.return_to = http://www.consumer.com?rp_nouce=[RANDOM] Openid.identity = http://madpilot.openid.com
Step 7 If the returned values look ok the Provider returns is_valid:true is_valid:true
And again with passion Dumb mode has lots of redirects Not-dumb mode asynchronously (AJAX) gets an immediate answer If the user is logged in, the user can continue If not, decide what to do (authenticate would be a good idea)
Simple Registration SREG to it’s friends Send your favourite parameters Pull nickname, email, date of birth, gender, country, language, time zone Consumer can request required and optional parameters
I want my data! Data in the cloud is cool Backups, hardware upgrades – someone else’s problem Vendor lock-in is the suck Web services are the awse
REST vs SOAP The world needs more religious wars Both lie on HTTP Both use XML* Remote Procedure Pattern vs. Resource Pattern * REST doesn’t really care…
SOAP : Why no one uses it In theory it rocks. Has a description language (WDSL) It is verbose Perhaps, something more Ideological?
REST : The web for computers The web is based on resources Type in a URL: GET that resource Submit a form: POST to that resource Forgotten verbs: PUT and DELETE
One end point to rule them all OK, maybe two Delete the company with id=1 DELETE /companies/1.xml Update the company with id=1 PUT /companies/1.xml Return the company with id=1 GET /companies/1.xml Creates a new company POST /companies.xml Returns all companies GET /companies.xml
HTTP/1.1 101 HTTP does a lot of stuff
HTTP/1.1 101 HTTP does a lot of stuff Status codes Authorization Required 401 Server Unavailable 503 Server Error 500 Invalid Entity 422 Gone 410 Not allowed 405 Not Found 404 Forbidden 403 Bad Request 400 Moved Permanently 301 Created 201 OK! 200
HTTP/1.1 101 HTTP does a lot of stuff Status codes Headers and modifiers If-Range If-None-Match If-Match If-Unmodified-Since If-Modified-Since
Communism doesn’t work You don’t want any old person changing stuff 401 Authorization Required Still needs a password though – a pure OpenID implementation is out Anti-password pattern alert!
Check up on Jim Signs up to a new Web 2.0 CRM Offers to copy contacts from Gmail Requires your Gmail username and password… Sounds phishy
Bloody OAuth it is… OAuth is a machine authorisation protocol Like a Valet Key Give permission for a system to access your account … or take away permission Again, there are Providers and there are Consumers
Step 1 User wants to access their photos from another service
Step 2 Consumer sends a POST request to the request token URL at the Provider. It identifies itself using a shared secret key that was prepared earlier
Step 3 The Provider returns a unauthorised request token. The token is good for one use
Step 4 The consumer redirects the user to the Authorisation URL of the provider
Step 5 If the user hasn’t logged in to the Provider service, they do so now on the Provider You could use OpenID for this bit
Step 6 The Provider asks the user if they really wants to let the Consumer have the photos
Step 7 The Provider redirects the user back to the Consumer and lets the Provider know that is can request a authorized token
Step 8 The Consumer requests an authorised token using the now authorised request token
Step 9 The Provider exchanges the request token for an access token. This token is good for a pre-determined period of time (Maybe forever)
Step 10 The Consumer can now access the data using it’s access token
Step 11 The Provider sends the data if the access token checks out
Look ma – no passwords! User never enters their password on the Consumer The Consumer actually has it’s own password (the token) The token can be revoked, stopping access
The Dark Side: OpenID Phishing DNS Spoofing Not an AUTHORISATION system Consumer has to trust the Provider Doesn’t really work without a browser
The Dark Side: REST No standard ! (Lather, rinse, repeat) No description language – requires more legwork
The Dark Side: OAuth Doesn’t work so well without a browser More complex/higher overhead than username/password Doesn’t work with cURL
Yadis with egg and cheese Service discovery protocol OpenID is the only open, distributed authentication system (Surprised?) XML RDF based Allows Providers and Consumers to negotiate protocols
Yadis with egg and cheese <?xml version=“1.0” encoding=“UTF-8”?> <xrds:XRDS xmlns:xrds=“xri://$xrds” xmlns=“xri://$xrd*($v*2.0)”> <XRD> <Service> <Type>http://lid.netmesh.org/sso/2.0</Type> </Service> <Service> <Type>http://lid.netmesh.org/sso/1.0</Type> </Service> </XRD> </xrds:XRDS>
You know what would be cool ? OpenID on your desktop OpenID on your mobile Webservice brokering system File system integration
Your local libraries OpenID: http://wiki.openid.net/Libraries OAuth: http://oauth.net/code
In conclusion, Thank You Question time starts… Now

