Online identity getting to know your users

Tags:

Preview:

Click to see full reader

DESCRIPTION

A talk I gave at London Web Standards

Citation preview

Online IdentityGetting to know your users

Cristiano Betta, Developer Evangelist

Developer Evangelist

Why am I here?

Do we always want to use the same identity?

Should we always want to use the same identity?

Authentication vs Authorisation

A little history lesson

Username + password

Security considerations

Security nightmare

4.7% of users have the password password 8.5% have the passwords password or 123456

9.8% have the passwords password, 123456 or 12345678 14% have a password from the top 10 passwords 40% have a password from the top 100 passwords 79% have a password from the top 500 passwords 91% have a password from the top 1000 passwords Source: xato.net/passwords/more-top-worst-passwords/

wiki.skullsecurity.org/Passwords

45% admit to leaving a website instead of re-setting their password or answering security questionsSource: bit.ly/bluestats

OpenID

OAuth 1.0

Request'Request'Token'

Grant'Request'Token'

Direct'User'to'Service' Obtain'Authoriza:on'

Direct'to'Consumer'Request'Access'Token'

Grant'Access'Token'

Access'Resources'

OAuth 1.0a

OAuth 2.0

OAuth 2.0

Direct'User'to'Service' Obtain'Authoriza5on'

Request'Access'Token'

Grant'Access'Token'

Direct'to'Consumer'Access'Resources'/'Profile'

Consumer' Service-Provider'

OAuth 2.0 and the Road to Hellhomakov.blogspot.de/2013/03/oauth1-oauth2-oauth.html

OAuth 2.0 + OpenID Connect

Identity Providers

Out of 657 surveyed users 66% think that social sign-in is a desirable alternative.Source: bit.ly/bluestats

Google Facebook Twitter

Social vs Concrete

• Name, email, location

• Name, email, location

• Friends, address

• Name, email, location

• Friends, address

• Verified address, payment address, account type

• Name, email, location

• Friends, address

• Verified address, payment address, account type

• Seamless checkout

Demo

The nature of an identity matters

Recognize the difference between authentication and authorization

Well used authorization can improve the user experience beyond plain user identification

The user experience should be enhanced not impaired by user authentication

Questionscbetta@paypal.com

slideshare.net/paypal

mailto:cbetta@paypal.com
mailto:cbetta@paypal.com

Recommended

Trans Users Rights - Gender Identity Research and Education Society
Documents
GETTING CUSTOMER IAM RIGHT - Ping Identity
Documents
ISF Watchkeeper 3 Getting Started Users Guidelinux.geodatapub.com/publicweb/TDI forms/Bridge/Watchkeeper Users Guide.pdfISF Watchkeeper 3 Getting Started Users Guide ISF Watchkeeper
Documents
Spporting Users in Getting Things Done
Documents
Getting Started - ForgeRock Identity Management 6 · Getting Started /ForgeRock Identity Management 6.5 Latest update: 6.5.0.3 Mike Jang ForgeRock AS 201 Mission St., Suite 2900 San
Documents
Getting Started Guide - Community RTI Connext Users
Documents
PHP Workshop ‹#› Forms (Getting data from users)
Documents
Open Identity - getting to know your users
Technology
Digital identity on n-blocksDigital identity lifecycle management consists of the following stages. Digital identity lifecycle The primary end-users are individuals whose identity
Documents
Whitemarsh Metabase Getting Started Users Guide · Whitemarsh Metabase: Getting Started Users Guide 1.0 Whitemarsh Metabase Getting Started Guide This Getting Started Guide is a quick-start
Documents
Getting started guide for marketing users
Business
Getting Started with Centrify Identity Risk Assessor (CIRA)€¦ · Getting Started with Centrify Identity Risk Assessor (CIRA) The Centrify Identity Risk Assessor (CIRA) is a risk
Documents
Concrete indentity really getting to know your users
Technology
EIA2016Nice - Brian Kress. Getting your users hooked
Technology
Migrating Essbase Instances from Oracle Analytics Cloud ......Migrate Users And Groups from Oracle Identity Cloud Service 2-6 ... • Getting Started with Oracle Analytics Cloud
Documents
SIMATIC S7-300 Getting Started for First Time Users SIMATIC S7-300 Getting Started for First Time Users Getting Started, 04/2007, 6ZB5310-0NC02-0BA0 Welcome to the “S7-300 Getting
Documents
GETTING STARTED WITH IDENTITY AND ACCESS MANAGEMENT … · Getting started with Identity and Access ... Devices for mobile ... products that secure the access points into the network
Documents
Getting Input From Users
Documents
Getting to know your digital users
Technology
GETTING SMART ABOUT IDENTITY MANAGEMENT IN AIR …€¦ · Sean Farrell, Head of Portfolio Management, Government Solutions, SITA GETTING SMART ABOUT IDENTITY MANAGEMENT IN AIR TRANSPORT
Documents