1 / 21

User-Centric Identity and Mashup with AOL Open Authentication API

Learn about user-centric identity and how it relates to mashups, data sharing, and social collaboration. Discover the role of identity in personalization, authorization, and maintaining public identity across providers. Explore the challenges of adoption, user experience, permission management, security, privacy, and reputation services. Find out how AOL Open Authentication API can provide lightweight provisioning and authentication for AIM/ICQ/AOL users, and how it supports multiple public/private identities and switching Identity Providers.

rwright
Download Presentation

User-Centric Identity and Mashup with AOL Open Authentication API

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Mashing Up withUser-Centric Identity America Online LLC John Panzer, Praveen Alavilli

  2. Web 2.0 • Data Sharing • Social Collaboration • Perpetual Beta • Incremental Evolution • Web as a Platform, and • Users in Control

  3. Mashup • Wikipedia: "a website or application that combines content from more than one source into an integrated experience." • API[1] + API[2] + … +API[N] • Netvibes.com, imified.com, etc…

  4. Role of Identity • Well .. to identify the user for …. • Personalization • Authorization / Access Control • Communication • Content Publishing • Maintaining Public Identity across Providers

  5. But … it is also • A barrier to entry • Registration == drop off • ID fatigue among users • Expensive to maintain authentication infrastructure

  6. Online Identity • Lives moving online • Virtual world identity != physical world identity • Fragmentation of identity across services • Limits value of services (network growth slowed) • Not necessary to bind identity and services together

  7. User-Centric Identity • Providing user choice • Privacy protecting • Easy to adopt & use • Allowing collaboration • Supporting Long Tail applications • Internet scale

  8. Open Protocols • Community driven • OpenID • CardSpace • Liberty (SAML) • Single Provider • Yahoo! BBAuth • Google Account API • AOL OpenAuth

  9. Challenges w/ Adoption • Platform/OS dependencies • Programming language support • Too many APIs/protocols • Complex message formats

  10. Challenges: User Experience • Sites with existing user base • Same ID/Password every where • Inconsistent login experience • ‘Deputization’ of services • Redirects

  11. Challenges: Permission Management • Different ways to manage user permissions (consent) • Implicit vs explicit • Client vs server • Decentralized consent management • Managing given consents

  12. Security Issues • XSS • Phishing • Authentication tokens for sites vs users • Managing sessions (client side vs server side) • Validating and invalidating authentication tokens

  13. Privacy Issues • Same identifier everywhere • Public vs private personas • Anonymous and randomized identities

  14. Reputation Services • Why is reputation important? • Who owns it? • Based on • Published content • Activity • Collaboration with other services (Mail, IM, etc.) • Actions to take • Restricted usage limits • Block/deny requests • Report to reputation services

  15. Next Steps… • User Experience • Consistency is key • User Permissions • Ask user • Implied consents are bad • Report and consume reputation • Identity and associated data under user’s control • Support multiple public/private identities • Support switching Identity Providers • Adopt protocols that support all (most) of the above

  16. AOL Open Authentication API • Light weight provisioning and authentication of AIM/ICQ/AOL users • Easy to integrate via browser redirect, AJAX, or direct models • Permission management • ‘Deputization’ of services through secure token exchange • AOL Open Services built on OpenAuth • Other services: • Integrated OpenID Provider (OP) • OpenID Authentication Token Exchange Extension • OpenID Consumer/Relying Party - accepts 3rd party OpenIDs • STS for CardSpace in future http://dev.aol.com/openauth

  17. Sign In Page

  18. Permission Request Page

  19. User Permission Management Page https://my.screenname.aol.com

  20. Ficlets

  21. Q & A http://dev.aol.com Contact Info Praveen Alavilli John Panzer =praveen.alavilli =john.panzer

More Related