Recommended

Creating a Sign On with Open id connect
Creating a Sign On with Open id connectCreating a Sign On with Open id connect
Creating a Sign On with Open id connectDerek Binkley
 
Box connector
Box connectorBox connector
Box connectorThang Loi
 
CIS14: Working with OAuth and OpenID Connect
CIS14: Working with OAuth and OpenID ConnectCIS14: Working with OAuth and OpenID Connect
CIS14: Working with OAuth and OpenID ConnectCloudIDSummit
 
SharePoint 2013 and ADFS
SharePoint 2013 and ADFSSharePoint 2013 and ADFS
SharePoint 2013 and ADFSNatallia Makarevich
 
Securing your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID ConnectSecuring your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID ConnectManish Pandit
 
Linkedin & OAuth
Linkedin & OAuthLinkedin & OAuth
Linkedin & OAuthUmang Goyal
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersSalesforce Developers
 
SPS Belgium 2015 - High-trust Apps for On-Premises Development
SPS Belgium 2015 - High-trust Apps for On-Premises DevelopmentSPS Belgium 2015 - High-trust Apps for On-Premises Development
SPS Belgium 2015 - High-trust Apps for On-Premises DevelopmentEdin Kapic
 

Recommended

Creating a Sign On with Open id connect
Creating a Sign On with Open id connectCreating a Sign On with Open id connect
Creating a Sign On with Open id connectDerek Binkley
 
Box connector
Box connectorBox connector
Box connectorThang Loi
 
CIS14: Working with OAuth and OpenID Connect
CIS14: Working with OAuth and OpenID ConnectCIS14: Working with OAuth and OpenID Connect
CIS14: Working with OAuth and OpenID ConnectCloudIDSummit
 
SharePoint 2013 and ADFS
SharePoint 2013 and ADFSSharePoint 2013 and ADFS
SharePoint 2013 and ADFSNatallia Makarevich
 
Securing your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID ConnectSecuring your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID ConnectManish Pandit
 
Linkedin & OAuth
Linkedin & OAuthLinkedin & OAuth
Linkedin & OAuthUmang Goyal
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersSalesforce Developers
 
SPS Belgium 2015 - High-trust Apps for On-Premises Development
SPS Belgium 2015 - High-trust Apps for On-Premises DevelopmentSPS Belgium 2015 - High-trust Apps for On-Premises Development
SPS Belgium 2015 - High-trust Apps for On-Premises DevelopmentEdin Kapic
 
Presentation
PresentationPresentation
PresentationLaxman Kumar
 
Digital Locker Dedicated Repository Api Specification v1 4
Digital Locker Dedicated Repository Api Specification v1 4Digital Locker Dedicated Repository Api Specification v1 4
Digital Locker Dedicated Repository Api Specification v1 4DigiLocker
 
Single Sign On with OAuth and OpenID
Single Sign On with OAuth and OpenIDSingle Sign On with OAuth and OpenID
Single Sign On with OAuth and OpenIDGasperi Jerome
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudDanny Jessee
 
Intro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectIntro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectLiamWadman
 
Oauth Nightmares Abstract OAuth Nightmares
Oauth Nightmares Abstract OAuth Nightmares Oauth Nightmares Abstract OAuth Nightmares
Oauth Nightmares Abstract OAuth Nightmares Nino Ho
 
How Educational Institutions Can Provide Digital Mark Sheets To Students Us...
How Educational Institutions Can Provide Digital Mark Sheets To Students Us...How Educational Institutions Can Provide Digital Mark Sheets To Students Us...
How Educational Institutions Can Provide Digital Mark Sheets To Students Us...DigiLocker
 
