Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Online identity

Cristiano Betta
October 24, 2013
Technology
0
27

Online identity

Getting to know your users.

A talk I gave at London Web Standards

Cristiano Betta

October 24, 2013
Tweet

More Decks by Cristiano Betta

See All by Cristiano Betta
Docs as Engineering - DevRelCon London 2019
cbetta
0
130
DevRelCon London 2019 - Developer Experience Workshop
cbetta
0
120
DevRelCon London 2019 - Developer Experience Workshop
cbetta
0
210
The 7 Deadly Sins of Developer Experience (DevRelCon Tokyo)
cbetta
0
3.9k
The State of Encryption
cbetta
0
320
Developer Experience Workshop
cbetta
1
550
The 7 Deadly Sins of Developer Onboarding
cbetta
0
180
A brick by brick guide to developer experience
cbetta
2
590
Hackathons Workshop
cbetta
0
250

Other Decks in Technology

See All in Technology
アジャイルでの品質の進化 Agile in Motion vol.1/20241118 Hiroyuki Sato
shift_evolve
0
150
RubyのWebアプリケーションを50倍速くする方法 / How to Make a Ruby Web Application 50 Times Faster
hogelog
3
940
なぜ今 AI Agent なのか _近藤憲児
kenjikondobai
4
1.4k
VideoMamba: State Space Model for Efficient Video Understanding
chou500
0
190
TypeScript、上達の瞬間
sadnessojisan
46
13k
Evangelismo técnico: ¿qué, cómo y por qué?
trishagee
0
360
iOSチームとAndroidチームでブランチ運用が違ったので整理してます
sansantech
PRO
0
140
10XにおけるData Contractの導入について: Data Contract事例共有会
10xinc
6
640
スクラムチームを立ち上げる〜チーム開発で得られたもの・得られなかったもの〜
ohnoeight
2
350
New Relicを活用したSREの最初のステップ / NRUG OKINAWA VOL.3
isaoshimizu
2
610
【Startup CTO of the Year 2024 / Audience Award】アセンド取締役CTO 丹羽健
niwatakeru
0
1.1k
OCI 運用監視サービス 概要
oracle4engineer
PRO
0
4.8k

Featured

See All Featured
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
27
4.3k
How to Ace a Technical Interview
jacobian
276
23k
Code Reviewing Like a Champion
maltzj
520
39k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
25
1.8k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
169
50k
The Art of Programming - Codeland 2020
erikaheidi
52
13k
Large-scale JavaScript Application Architecture
addyosmani
510
110k
BBQ
matthewcrist
85
9.3k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
356
29k
How To Stay Up To Date on Web Technology
chriscoyier
788
250k
Why You Should Never Use an ORM
jnunemaker
PRO
54
9.1k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
131
33k

Transcript

  1. Online Identity Getting to know your users Cristiano Betta, Developer

    Evangelist

  2. Developer Evangelist

  3. Why am I here?

  4. None

  5. Do we always want to use the same identity?

  6. Should we always want to use the same identity?

  7. Authentication vs Authorisation

  8. None
  9. None

  10. A little history lesson

  11. Username + password

  12. None

  13. Security considerations

  14. Security nightmare

  15. 4.7% of users have the password password 8.5% have the

    passwords password or 123456 9.8% have the passwords password, 123456 or 12345678 14% have a password from the top 10 passwords 40% have a password from the top 100 passwords 79% have a password from the top 500 passwords 91% have a password from the top 1000 passwords Source: xato.net/passwords/more-top-worst-passwords/

  16. wiki.skullsecurity.org/Passwords

  17. 45% admit to leaving a website instead of re- setting

    their password or answering security questions Source: bit.ly/bluestats
  18. None
  19. None

  20. OpenID

  21. None
  22. None

  23. OAuth 1.0

  24. None

  25. Request' Request'Token' Grant' Request'Token' Direct'User'to'Service' Obtain'Authoriza:on' Direct'to'Consumer' Request' Access'Token' Grant'

    Access'Token' Access' Resources'
  26. None

  27. OAuth 1.0a

  28. None

  29. OAuth 2.0

  30. OAuth 2.0

  31. Direct'User'to'Service' Obtain'Authoriza5on' Request' Access'Token' Grant' Access'Token' Direct'to'Consumer' Access' Resources'/'Profile' Consumer'

    Service-Provider'
  32. None

  33. OAuth 2.0 and the Road to Hell homakov.blogspot.de/2013/03/oauth1-oauth2-oauth.html

  34. OAuth 2.0 + OpenID Connect

  35. None

  36. Identity Providers

  37. Out of 657 surveyed users 66% think that social sign-in

    is a desirable alternative. Source: bit.ly/bluestats

  38. Google Facebook Twitter

  39. None

  40. Social vs Concrete

  41. None
  42. None
  43. None
  44. None
  45. None

  46. • Name, email, location

  47. • Name, email, location • Friends, address

  48. • Name, email, location • Friends, address • Verified address,

    payment address, account type

  49. • Name, email, location • Friends, address • Verified address,

    payment address, account type • Seamless checkout

  50. Demo

  51. The nature of an identity matters

  52. Recognize the difference between authentication and authorization

  53. Well used authorization can improve the user experience beyond plain

    user identification

  54. The user experience should be enhanced not impaired by user

    authentication
  55. None

  56. Questions [email protected] slideshare.net/paypal