yahoo! openid and oauth
DESCRIPTION
Allen Tom Yahoo! Membership Architect OpenID Foundation Board Member [email protected] @atom. Yahoo! OpenID and OAuth. OpenID – Authentication OAuth – Authorization OAuth-WRAP – next generation OAuth. Yahoo! and the Open Web. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Yahoo! OpenID and OAuth](https://reader035.vdocuments.mx/reader035/viewer/2022062300/56812bb4550346895d8ff35c/html5/thumbnails/1.jpg)
Yahoo! OpenID and OAuth
1
Allen TomYahoo! Membership Architect
OpenID Foundation Board [email protected]
@atom
![Page 2: Yahoo! OpenID and OAuth](https://reader035.vdocuments.mx/reader035/viewer/2022062300/56812bb4550346895d8ff35c/html5/thumbnails/2.jpg)
• OpenID – Authentication• OAuth – Authorization• OAuth-WRAP – next generation OAuth
2
![Page 3: Yahoo! OpenID and OAuth](https://reader035.vdocuments.mx/reader035/viewer/2022062300/56812bb4550346895d8ff35c/html5/thumbnails/3.jpg)
Yahoo! and the Open Web
• Yahoo! OS: Initiative to open up Yahoo’s services to 3rd party developers and partners
• OpenID: Opens Yahoo’s Membership platform to all websites– Users who have a Yahoo Account can log in with it at
any website that accepts OpenID• OAuth: Authorization protocol (access control) for
Yahoo Data and APIs– Contacts (Address Book)– Yahoo Mail– Yahoo! Updates (Activity Streams)
3
![Page 4: Yahoo! OpenID and OAuth](https://reader035.vdocuments.mx/reader035/viewer/2022062300/56812bb4550346895d8ff35c/html5/thumbnails/4.jpg)
Yahoo OpenID + OAuth
4
• Yahoo users can sign into websites using their Yahoo ID via the OpenID Protocol
• Users can authorize data access via Oauth• Share your Yahoo Address Book• Let the 3rd party update your Status• Upload photos
![Page 5: Yahoo! OpenID and OAuth](https://reader035.vdocuments.mx/reader035/viewer/2022062300/56812bb4550346895d8ff35c/html5/thumbnails/5.jpg)
Authentication, continued…
• My YahooID is [email protected]• My OpenID identifier is
https://me.yahoo.com/allentomdude• OpenID lets me prove that I control
https://me.yahoo.com/allentomdude
5
![Page 6: Yahoo! OpenID and OAuth](https://reader035.vdocuments.mx/reader035/viewer/2022062300/56812bb4550346895d8ff35c/html5/thumbnails/6.jpg)
Yahoo OpenID Example
• Login to the HuffingtonPost.com using your Yahoo ID
6
![Page 7: Yahoo! OpenID and OAuth](https://reader035.vdocuments.mx/reader035/viewer/2022062300/56812bb4550346895d8ff35c/html5/thumbnails/7.jpg)
7
Click Log InClick Log In
![Page 8: Yahoo! OpenID and OAuth](https://reader035.vdocuments.mx/reader035/viewer/2022062300/56812bb4550346895d8ff35c/html5/thumbnails/8.jpg)
8
Click the Yahoo! ButtonClick the Yahoo! Button
![Page 9: Yahoo! OpenID and OAuth](https://reader035.vdocuments.mx/reader035/viewer/2022062300/56812bb4550346895d8ff35c/html5/thumbnails/9.jpg)
9
Login screen is bypassed if the user is already
logged into Yahoo
(more then 90% of the time)
Login screen is bypassed if the user is already
logged into Yahoo
(more then 90% of the time)
![Page 10: Yahoo! OpenID and OAuth](https://reader035.vdocuments.mx/reader035/viewer/2022062300/56812bb4550346895d8ff35c/html5/thumbnails/10.jpg)
10
OpenID: AuthenticationNameEmail AddressProfile Picture
OpenID: AuthenticationNameEmail AddressProfile Picture
OAuth: API access to Web ServicesOAuth: API access to Web Services
![Page 11: Yahoo! OpenID and OAuth](https://reader035.vdocuments.mx/reader035/viewer/2022062300/56812bb4550346895d8ff35c/html5/thumbnails/11.jpg)
11
Yahoo IDYahoo ID
Yahoo Profile PictureYahoo Profile Picture
![Page 12: Yahoo! OpenID and OAuth](https://reader035.vdocuments.mx/reader035/viewer/2022062300/56812bb4550346895d8ff35c/html5/thumbnails/12.jpg)
12
Huffington Post can post to my Profile using OAuth
Huffington Post can post to my Profile using OAuth
![Page 13: Yahoo! OpenID and OAuth](https://reader035.vdocuments.mx/reader035/viewer/2022062300/56812bb4550346895d8ff35c/html5/thumbnails/13.jpg)
Attribute Exchange
• RPs may optionally ask for user data via the Attribute Exchange Extension (supported by all major OpenID Providers)– Name– Email Address– Profile Picture– Age– Gender – Location
13
![Page 14: Yahoo! OpenID and OAuth](https://reader035.vdocuments.mx/reader035/viewer/2022062300/56812bb4550346895d8ff35c/html5/thumbnails/14.jpg)
14
![Page 15: Yahoo! OpenID and OAuth](https://reader035.vdocuments.mx/reader035/viewer/2022062300/56812bb4550346895d8ff35c/html5/thumbnails/15.jpg)
Why is Yahoo supporting OpenID?
• Have a stronger relationship with our users– Users are Yahoo’s #1 asset
• Yahoo IDs are more valuable – used for logging into Yahoo and other websites
• More insights into user behavior on Yahoo and everywhere else– Needed for ad targeting and content personalization
• Open Standard: – No need to invent yet another auth protocol– Can leverage industry best practices– Open Source libraries, documentation– Developers can implement the same interface across all Ops
Yahoo/Google/AOL are almost completely interoperable
15
![Page 16: Yahoo! OpenID and OAuth](https://reader035.vdocuments.mx/reader035/viewer/2022062300/56812bb4550346895d8ff35c/html5/thumbnails/16.jpg)
Why should sites accept OpenID?
• New user on boarding experience is getting increasingly difficult– Username/password– Name/email address– Profile Picture– Location– Gender– Friends– CAPTCHA
• Security, Abuse, Account Recovery can be outsourced to the OpenID Provider
• Virtuous Cycle – user engagement drives referral traffic back to the RP• New users already have a reputation
– Abuse, expertise, etc• Content and Ads can be personalized and relevant even on the first visit
16
![Page 17: Yahoo! OpenID and OAuth](https://reader035.vdocuments.mx/reader035/viewer/2022062300/56812bb4550346895d8ff35c/html5/thumbnails/17.jpg)
17
Allen [email protected]
http://developer.yahoo.comhttp://openid.nethttp://groups.google.com/
–OAuth–OAuth-WRAP-WG
http://www.internetidentityworkshop.com/