Tags
TagsTags
Tagsjcvengal
 
Digg Third Party Authentication
Digg Third Party AuthenticationDigg Third Party Authentication
Digg Third Party AuthenticationBill Shupp
 
SharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthSharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthKashif Imran
 
Universal login
Universal loginUniversal login
Universal loginZx MYS
 
CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2scotttomilson
 
RESTful Day 5
RESTful Day 5RESTful Day 5
RESTful Day 5Akhil Mittal
 
eSign Brochure1.5
eSign Brochure1.5eSign Brochure1.5
eSign Brochure1.5DigiLocker
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudDanny Jessee
 
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID ConnectDemystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID ConnectVinay Manglani
 
Digital Locker Requester Api Specification v1 0
Digital Locker Requester Api Specification v1 0Digital Locker Requester Api Specification v1 0
Digital Locker Requester Api Specification v1 0DigiLocker
 
OpenId Connect Protocol
OpenId Connect ProtocolOpenId Connect Protocol
OpenId Connect ProtocolMichael Furman
 
Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010Danny Jessee
 
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013Aaron Parecki
 
PDSを実現するにあたっての技術動向の紹介 (OAuth, OpenID Connect, UMAなど)
PDSを実現するにあたっての技術動向の紹介 (OAuth, OpenID Connect, UMAなど)PDSを実現するにあたっての技術動向の紹介 (OAuth, OpenID Connect, UMAなど)
PDSを実現するにあたっての技術動向の紹介 (OAuth, OpenID Connect, UMAなど)Tatsuo Kudo
 
OpenID Connect 101 @ OpenID TechNight vol.11
OpenID Connect 101 @ OpenID TechNight vol.11OpenID Connect 101 @ OpenID TechNight vol.11
OpenID Connect 101 @ OpenID TechNight vol.11Nov Matake
 

More Related Content

What's hot

Digital Locker Dedicated Repository Api Specification v1 4
Digital Locker Dedicated Repository Api Specification v1 4Digital Locker Dedicated Repository Api Specification v1 4
Digital Locker Dedicated Repository Api Specification v1 4DigiLocker
 
Single Sign On with OAuth and OpenID
Single Sign On with OAuth and OpenIDSingle Sign On with OAuth and OpenID
Single Sign On with OAuth and OpenIDGasperi Jerome
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudDanny Jessee
 
Intro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectIntro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectLiamWadman
 
Oauth Nightmares Abstract OAuth Nightmares
Oauth Nightmares Abstract OAuth Nightmares Oauth Nightmares Abstract OAuth Nightmares
Oauth Nightmares Abstract OAuth Nightmares Nino Ho
 
How Educational Institutions Can Provide Digital Mark Sheets To Students Us...
How Educational Institutions Can Provide Digital Mark Sheets To Students Us...How Educational Institutions Can Provide Digital Mark Sheets To Students Us...
How Educational Institutions Can Provide Digital Mark Sheets To Students Us...DigiLocker
 
Digg Third Party Authentication
Digg Third Party AuthenticationDigg Third Party Authentication
Digg Third Party AuthenticationBill Shupp
 
SharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthSharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthKashif Imran
 
Universal login
Universal loginUniversal login
Universal loginZx MYS
 
CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2scotttomilson
 
eSign Brochure1.5
eSign Brochure1.5eSign Brochure1.5
eSign Brochure1.5DigiLocker
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudDanny Jessee
 
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID ConnectDemystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID ConnectVinay Manglani
 
Digital Locker Requester Api Specification v1 0
Digital Locker Requester Api Specification v1 0Digital Locker Requester Api Specification v1 0
Digital Locker Requester Api Specification v1 0DigiLocker
 
OpenId Connect Protocol
OpenId Connect ProtocolOpenId Connect Protocol
OpenId Connect ProtocolMichael Furman
 
Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010Danny Jessee
 
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013Aaron Parecki
 

What's hot (20)

Presentation
PresentationPresentation
Presentation
 
Digital Locker Dedicated Repository Api Specification v1 4
Digital Locker Dedicated Repository Api Specification v1 4Digital Locker Dedicated Repository Api Specification v1 4
Digital Locker Dedicated Repository Api Specification v1 4
 
