Yahoo Open ID and OAuth Allen Tom Yahoo

  • Slides: 17
Download presentation
Yahoo! Open. ID and OAuth Allen Tom Yahoo! Membership Architect Open. ID Foundation Board

Yahoo! Open. ID and OAuth Allen Tom Yahoo! Membership Architect Open. ID Foundation Board Member atom@yahoo-inc. com @atom 1

• Open. ID – Authentication • OAuth – Authorization • OAuth-WRAP – next

• Open. ID – Authentication • OAuth – Authorization • OAuth-WRAP – next generation OAuth 2

Yahoo! and the Open Web • Yahoo! OS: Initiative to open up Yahoo’s services

Yahoo! and the Open Web • Yahoo! OS: Initiative to open up Yahoo’s services to 3 rd party developers and partners • Open. ID: Opens Yahoo’s Membership platform to all websites – Users who have a Yahoo Account can log in with it at any website that accepts Open. ID • OAuth: Authorization protocol (access control) for Yahoo Data and APIs – Contacts (Address Book) – Yahoo Mail – Yahoo! Updates (Activity Streams) 3

Yahoo Open. ID + OAuth • Yahoo users can sign into websites using their

Yahoo Open. ID + OAuth • Yahoo users can sign into websites using their Yahoo ID via the Open. ID Protocol • Users can authorize data access via Oauth • Share your Yahoo Address Book • Let the 3 rd party update your Status • Upload photos 4

Authentication, continued… • My Yahoo. ID is allentomdude@yahoo. com • My Open. ID identifier

Authentication, continued… • My Yahoo. ID is allentomdude@yahoo. com • My Open. ID identifier is https: //me. yahoo. com/allentomdude • Open. ID lets me prove that I control https: //me. yahoo. com/allentomdude 5

Yahoo Open. ID Example • Login to the Huffington. Post. com using your Yahoo

Yahoo Open. ID Example • Login to the Huffington. Post. com using your Yahoo ID 6

Click Log In 7

Click Log In 7

Click the Yahoo! Button 8

Click the Yahoo! Button 8

Login screen is bypassed if the user is already logged into Yahoo (more then

Login screen is bypassed if the user is already logged into Yahoo (more then 90% of the time) 9

Open. ID: Authentication Name Email Address Profile Picture OAuth: API access to Web Services

Open. ID: Authentication Name Email Address Profile Picture OAuth: API access to Web Services 10

Yahoo Profile Picture Yahoo ID 11

Yahoo Profile Picture Yahoo ID 11

Huffington Post can post to my Profile using OAuth 12

Huffington Post can post to my Profile using OAuth 12

Attribute Exchange • RPs may optionally ask for user data via the Attribute Exchange

Attribute Exchange • RPs may optionally ask for user data via the Attribute Exchange Extension (supported by all major Open. ID Providers) – Name – Email Address – Profile Picture – Age – Gender – Location 13

14

14

Why is Yahoo supporting Open. ID? • Have a stronger relationship with our users

Why is Yahoo supporting Open. ID? • Have a stronger relationship with our users – Users are Yahoo’s #1 asset • Yahoo IDs are more valuable – used for logging into Yahoo and other websites • More insights into user behavior on Yahoo and everywhere else – Needed for ad targeting and content personalization • Open Standard: – – No need to invent yet another auth protocol Can leverage industry best practices Open Source libraries, documentation Developers can implement the same interface across all Ops Yahoo/Google/AOL are almost completely interoperable 15

Why should sites accept Open. ID? • New user on boarding experience is getting

Why should sites accept Open. ID? • New user on boarding experience is getting increasingly difficult – – – – Username/password Name/email address Profile Picture Location Gender Friends CAPTCHA • Security, Abuse, Account Recovery can be outsourced to the Open. ID Provider • Virtuous Cycle – user engagement drives referral traffic back to the RP • New users already have a reputation – Abuse, expertise, etc • Content and Ads can be personalized and relevant even on the first visit 16

Allen Tom atom@yahoo-inc. com http: //developer. yahoo. com http: //openid. net http: //groups. google.

Allen Tom atom@yahoo-inc. com http: //developer. yahoo. com http: //openid. net http: //groups. google. com/ –OAuth-WRAP-WG http: //www. internetidentityworkshop. com/ 17

OAuth 2 0 Security OAuth WG Conference CallOAuth 2 0 Security OAuth WG Conference Call
OAuth 2 0 Security IETF OAuth WG ConferenceOAuth 2 0 Security IETF OAuth WG Conference
IETF 94 Yokohama OAuth WG Meeting Oauth MetaIETF 94 Yokohama OAuth WG Meeting Oauth Meta
OAuth 2 0 Security OAuth WG Conference CallOAuth 2 0 Security OAuth WG Conference Call
Features Yahoo Features My Yahoo Flickr Delicious YahooFeatures Yahoo Features My Yahoo Flickr Delicious Yahoo
Using OAuth Providers with MVC 4 By TomUsing OAuth Providers with MVC 4 By Tom
PHP at Yahoo http public yahoo comradwin MichaelPHP at Yahoo http public yahoo comradwin Michael
Yahoo Shopping Partnership Proposal Yahoo Korea e MarketplaceYahoo Shopping Partnership Proposal Yahoo Korea e Marketplace
Yahoo Acquires Inktomi March 19 th 2003 YahooYahoo Acquires Inktomi March 19 th 2003 Yahoo
Yahoo Mail How Yahoo Mail Works No matterYahoo Mail How Yahoo Mail Works No matter
Local Success Stories Yahoo Newspaper Consortium YAHOO CONFIDENTIALLocal Success Stories Yahoo Newspaper Consortium YAHOO CONFIDENTIAL
Yahoo Groups http groups yahoo com Invitation toYahoo Groups http groups yahoo com Invitation to
Yahoo Groups http groups yahoo com Invitation toYahoo Groups http groups yahoo com Invitation to
YAHOO Ventajas y caractersticas Ventajas Yahoo Finanzas unoYAHOO Ventajas y caractersticas Ventajas Yahoo Finanzas uno
Aplikasi Enkripsi pada Yahoo Messenger 1 Pengantar YahooAplikasi Enkripsi pada Yahoo Messenger 1 Pengantar Yahoo
Creating community with Yahoo Groups Skills Using YahooCreating community with Yahoo Groups Skills Using Yahoo