Upload File

wordpress + oauth

33
WordPress + OAuth Will Norris http://will.norris.name / WordCamp SF 2008 2008 Aug 16

Upload: will-norris

Post on 06-May-2015

15.496 views

Category:

Technology


1 download

Report

TRANSCRIPT

Page 1: WordPress + OAuth

WordPress + OAuthWill Norris

http://will.norris.name/

WordCamp SF 2008 2008 Aug 16

http://will.norris.name
http://will.norris.name
Page 2: WordPress + OAuth

Will Norris

Early 2007

Dec 2007

April 2008

DiSo - seeking a viable model for a distributed social networkcomponents - people, friends, identity, activities, sharing & permissions, messaging, groups

Vidoop - strong authentication for the consumer web

Page 3: WordPress + OAuth

What is OAuth?

Page 4: WordPress + OAuth

OAuth is...

... a protocol for developingpassword less APIs.

Page 5: WordPress + OAuth

OAuth is...

... a way for an application to interact witha service on a user’s behalf without havingto know the user’s credentials.

Page 6: WordPress + OAuth

OAuth is...

... “your valet key for the Web.”

Page 7: WordPress + OAuth

OAuth is...

... not OpenID.

Page 8: WordPress + OAuth

OAuth is...

... not OpenID.

(OpenID does authentication. OAuth does authorization.)

Page 9: WordPress + OAuth

OAuth is...

... not OpenID.

(OpenID identifies users. OAuth identifies applications.)

Page 10: WordPress + OAuth

Why do we need OAuth?

Page 11: WordPress + OAuth

The Love Triangle

Service Provider

End User

Consumer Application

Page 12: WordPress + OAuth

The Love Triangle

Service Provider

End User

Consumer Application

Page 13: WordPress + OAuth

The Password Anti-Pattern

teaching people bad habits

Page 14: WordPress + OAuth

Importing Contacts

Page 15: WordPress + OAuth

Importing Contacts

Page 16: WordPress + OAuth

Accessing WordPress

Page 17: WordPress + OAuth

Accessing WordPress

Page 18: WordPress + OAuth

Problems

Full account access

Non-revokable

Sharing your credentials is giving away the keys to the kingdom. It’s the equivalent of giving the waiter your ATM card and PIN in order to pay for dinner.You can’t revoke your password once you’ve shared it... all you can do is change your password. And then you have to update it everywhere.

Page 19: WordPress + OAuth

OAuth Tokens can...

Be constrained ... by source ... by time ... by function ... by _____

Limit by IP Address. Allow access only during certain times of the day or for the next two months. Allow basic functions, but not administrative functions.

Page 20: WordPress + OAuth

OAuth Tokens can...

Be revoked ... automatically ... manually

Revoke token after a certain number of uses or period of time.

Page 21: WordPress + OAuth

WordPress OAuth Demopictu

res

Page 22: WordPress + OAuth

The Love Triangle

Service Provider

End User

Consumer Application

Page 23: WordPress + OAuth
Page 24: WordPress + OAuth

Note that we only enter the blog URL now, not the username and password.

Page 25: WordPress + OAuth

We login at our WordPress blog, through the normal login page.

Page 26: WordPress + OAuth

Grant or deny access for this particular application.

Page 27: WordPress + OAuth
Page 28: WordPress + OAuth

Managing your Applications

Page 29: WordPress + OAuth
Page 30: WordPress + OAuth
Page 31: WordPress + OAuth

Who’s using OAuth?

...and more

Google - All GData APIs, Google Friend ConnectYahoo! - FireEagle, Y! Open Strategy, Flickr(?)

Page 32: WordPress + OAuth

Questions ?

Page 33: WordPress + OAuth

Slide credits:

“OAuth: Basic Introduction” - Leah Culver“Advanced OAuth Wrangling” - Kellen Elliot-McCrea


Twitter oauth #idcon7

Mastering OAuth 2 - Adobe Inc.€¦ · leveraging the OAuth 2.0 Authorization Framework Mastering OAuth 2.0 Charles Bihis Mastering OAuth 2.0 OAuth 2.0 is a powerful authorization

The OAuth 2.0 Authorization Protocol - cleesh.com · The OAuth 2.0 Authorization Protocol draft-ietf-oauth-v2-25 Abstract The OAuth 2.0 authorization protocol enables a third-party

Oauth (Open Authorization)

The Essential OAuth Primer: Understanding OAuth for Securing Cloud APIs

OAuth protokol - sigurnost.zemris.fer.hrsigurnost.zemris.fer.hr/protokoli/2011_budiselic/OAuth protokol.pdf · OAuth protokol Ivan Budiseli c Seminarski rad za poslijediplomski predmet

Open authentication (oauth)

Twitter oauth

Understanding OAuth 2.0

The Essential OAuth Primer: Understanding OAuth for Securing Cloud

The How of OAuth OAuth Hackathon – 4/26 @ Six Apart

Entendiendo oAuth

OAuth Hacks A gentle introduction to OAuth 2 and Apache Oltu

oAuth test

OAuth Tokens

The OAuth 2.0 Authorization Frameworkself-issued.info/docs/draft-ietf-oauth-v2-30.pdf · 2012. 7. 15. · The OAuth 2.0 Authorization Framework draft-ietf-oauth-v2-30 Abstract The

Oracle Access Management OAuth Service€¦ · OAuth 2.0 authorization server and also offers several compelling differentiations to enable the OAuth 2.0 Client and the OAuth 2.0

Authorization with oAuth

Integrating OAuth and Social Login Into Wordpress

Painless OAuth

「金融API向けOAuth」にみるOAuthプロファイリングの実際 #secjaws #finsecjaws01 #oauth #oidc #api

Twitter4R OAuth

Introduction to OAuth

OAuth 2 - Sesar Labsesar.di.unimi.it/corsi/SOASecurity/slide/OAuth2.0from...OAuth 2.0 From scratch What is OAuth 2 •OAuth 2 is an authorization framework that enables applications

Oracle OAuth ServiceOAuth 2.0 authorization server and also offers several compelling differentiations to enable the OAuth 2.0 Client and the OAuth 2.0 Resource Server roles. OAM OAuth

Everything OAuth

OAuth: Trust Issues

OAuth Passport

Identity Workshopinnovbfa.viabloga.com/files//Cloud_Identity_Summit... · OAuth 2.0 OAuth 1 + OAuth-WRAP + IETF = OAuth 2.0 Expanded participation with other major vendors such as

OAuth for TeraGrid Gateways - …security.ncsa.illinois.edu/teragrid-oauth/OAuthforTGGateways...OAuth for TeraGrid Gateways Jim Basney Jeff Gaynor

OAuth with OpenPNE3

OpenID and OAuth

Daum OAuth 2.0

Implementing OAuth

Oauth tutorial