Single Sign On with OAuth and OpenID
Single Sign On with OAuth and OpenIDSingle Sign On with OAuth and OpenID
Single Sign On with OAuth and OpenID
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
 
Intro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectIntro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID Connect
 
Oauth Nightmares Abstract OAuth Nightmares
Oauth Nightmares Abstract OAuth Nightmares Oauth Nightmares Abstract OAuth Nightmares
Oauth Nightmares Abstract OAuth Nightmares
 
How Educational Institutions Can Provide Digital Mark Sheets To Students Us...
How Educational Institutions Can Provide Digital Mark Sheets To Students Us...How Educational Institutions Can Provide Digital Mark Sheets To Students Us...
How Educational Institutions Can Provide Digital Mark Sheets To Students Us...
 
Tags
TagsTags
Tags
 
Digg Third Party Authentication
Digg Third Party AuthenticationDigg Third Party Authentication
Digg Third Party Authentication
 
SharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthSharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims Auth
 
Universal login
Universal loginUniversal login
Universal login
 
CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2
 
RESTful Day 5
RESTful Day 5RESTful Day 5
RESTful Day 5
 
eSign Brochure1.5
eSign Brochure1.5eSign Brochure1.5
eSign Brochure1.5
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
 
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID ConnectDemystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
 
Digital Locker Requester Api Specification v1 0
Digital Locker Requester Api Specification v1 0Digital Locker Requester Api Specification v1 0
Digital Locker Requester Api Specification v1 0
 
OpenId Connect Protocol
OpenId Connect ProtocolOpenId Connect Protocol
OpenId Connect Protocol
 
Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010
 
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
 

Viewers also liked

PDSを実現するにあたっての技術動向の紹介 (OAuth, OpenID Connect, UMAなど)
PDSを実現するにあたっての技術動向の紹介 (OAuth, OpenID Connect, UMAなど)PDSを実現するにあたっての技術動向の紹介 (OAuth, OpenID Connect, UMAなど)
PDSを実現するにあたっての技術動向の紹介 (OAuth, OpenID Connect, UMAなど)Tatsuo Kudo
 
OpenID Connect 101 @ OpenID TechNight vol.11
OpenID Connect 101 @ OpenID TechNight vol.11OpenID Connect 101 @ OpenID TechNight vol.11
OpenID Connect 101 @ OpenID TechNight vol.11Nov Matake
 
Yahoo! JAPANのOpenID Certified Mark取得について
Yahoo! JAPANのOpenID Certified Mark取得についてYahoo! JAPANのOpenID Certified Mark取得について
Yahoo! JAPANのOpenID Certified Mark取得についてMasaru Kurahayashi
 
Unleashing the Power of XSLT: Catalog Records in Batch
Unleashing the Power of XSLT: Catalog Records in BatchUnleashing the Power of XSLT: Catalog Records in Batch
Unleashing the Power of XSLT: Catalog Records in Batchc7002593
 
The Mystical Principles of XSLT: Enlightenment through Software Visualization
The Mystical Principles of XSLT: Enlightenment through Software VisualizationThe Mystical Principles of XSLT: Enlightenment through Software Visualization
The Mystical Principles of XSLT: Enlightenment through Software Visualizationevanlenz
 
Applying an IBM SOA Approach to Manual Processes Automation
Applying an IBM SOA Approach to Manual Processes AutomationApplying an IBM SOA Approach to Manual Processes Automation
Applying an IBM SOA Approach to Manual Processes AutomationProlifics
 
XML - Displaying Data ith XSLT
XML - Displaying Data ith XSLTXML - Displaying Data ith XSLT
XML - Displaying Data ith XSLTDudy Ali
 
Xml part4
Xml part4Xml part4
Xml part4NOHA AW
 
Xml part5
Xml part5Xml part5
Xml part5NOHA AW
 
Interoperable Web Services with JAX-WS
Interoperable Web Services with JAX-WSInteroperable Web Services with JAX-WS
Interoperable Web Services with JAX-WSCarol McDonald
 
