Scribd Logo
Upload

Welcome to Scribd!

  • Oauth Tutorial

    Uploaded by

    conikeec
    5 views41 pages

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    5 views41 pages

    Oauth Tutorial

    Uploaded by

    conikeec

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 41

    Pannes 1schofenlg 8lalne Cook

    (lL1l#79 8el[lng)
    cknowledgemenLs
    - l would llke Lo Lhank Lo asl Lronen We are
    reuslng some of hls slldes ln Lhls
    presenLaLlon
    11/11/2011 lL1l #79 CuLh 1uLorlal 8el[lng 2
    11/11/2011 lL1l #79 CuLh 1uLorlal 8el[lng 3
    1he roblem Secure uaLa Sharlng
    11/11/2011 lL1l #79 CuLh 1uLorlal 8el[lng 4
    11/11/2011 lL1l #79 CuLh 1uLorlal 8el[lng 3
    Lxample CuLh Lxchange
    LnLlLles
    User Agent
    (Web Browser)
    Authorization Server
    (Yahoo)
    User
    Resource Server
    (Yahoo)
    Resource Consumer
    (Linkedn)
    Access Request
    (incl. Token)
    Token request
    Authorization Request
    11/11/2011 6 lL1l #79 CuLh 1uLorlal 8el[lng
    11/11/2011 lL1l #79 CuLh 1uLorlal 8el[lng 7
    user navlgaLes Lo 8esource CllenL
    11/11/2011 lL1l #79 CuLh 1uLorlal 8el[lng 8
    user auLhenLlcaLed by
    uLhorlzaLlon Server
    11/11/2011 9
    user auLhorlzes 8esource Consumer Lo
    access 8esource Server
    lL1l #79 CuLh 1uLorlal 8el[lng
    11/11/2011 lL1l #79 CuLh 1uLorlal 8el[lng 10
    8esource CllenL calls Lhe
    8esource Server l
    8emark uLhenLlcaLlon
    - ?ahoo ln our example may ouLslde Lhe auLhenLlcaLlon parL Lo
    oLher provlders (eg uslng Cpenlu)
    - uLhorlzaLlon Server and 8esource Server do noL need Lo be
    operaLed by Lhe same enLlLy
    11/11/2011 lL1l #79 CuLh 1uLorlal 8el[lng 11
    8emark uLhorlzaLlon
    - sklng Lhe user for consenL prlor Lo share
    lnformaLlon ls consldered prlvacyfrlendly
    - user lnLerfaces for obLalnlng user conLenL
    may noL always be greaL
    11/11/2011 lL1l #79 CuLh 1uLorlal 8el[lng 12
    8emark uLhorlzaLlon conL
    11/11/2011 lL1l #79 CuLh 1uLorlal 8el[lng 13
    8emark uLhorlzaLlon conL
    8emark uLhorlzaLlon conL
    11/11/2011 lL1l #79 CuLh 1uLorlal 8el[lng 13
    8emark rlor8eglsLraLlon
    - Many 8esource Server requlre reglsLraLlon of
    8esource CllenL's prlor Lo usage
    - Lxample hLLp//developercllqseLcom/apl
    11/11/2011 lL1l #79 CuLh 1uLorlal 8el[lng 16
    8emark
    conL
    11/11/2011 lL1l #79 CuLh 1uLorlal 8el[lng 17
    11/11/2011 lL1l #79 CuLh 1uLorlal 8el[lng 18
    PlsLory
    11/11/2011 lL1l #79 CuLh 1uLorlal 8el[lng 19
    PlsLory
    - november 2006 8lalne Cook was looklng lnLo Lhe posslblllLy of
    uslng Cpenlu Lo accompllsh Lhe funcLlonallLy for delegaLed
    auLhenLlcaLlon Pe goL ln Louch wlLh some oLher folks LhaL had
    a slmllar need
    - uecember 2006 8lalne wroLe a reference lmplemenLaLlon for
    1wlLLer based on all Lhe exlsLlng CuLhpaLLerned ls whlch
    8lalne and kellan LllloLLMcCrea Lurned lnLo a rough funcLlonal
    drafL
    - prll 2007 Coogle group was creaLed wlLh a small group of
    lmplemenLers Lo wrlLe a proposal for an open proLocol
    - !uly 2007 CuLh 10 (wlLh code for ma[or programmlng
    languages)
    - SepLember 2007 8ewrlLe of speclflcaLlon Lo focus on a slngle
    flow (lnsLead of web moblle and deskLop flows)
    - ueploymenL of CuLh well on lL's way
    hLLp//wlkloauLhneL/Servlcerovlders
    11/11/2011 lL1l #79 CuLh 1uLorlal 8el[lng 20
    PlsLory conL
    - 1
    sL
    CuLh 8Cl (Mlnneapolls november 2008 lL1l#73)
    8Cl Chalrs Sam ParLman Mark noLLlngham
    8Cl wenL Ck buL a couple of charLer quesLlons couldn'L be resolved
    - 2
    nd
    CuLh 8Cl (San lranclsco March 2009 lL1l#74)
    8Cl Chalrs Pannes 1schofenlg 8lalne Cook
    CharLer dlscussed on Lhe malllng llsL and also durlng Lhe meeLlng llnallzed
    shorLly afLer Lhe meeLlng
    - lL1l wlde revlew of Lhe CuLh charLer LexL (28
    Lh
    prll 2009)
