Upload File

online identity getting to know your users

56
Online Identity Getting to know your users Cristiano Betta, Developer Evangelist

Upload: cristiano-betta

Post on 17-May-2015

244 views

Category:

Technology


1 download

Report

Tags:

DESCRIPTION

A talk I gave at London Web Standards

TRANSCRIPT

Page 1: Online identity getting to know your users

Online IdentityGetting to know your users

Cristiano Betta, Developer Evangelist

Page 2: Online identity getting to know your users

Developer Evangelist

Page 3: Online identity getting to know your users

Why am I here?

Page 4: Online identity getting to know your users
Page 5: Online identity getting to know your users

Do we always want to use the same identity?

Page 6: Online identity getting to know your users

Should we always want to use the same identity?

Page 7: Online identity getting to know your users

Authentication vs Authorisation

Page 8: Online identity getting to know your users
Page 9: Online identity getting to know your users
Page 10: Online identity getting to know your users

A little history lesson

Page 11: Online identity getting to know your users

Username + password

Page 12: Online identity getting to know your users
Page 13: Online identity getting to know your users

Security considerations

Page 14: Online identity getting to know your users

Security nightmare

Page 15: Online identity getting to know your users

4.7% of users have the password password 8.5% have the passwords password or 123456

9.8% have the passwords password, 123456 or 12345678 14% have a password from the top 10 passwords 40% have a password from the top 100 passwords 79% have a password from the top 500 passwords 91% have a password from the top 1000 passwords Source: xato.net/passwords/more-top-worst-passwords/

Page 16: Online identity getting to know your users

wiki.skullsecurity.org/Passwords

Page 17: Online identity getting to know your users

45% admit to leaving a website instead of re-setting their password or answering security questionsSource: bit.ly/bluestats

Page 18: Online identity getting to know your users
Page 19: Online identity getting to know your users
Page 20: Online identity getting to know your users

OpenID

Page 21: Online identity getting to know your users
Page 22: Online identity getting to know your users
Page 23: Online identity getting to know your users

OAuth 1.0

Page 24: Online identity getting to know your users
Page 25: Online identity getting to know your users

Request'Request'Token'

Grant'Request'Token'

Direct'User'to'Service' Obtain'Authoriza:on'

Direct'to'Consumer'Request'Access'Token'

Grant'Access'Token'

Access'Resources'

Page 26: Online identity getting to know your users
Page 27: Online identity getting to know your users

OAuth 1.0a

Page 28: Online identity getting to know your users
Page 29: Online identity getting to know your users

OAuth 2.0

Page 30: Online identity getting to know your users

OAuth 2.0

Page 31: Online identity getting to know your users

Direct'User'to'Service' Obtain'Authoriza5on'

Request'Access'Token'

Grant'Access'Token'

Direct'to'Consumer'Access'Resources'/'Profile'

Consumer' Service-Provider'

Page 32: Online identity getting to know your users
Page 33: Online identity getting to know your users

OAuth 2.0 and the Road to Hellhomakov.blogspot.de/2013/03/oauth1-oauth2-oauth.html

Page 34: Online identity getting to know your users

OAuth 2.0 + OpenID Connect

Page 35: Online identity getting to know your users
Page 36: Online identity getting to know your users

Identity Providers

Page 37: Online identity getting to know your users

Out of 657 surveyed users 66% think that social sign-in is a desirable alternative.Source: bit.ly/bluestats

Page 38: Online identity getting to know your users

Google Facebook Twitter

Page 39: Online identity getting to know your users
Page 40: Online identity getting to know your users

Social vs Concrete

Page 41: Online identity getting to know your users
Page 42: Online identity getting to know your users
Page 43: Online identity getting to know your users
Page 44: Online identity getting to know your users
Page 45: Online identity getting to know your users
Page 46: Online identity getting to know your users