SOA Governance and WebSphere Service Registry and Repository
SOA Governance and WebSphere Service Registry and RepositorySOA Governance and WebSphere Service Registry and Repository
SOA Governance and WebSphere Service Registry and RepositoryIBM Sverige
 
WebService-Java
WebService-JavaWebService-Java
WebService-Javahalwal
 
RESTful services
RESTful servicesRESTful services
RESTful servicesgouthamrv
 
Java web services using JAX-WS
Java web services using JAX-WSJava web services using JAX-WS
Java web services using JAX-WSIndicThreads
 

Viewers also liked (20)

PDSを実現するにあたっての技術動向の紹介 (OAuth, OpenID Connect, UMAなど)
PDSを実現するにあたっての技術動向の紹介 (OAuth, OpenID Connect, UMAなど)PDSを実現するにあたっての技術動向の紹介 (OAuth, OpenID Connect, UMAなど)
PDSを実現するにあたっての技術動向の紹介 (OAuth, OpenID Connect, UMAなど)
 
OpenID Connect 101 @ OpenID TechNight vol.11
OpenID Connect 101 @ OpenID TechNight vol.11OpenID Connect 101 @ OpenID TechNight vol.11
OpenID Connect 101 @ OpenID TechNight vol.11
 
Yahoo! JAPANのOpenID Certified Mark取得について
Yahoo! JAPANのOpenID Certified Mark取得についてYahoo! JAPANのOpenID Certified Mark取得について
Yahoo! JAPANのOpenID Certified Mark取得について
 
Unleashing the Power of XSLT: Catalog Records in Batch
Unleashing the Power of XSLT: Catalog Records in BatchUnleashing the Power of XSLT: Catalog Records in Batch
Unleashing the Power of XSLT: Catalog Records in Batch
 
Web Services
Web ServicesWeb Services
Web Services
 
The Mystical Principles of XSLT: Enlightenment through Software Visualization
The Mystical Principles of XSLT: Enlightenment through Software VisualizationThe Mystical Principles of XSLT: Enlightenment through Software Visualization
The Mystical Principles of XSLT: Enlightenment through Software Visualization
 
Applying an IBM SOA Approach to Manual Processes Automation
Applying an IBM SOA Approach to Manual Processes AutomationApplying an IBM SOA Approach to Manual Processes Automation
Applying an IBM SOA Approach to Manual Processes Automation
 
XML - Displaying Data ith XSLT
XML - Displaying Data ith XSLTXML - Displaying Data ith XSLT
XML - Displaying Data ith XSLT
 
Xml part4
Xml part4Xml part4
Xml part4
 
Xml part5
Xml part5Xml part5
Xml part5
 
Interoperable Web Services with JAX-WS
Interoperable Web Services with JAX-WSInteroperable Web Services with JAX-WS
Interoperable Web Services with JAX-WS
 
SOA Governance and WebSphere Service Registry and Repository
SOA Governance and WebSphere Service Registry and RepositorySOA Governance and WebSphere Service Registry and Repository
SOA Governance and WebSphere Service Registry and Repository
 
XSLT for Web Developers
XSLT for Web DevelopersXSLT for Web Developers
XSLT for Web Developers
 
Web Services
Web ServicesWeb Services
Web Services
 
Web services
Web servicesWeb services
Web services
 
WebService-Java
WebService-JavaWebService-Java
WebService-Java
 
CTDA Workshop on XSL
CTDA Workshop on XSLCTDA Workshop on XSL
CTDA Workshop on XSL
 
Siebel Web Service
Siebel Web ServiceSiebel Web Service
Siebel Web Service
 
RESTful services
RESTful servicesRESTful services
RESTful services
 
Java web services using JAX-WS
Java web services using JAX-WSJava web services using JAX-WS
Java web services using JAX-WS
 

Similar to Open Id, O Auth And Webservices

Patterns to Bring Enterprise and Social Identity to the Cloud
Patterns to Bring Enterprise and Social Identity to the Cloud Patterns to Bring Enterprise and Social Identity to the Cloud
Patterns to Bring Enterprise and Social Identity to the Cloud CA API Management
 
