Upload
hailey-york
View
220
Download
0
Embed Size (px)
Citation preview
OAuth
Phil Wilson, University of Bath, 2008
what the?
"OAuth provides a way to grant access to your data on some website to a third website, without needing to provide this third website with your authentication information for the original website." - source
what the?
Allows a website access to your password-protected information without needing to give your password to the website
password anti-pattern
in exchange...
every single twitter application (desktop and web tools, twitpic, mobile) asks for your twitter username and password
at which point they own your status updates
you know all those sites which say "put this number on your page to show that you own it" ?
source (screenshot by Tantek Çelik)Tantek Çelik)
"please type your University username and password"
enter OAuth
most of these are unnecessary
Google ContactsAPI
OAuth and OpenID
OAuth logs a website in to the place where you store your information - it's not about you logging in
Is this useful to us?
• probably! • any data that we might want to provide to third-party sites
• export your blog? wiki space? other personal data?
• do we ever want to import data?
any more time?
Adoption?
• widespread • part of a bigger stack providing open-source-like sharing of
information between sites and applications • Yahoo!, http://developer.yahoo.com/oauth/
• Google,
http://code.google.com/apis/accounts/docs/OAuth.html • lots and lots of others, no MS yet!
What about Facebook Connect?
"Facebook Connect ... allows any website to connect to facebook to get
user's information, and friend list."
Facebook Connect
Facebook Connect roughly equivalent to OpenID + OpenID Attribute Exchange + Portable Contacts + OpenSocial http://tinyurl.com/6eoys4 for more
Thanks!
questions