    nnouncemenL hLLp//wwwleLforg/mallarchlve/web/leLf
    announce/currenL/msg06009hLml
    - CuLh worklng group was creaLed (May 2009)
    Chalrs 8lalne Cook eLer SalnL ndre
    - leb 2010 1he CuLh 10 roLocol ' approved as lnformaLlonal 8lC
    hLLp//wwwleLforg/mallarchlve/web/leLfannounce/currenL/msg07047hLml
    PlsLory conL
    - March 2010 eLer SalnL ndre became rea ulrecLor and Pannes 1schofenlg
    became 8lalne's cochalr
    - March 2010 lL1l CuLh meeLlng ln nahelm
    - prll 2010 CuLh 20 drafLleLfoauLhv200LxL publlshed coauLhored by Lran
    ulck uavld
    - May 2010 llrsL CuLh lnLerlm meeLlng colocaLed wlLh llW Lo dlscuss open lssues
    - !uly 2010 MaasLrlchL lL1l meeLlng
    - november 2010 uocumenL spllL lnLo absLracL" speclflcaLlon and separaLe bearer
    Loken and message slgnlng speclflcaLlon
    - november 2010 8el[lng lL1l meeLlng no offlclal CuLh worklng group meeLlng
    ulscusslons abouL securlLy for CuLh
    11/11/2011 lL1l #79 CuLh 1uLorlal 8el[lng 21
    LnLlLles
    User Agent
    Authorization Server
    User
    Resource Server
    Resource Consumer
    Access Request
    (incl. Token)
    Token request
    Authorization Request
    11/11/2011 22 lL1l #79 CuLh 1uLorlal 8el[lng
    Scope of Lhe CuLh WC
    - Current|y only one worklng group lLem
    hLLp//LoolsleLforg/hLml/drafLleLfoauLhv2
    unllke CuLh v10 lL does noL conLaln slgnaLure
    mechanlsms
    - We have a punch of oLher documenLs as lndlvldual
    lLems
    rovldlng securlLy relaLed exLenslons
    user lnLerface conslderaLlons
    1oken formaLs
    1oken by reference
    use case descrlpLlons
    CLher CuLh proflles
    11/11/2011 lL1l #79 CuLh 1uLorlal 8el[lng 23
    OAuth ProfiIes
    Token Request
    Work reas
    User
    User Agent
    Authorization Server
    Resource Server
    Resource Consumer
    Access Request
    (incl. Token)
    Authorization Request
    11/11/2011 24
    lL1l #79 CuLh 1uLorlal 8el[lng
    Der Interface
    1oken Iormat
    And Content
    Authz Server
    Interact|on
    Data Lxchange
    Authent|cat|on
    kequet Secur|ty
    Web Server llow
    11/11/2011 26 lL1l #79 CuLh 1uLorlal 8el[lng
    llLLle blL abouL CuLh securlLy
    OAuth ProfiIes
    Token Request
    Work reas
    User
    User Agent
    Authorization Server
    Resource Server
    Resource Consumer
    Access Request
    (incl. Token)
    Authorization Request
    11/11/2011 28
    lL1l #79 CuLh 1uLorlal 8el[lng
    Der Interface
    1oken Iormat
    And Content
    Authz Server
    Interact|on
    Data Lxchange
    Authent|cat|on
    kequet Secur|ty
    8earer 1oken"
    TLS
    TLS
    Resource
    Consumer
    Resource
    Server
    Authorization
    Server
    Request
    Token
    Token
    Message Slgnlng"
    Request
    Token,
    {Request}SK,{SK}
    Bob
    Token,SK,
    {SK}Bob
    TLS
    Resource
    Consumer
    Resource
    Server
    Authorization
    Server
    Concluslon
    - Cpen Web uLhenLlcaLlon (CuLh) ls developed ln
    Lhe lL1l Lo provlde delegaLed auLhenLlcaLlon for
    Webbased envlronmenLs
    usage for nonWeb based appllcaLlons has been proposed
    as well
    - Work ls ln progress and recharLerlng wlll expand Lhe
    work Lo lnclude new feaLures and use cases as well
    as securlLy
    - !oln Lhe CuLh malllng llsL aL
    hLLp//daLaLrackerleLforg/wg/oauLh/charLer/ Lo
    make your conLrlbuLlon
    11/11/2011 lL1l #79 CuLh 1uLorlal 8el[lng 31
    8ackup Slldes
    11/11/2011 lL1l #79 CuLh 1uLorlal 8el[lng 32
    !avaScrlpL llow
    (user genL llow ln urafL)
    11/11/2011 34 lL1l #79 CuLh 1uLorlal 8el[lng
    naLlve ppllcaLlon llow
    11/11/2011 36 lL1l #79 CuLh 1uLorlal 8el[lng
    uLonomous llow
    11/11/2011 38 lL1l #79 CuLh 1uLorlal 8el[lng
    uevlce llow
    11/11/2011 40 lL1l #79 CuLh 1uLorlal 8el[lng
    11/11/2011 41 lL1l #79 CuLh 1uLorlal 8el[lng

    You might also like