CIS13: Federation Protocol Cross-Section
CIS13: Federation Protocol Cross-SectionCIS13: Federation Protocol Cross-Section
CIS13: Federation Protocol Cross-SectionCloudIDSummit
 
The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)Jay Simcox
 
UserCentric Identity based Service Invocation
UserCentric Identity based Service InvocationUserCentric Identity based Service Invocation
UserCentric Identity based Service Invocationguestd5dde6
 
The Top Tips You need to Learn about Data in your Mobile App
The Top Tips You need to Learn about Data in your Mobile AppThe Top Tips You need to Learn about Data in your Mobile App
The Top Tips You need to Learn about Data in your Mobile AppWoodruff Solutions LLC
 
Ntia 0900
Ntia 0900Ntia 0900
Ntia 0900gsgiles
 
Implementing OpenID for Your Social Networking Site
Implementing OpenID for Your Social Networking SiteImplementing OpenID for Your Social Networking Site
Implementing OpenID for Your Social Networking SiteDavid Keener
 
Street conf overview
Street conf overviewStreet conf overview
Street conf overviewericsachs
 
Benefits and Risks of a Single Identity - IBM Connect 2017
Benefits and Risks of a Single Identity - IBM Connect 2017Benefits and Risks of a Single Identity - IBM Connect 2017
Benefits and Risks of a Single Identity - IBM Connect 2017Gabriella Davis
 
SSO with the WSO2 Identity Server
SSO with the WSO2 Identity ServerSSO with the WSO2 Identity Server
SSO with the WSO2 Identity ServerWSO2
 
Sso with the wso2 identity server
Sso with the wso2 identity serverSso with the wso2 identity server
Sso with the wso2 identity serversureshattanayake
 
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other WorldsCIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other WorldsCloudIDSummit
 
ISBG The 3 S's a guide to single sign on
ISBG The 3 S's a guide to single sign onISBG The 3 S's a guide to single sign on
ISBG The 3 S's a guide to single sign onGabriella Davis
 
SCWCD : Session management : CHAP : 6
SCWCD : Session management : CHAP : 6SCWCD : Session management : CHAP : 6
SCWCD : Session management : CHAP : 6Ben Abdallah Helmi
 
Scalable Reliable Secure REST
Scalable Reliable Secure RESTScalable Reliable Secure REST
Scalable Reliable Secure RESTguestb2ed5f
 

Similar to Open Id, O Auth And Webservices (20)

Patterns to Bring Enterprise and Social Identity to the Cloud
Patterns to Bring Enterprise and Social Identity to the Cloud Patterns to Bring Enterprise and Social Identity to the Cloud
Patterns to Bring Enterprise and Social Identity to the Cloud
 
CIS13: Federation Protocol Cross-Section
CIS13: Federation Protocol Cross-SectionCIS13: Federation Protocol Cross-Section
CIS13: Federation Protocol Cross-Section
 
The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)
 
UserCentric Identity based Service Invocation
UserCentric Identity based Service InvocationUserCentric Identity based Service Invocation
UserCentric Identity based Service Invocation
 
The Top Tips You need to Learn about Data in your Mobile App
The Top Tips You need to Learn about Data in your Mobile AppThe Top Tips You need to Learn about Data in your Mobile App
The Top Tips You need to Learn about Data in your Mobile App
 
Ntia 0900
Ntia 0900Ntia 0900
Ntia 0900
 
Implementing OpenID for Your Social Networking Site
Implementing OpenID for Your Social Networking SiteImplementing OpenID for Your Social Networking Site
Implementing OpenID for Your Social Networking Site
 
Street conf overview
Street conf overviewStreet conf overview
Street conf overview
 
DIWD Concordia
DIWD ConcordiaDIWD Concordia
DIWD Concordia
 
Benefits and Risks of a Single Identity - IBM Connect 2017
Benefits and Risks of a Single Identity - IBM Connect 2017Benefits and Risks of a Single Identity - IBM Connect 2017
Benefits and Risks of a Single Identity - IBM Connect 2017
 