• Name, email, location

Page 47: Online identity getting to know your users

• Name, email, location

• Friends, address

Page 48: Online identity getting to know your users

• Name, email, location

• Friends, address

• Verified address, payment address, account type

Page 49: Online identity getting to know your users

• Name, email, location

• Friends, address

• Verified address, payment address, account type

• Seamless checkout

Page 50: Online identity getting to know your users

Demo

Page 51: Online identity getting to know your users

The nature of an identity matters

Page 52: Online identity getting to know your users

Recognize the difference between authentication and authorization

Page 53: Online identity getting to know your users

Well used authorization can improve the user experience beyond plain user identification

Page 54: Online identity getting to know your users

The user experience should be enhanced not impaired by user authentication

Page 55: Online identity getting to know your users
Page 56: Online identity getting to know your users

[email protected]

slideshare.net/paypal

mailto:[email protected]
mailto:[email protected]

Getting to know your users with RUM

Internet Users at Risk: The Identity / Privacy Target Zone

EIA2016Nice - Brian Kress. Getting your users hooked

Concrete indentity really getting to know your users

Getting Started - ForgeRock Identity Management 6 › docs › idm › 6 › IDM-6-Getting-Start… · Getting Started /ForgeRock Identity Management 6.0 Latest update: 6.0.0.6 Mike

GETTING STARTED WITH IDENTITY AND ACCESS MANAGEMENT … · Getting started with Identity and Access ... Devices for mobile ... products that secure the access points into the network

Getting Started - Community RTI Connext Users

PingFederate Getting Started - Ping Identity

Getting Users Through Virality

Spporting Users in Getting Things Done

Installation and getting started users guide

Logo? Identity? Brand? - Getting the right idea & Getting the idea right

Getting Started Guide - Community RTI Connext Users

GETTING STARTED WITH IDENTITY AND ACCESS MANAGEMENT

Impostor Detection - Distinguishing hackers misrepresenting identity from genuine users

GETTING SMART ABOUT IDENTITY MANAGEMENT IN AIR …€¦ · Sean Farrell, Head of Portfolio Management, Government Solutions, SITA GETTING SMART ABOUT IDENTITY MANAGEMENT IN AIR TRANSPORT

Chapter 7: Getting Input From Users

ISF Watchkeeper 3 Getting Started Users Guidelinux.geodatapub.com/publicweb/TDI forms/Bridge/Watchkeeper Users Guide.pdfISF Watchkeeper 3 Getting Started Users Guide ISF Watchkeeper

Digital identity on n-blocksDigital identity lifecycle management consists of the following stages. Digital identity lifecycle The primary end-users are individuals whose identity

PingFederate Getting Started - Identity Security for the

Getting started guide for marketing users

Upgrading to Oracle Identity Manager 11.1.2.3 · Today, Identity Governance solutions are no longer geared solely towards administrative users, but for business users to complete

Features Momentum’s Mobility View One Identity – Users ......» Unified Communications – Users have one identity across all services, voice, video and Instant Messaging & Presence

European Union and Identity - CLAS Users

Getting Started - ForgeRock Identity Management 6 · Getting Started /ForgeRock Identity Management 6.5 Latest update: 6.5.0.3 Mike Jang ForgeRock AS 201 Mission St., Suite 2900 San

SIMATIC S7-300 Getting Started for First Time Users SIMATIC S7-300 Getting Started for First Time Users Getting Started, 04/2007, 6ZB5310-0NC02-0BA0 Welcome to the “S7-300 Getting

Migrating Essbase Instances from Oracle Analytics Cloud ......Migrate Users And Groups from Oracle Identity Cloud Service 2-6 ... • Getting Started with Oracle Analytics Cloud

Getting users to care about security

Getting Started Guide - RememberMeYearbooks€¦ · Getting Started Guide 3 3. Users tab On the users tab you can invite and add your yearbook project team members. Adding users 3.1

ISF WK3 Getting Started Users Guide

Getting Input From Users

Whitemarsh Metabase Getting Started Users Guide · Whitemarsh Metabase: Getting Started Users Guide 1.0 Whitemarsh Metabase Getting Started Guide This Getting Started Guide is a quick-start

GETTING CUSTOMER IAM RIGHT - Ping Identity

PHP Workshop ‹#› Forms (Getting data from users)

Getting Cloud Identity Right