Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Online identity

Cristiano Betta
October 24, 2013
Technology
0
18

Online identity

Getting to know your users.

A talk I gave at London Web Standards

Cristiano Betta

October 24, 2013
Tweet

More Decks by Cristiano Betta

See All by Cristiano Betta
Docs as Engineering - DevRelCon London 2019
cbetta
0
130
DevRelCon London 2019 - Developer Experience Workshop
cbetta
0
98
DevRelCon London 2019 - Developer Experience Workshop
cbetta
0
150
The 7 Deadly Sins of Developer Experience (DevRelCon Tokyo)
cbetta
0
3.8k
The State of Encryption
cbetta
0
270
Developer Experience Workshop
cbetta
1
500
The 7 Deadly Sins of Developer Onboarding
cbetta
0
170
A brick by brick guide to developer experience
cbetta
2
540
Hackathons Workshop
cbetta
0
210

Other Decks in Technology

See All in Technology
Microsoft for Startups Founders Hub_20240429 update
daikikanemitsu
1
2.5k
エンジニア候補者向け資料2024.04.24.pdf
macloud
0
3.4k
QAエンジニアが伝えたい品質保証の羅針盤 / Compass for Quality Assurance
mii3king
1
190
データベース03: 関係データモデル
trycycle
0
110
さらばあのボタンとは言わせない SORACOM LTE-M Button powerd by AWSをまだ使えるようにした(前編?)
miura55
0
110
How to Lead? Testimonial of a Lead Android Engineer
oleur
1
120
R3のコードから見る実践LINQ実装最適化・コンカレントプログラミング実例
neuecc
3
3.6k
Cloudflare WorkersがPythonに対応したので試してみた
miura55
0
100
TailwindCSSでUIライブラリを作る際のハマりどころ
shuta13
0
110
AWS アーキテクチャ作図入門/aws-architecture-diagram-101
ma2shita
16
6.5k
Rustで「プリズモイダル法」を利用して「土量計算」をガチでやる
nokonoko1203
1
360
Cypress or Playwright?
rainerhahnekamp
0
180

Featured

See All Featured
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
21
1.6k
The Power of CSS Pseudo Elements
geoffreycrofte
62
5k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
22
1.4k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
22
1.6k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
18
7k
Practical Orchestrator
shlominoach
183
9.7k
Designing Experiences People Love
moore
136
23k
The Mythical Team-Month
searls
217
42k
In The Pink: A Labor of Love
frogandcode
138
21k
Code Review Best Practice
trishagee
56
15k
Optimizing for Happiness
mojombo
370
69k
The World Runs on Bad Software
bkeepers
PRO
61
6.7k

Transcript

  1. Online Identity Getting to know your users Cristiano Betta, Developer

    Evangelist

  2. Developer Evangelist

  3. Why am I here?

  4. None

  5. Do we always want to use the same identity?

  6. Should we always want to use the same identity?

  7. Authentication vs Authorisation

  8. None
  9. None

  10. A little history lesson

  11. Username + password

  12. None

  13. Security considerations

  14. Security nightmare

  15. 4.7% of users have the password password 8.5% have the

    passwords password or 123456 9.8% have the passwords password, 123456 or 12345678 14% have a password from the top 10 passwords 40% have a password from the top 100 passwords 79% have a password from the top 500 passwords 91% have a password from the top 1000 passwords Source: xato.net/passwords/more-top-worst-passwords/

  16. wiki.skullsecurity.org/Passwords

  17. 45% admit to leaving a website instead of re- setting

    their password or answering security questions Source: bit.ly/bluestats
  18. None
  19. None

  20. OpenID

  21. None
  22. None

  23. OAuth 1.0

  24. None

  25. Request' Request'Token' Grant' Request'Token' Direct'User'to'Service' Obtain'Authoriza:on' Direct'to'Consumer' Request' Access'Token' Grant'

    Access'Token' Access' Resources'
  26. None

  27. OAuth 1.0a

  28. None

  29. OAuth 2.0

  30. OAuth 2.0

  31. Direct'User'to'Service' Obtain'Authoriza5on' Request' Access'Token' Grant' Access'Token' Direct'to'Consumer' Access' Resources'/'Profile' Consumer'

    Service-Provider'
  32. None

  33. OAuth 2.0 and the Road to Hell homakov.blogspot.de/2013/03/oauth1-oauth2-oauth.html

  34. OAuth 2.0 + OpenID Connect

  35. None

  36. Identity Providers

  37. Out of 657 surveyed users 66% think that social sign-in

    is a desirable alternative. Source: bit.ly/bluestats

  38. Google Facebook Twitter

  39. None

  40. Social vs Concrete

  41. None
  42. None
  43. None
  44. None
  45. None

  46. • Name, email, location

  47. • Name, email, location • Friends, address

  48. • Name, email, location • Friends, address • Verified address,

    payment address, account type

  49. • Name, email, location • Friends, address • Verified address,

    payment address, account type • Seamless checkout

  50. Demo

  51. The nature of an identity matters

  52. Recognize the difference between authentication and authorization

  53. Well used authorization can improve the user experience beyond plain

    user identification

  54. The user experience should be enhanced not impaired by user

    authentication
  55. None

  56. Questions [email protected] slideshare.net/paypal