SSO with the WSO2 Identity Server
SSO with the WSO2 Identity ServerSSO with the WSO2 Identity Server
SSO with the WSO2 Identity Server
 
Sso with the wso2 identity server
Sso with the wso2 identity serverSso with the wso2 identity server
Sso with the wso2 identity server
 
Great webapis
Great webapisGreat webapis
Great webapis
 
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other WorldsCIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
 
.NET MAUI + Azure AD B2C
.NET MAUI + Azure AD B2C.NET MAUI + Azure AD B2C
.NET MAUI + Azure AD B2C
 
ISBG The 3 S's a guide to single sign on
ISBG The 3 S's a guide to single sign onISBG The 3 S's a guide to single sign on
ISBG The 3 S's a guide to single sign on
 
Lecture 20101124
Lecture 20101124Lecture 20101124
Lecture 20101124
 
SCWCD : Session management : CHAP : 6
SCWCD : Session management : CHAP : 6SCWCD : Session management : CHAP : 6
SCWCD : Session management : CHAP : 6
 
Scalable Reliable Secure REST
Scalable Reliable Secure RESTScalable Reliable Secure REST
Scalable Reliable Secure REST
 
Integrando Azure AD B2C con Xamarin.Forms
Integrando Azure AD B2C con Xamarin.FormsIntegrando Azure AD B2C con Xamarin.Forms
Integrando Azure AD B2C con Xamarin.Forms
 

Recently uploaded

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 

Recently uploaded (20)

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 

Open Id, O Auth And Webservices

  • 1. OpenID, OAuth and Webservices A developers guide Web Directions 2008 - Myles Eftos
  • 2. Our lives in digits So many web apps - so many usernames, so many passwords How do we access our data? How can we do that safely ? How can we do it easily ?
  • 3. Meet Jim Uses Twitter, Gmail, Digg, Newsgator, LinkedIn + many more His housemate finds his username and password Hilarity ensues
  • 4. OpenID to the rescue! There are consumers, and there are providers Everyone gets a URL Magic happens…
  • 5. Step 1 User enters their OpenID URL
  • 6. Step 2 Consumer discovers link tags for delegation <link rel=&quot;openid.server&quot; href=&quot;http://my.openid.server&quot;> <link rel=&quot;openid.delegate&quot; href=&quot;http://madpilot.openid.server&quot;>
  • 7. Step 3 Consumer redirects to the Provider login screen openid.mode = checkid_setup openid.identity = http://myid.openid.com openid.return_to = http://www.consumer.com?rp_nouce=[RANDOM] openid.trustroot = http://www.consumer.com
  • 8. Step 4 User enters credentials
  • 9. Step 5 Provider redirects to Consumer with return_url parameters openid.mode = id_res openid.return_to = http://www.consumer.com?rp_nouce=[RANDOM] openid.identity = http://madpilot.openid.com openid.signed = mode,identity,return_to openid.assoc_handle = [some hash] openid.sig = [Base64 encoded HMAC signature]
  • 10. Step 6 Consumer POSTs back to validate what was returned openid.mode = check_authentication openid.signed = mode,identity,return_to openid.assoc_handle = [same hash as before] openid.sig = [Same Base64 encoded HMAC signature as before] openid.return_to = http://www.consumer.com?rp_nouce=[RANDOM] Openid.identity = http://madpilot.openid.com
  • 11. Step 7 If the returned values look ok the Provider returns is_valid:true is_valid:true
  • 12. And again with passion Dumb mode has lots of redirects Not-dumb mode asynchronously (AJAX) gets an immediate answer If the user is logged in, the user can continue If not, decide what to do (authenticate would be a good idea)
  • 13. Simple Registration SREG to it’s friends Send your favourite parameters Pull nickname, email, date of birth, gender, country, language, time zone Consumer can request required and optional parameters
  • 14. I want my data! Data in the cloud is cool Backups, hardware upgrades – someone else’s problem Vendor lock-in is the suck Web services are the awse
  • 15. REST vs SOAP The world needs more religious wars Both lie on HTTP Both use XML* Remote Procedure Pattern vs. Resource Pattern * REST doesn’t really care…
  • 16. SOAP : Why no one uses it In theory it rocks. Has a description language (WDSL) It is verbose Perhaps, something more Ideological?
  • 17. REST : The web for computers The web is based on resources Type in a URL: GET that resource Submit a form: POST to that resource Forgotten verbs: PUT and DELETE
  • 18. One end point to rule them all OK, maybe two Delete the company with id=1 DELETE /companies/1.xml Update the company with id=1 PUT /companies/1.xml Return the company with id=1 GET /companies/1.xml Creates a new company POST /companies.xml Returns all companies GET /companies.xml
  • 19. HTTP/1.1 101 HTTP does a lot of stuff
  • 20. HTTP/1.1 101 HTTP does a lot of stuff Status codes Authorization Required 401 Server Unavailable 503 Server Error 500 Invalid Entity 422 Gone 410 Not allowed 405 Not Found 404 Forbidden 403 Bad Request 400 Moved Permanently 301 Created 201 OK! 200
  • 21. HTTP/1.1 101 HTTP does a lot of stuff Status codes Headers and modifiers If-Range If-None-Match If-Match If-Unmodified-Since If-Modified-Since
  • 22. Communism doesn’t work You don’t want any old person changing stuff 401 Authorization Required Still needs a password though – a pure OpenID implementation is out Anti-password pattern alert!
  • 23. Check up on Jim Signs up to a new Web 2.0 CRM Offers to copy contacts from Gmail Requires your Gmail username and password… Sounds phishy
  • 24. Bloody OAuth it is… OAuth is a machine authorisation protocol Like a Valet Key Give permission for a system to access your account … or take away permission Again, there are Providers and there are Consumers
  • 25. Step 1 User wants to access their photos from another service
  • 26. Step 2 Consumer sends a POST request to the request token URL at the Provider. It identifies itself using a shared secret key that was prepared earlier
  • 27. Step 3 The Provider returns a unauthorised request token. The token is good for one use
  • 28. Step 4 The consumer redirects the user to the Authorisation URL of the provider
  • 29. Step 5 If the user hasn’t logged in to the Provider service, they do so now on the Provider You could use OpenID for this bit
  • 30. Step 6 The Provider asks the user if they really wants to let the Consumer have the photos
  • 31. Step 7 The Provider redirects the user back to the Consumer and lets the Provider know that is can request a authorized token
  • 32. Step 8 The Consumer requests an authorised token using the now authorised request token
  • 33. Step 9 The Provider exchanges the request token for an access token. This token is good for a pre-determined period of time (Maybe forever)
  • 34. Step 10 The Consumer can now access the data using it’s access token
  • 35. Step 11 The Provider sends the data if the access token checks out
  • 36. Look ma – no passwords! User never enters their password on the Consumer The Consumer actually has it’s own password (the token) The token can be revoked, stopping access
  • 37. The Dark Side: OpenID Phishing DNS Spoofing Not an AUTHORISATION system Consumer has to trust the Provider Doesn’t really work without a browser
  • 38. The Dark Side: REST No standard ! (Lather, rinse, repeat) No description language – requires more legwork
  • 39. The Dark Side: OAuth Doesn’t work so well without a browser More complex/higher overhead than username/password Doesn’t work with cURL
  • 40. Yadis with egg and cheese Service discovery protocol OpenID is the only open, distributed authentication system (Surprised?) XML RDF based Allows Providers and Consumers to negotiate protocols
  • 41. Yadis with egg and cheese <?xml version=“1.0” encoding=“UTF-8”?> <xrds:XRDS xmlns:xrds=“xri://$xrds” xmlns=“xri://$xrd*($v*2.0)”> <XRD> <Service> <Type>http://lid.netmesh.org/sso/2.0</Type> </Service> <Service> <Type>http://lid.netmesh.org/sso/1.0</Type> </Service> </XRD> </xrds:XRDS>
  • 42. You know what would be cool ? OpenID on your desktop OpenID on your mobile Webservice brokering system File system integration
  • 43. Your local libraries OpenID: http://wiki.openid.net/Libraries OAuth: http://oauth.net/code
  • 44. In conclusion, Thank You Question time starts… Now