SlideShare uma empresa Scribd logo

CIS14: Google's Identity Toolkit

CloudIDSummit
CloudIDSummit

See presentation for information.

Tecnologia
1 de 71
Baixar para ler offline
Identity Toolkit https://developers.google.com/identity-toolkit/ July 2014 : Cloud Identity Summit
Google Confidential and Proprietary Trying to eliminate passwords on the Internet Where we’ve been What we’ve learned Where we’re going with Identity Toolkit
Google Confidential and Proprietary Where we’ve been What we’ve learned Where we’re going with Identity Toolkit Trying to eliminate passwords on the Internet
Google Confidential and Proprietary Which apps and websites are we talking about? The vast majority of them, but not all of them Where we’ve been What we’ve learned Where we’re going
Google Confidential and Proprietary Which apps and websites are we talking about? The vast majority of them, but not all of them ● A few apps are incredibly tightly knit to one IDP Where we’ve been What we’ve learned Where we’re going
Google Confidential and Proprietary Which apps and websites are we talking about? The vast majority of them, but not all of them ● A few apps are incredibly tightly knit to one IDP ● A few apps have stricter security or regulatory concerns (can often be handled by layering on the flows we’ll discuss) Where we’ve been What we’ve learned Where we’re going
Google Confidential and Proprietary Passwords (wordpress.com) What we’ve learned Where we’re goingWhere we’ve been
Google Confidential and Proprietary Passwords ● Usernames are hard to remember (wordpress.com) What we’ve learned Where we’re goingWhere we’ve been
Google Confidential and Proprietary Passwords ● Usernames are hard to remember ● Passwords are hard to remember (wordpress.com) What we’ve learned Where we’re goingWhere we’ve been
Google Confidential and Proprietary Passwords ● Usernames are hard to remember ● Passwords are hard to remember ● Typing is annoying (wordpress.com) What we’ve learned Where we’re goingWhere we’ve been
Google Confidential and Proprietary Passwords ● Usernames are hard to remember ● Passwords are hard to remember ● Typing is annoying ● Recovery based on email msgs (wordpress.com) What we’ve learned Where we’re goingWhere we’ve been
Google Confidential and Proprietary Passwords ● Usernames are hard to remember ● Passwords are hard to remember ● Typing is annoying ● Recovery based on email msgs ● Password databases get hacked (wordpress.com) What we’ve learned Where we’re goingWhere we’ve been
Google Confidential and Proprietary Passwords ● Usernames are hard to remember ● Passwords are hard to remember ● Typing is annoying ● Recovery based on email msgs ● Password databases get hacked ● Often no risk-based challenges(wordpress.com) What we’ve learned Where we’re goingWhere we’ve been
Google Confidential and Proprietary Federated login What we’ve learned Where we’re goingWhere we’ve been
Google Confidential and Proprietary Federated login Simple What we’ve learned Where we’re goingWhere we’ve been
Google Confidential and Proprietary Federated login Simple Secure What we’ve learned Where we’re goingWhere we’ve been
Google Confidential and Proprietary Federated login Simple Secure ...in isolation What we’ve learned Where we’re goingWhere we’ve been
Google Confidential and Proprietary Where we’ve been What we’ve learned Where we’re going with Identity Toolkit
Google Confidential and Proprietary Password and federation side-by-side is common (opentable.com) Where we’ve been What we’ve learned Where we’re going
Google Confidential and Proprietary Password recovery as login is growing (WeChat) Where we’ve been Where we’re goingWhat we’ve learned
Google Confidential and Proprietary Password-only is still common (nytimes.com) Where we’ve been Where we’re goingWhat we’ve learned
Google Confidential and Proprietary What we’ve learned from federated login Users are… Where we’ve been Where we’re goingWhat we’ve learned
Google Confidential and Proprietary What we’ve learned from federated login Users are... ● being asked questions like “How do you want to authenticate?” Where we’ve been Where we’re goingWhat we’ve learned
Google Confidential and Proprietary What we’ve learned from federated login Users are... ● being asked questions like “How do you want to authenticate?” ● confused by permissions and their privacy implications Where we’ve been Where we’re goingWhat we’ve learned
Google Confidential and Proprietary What we’ve learned from federated login Users are... ● being asked questions like “How do you want to authenticate?” ● confused by permissions and their privacy implications ● locked out when their IDP account is inaccessible Where we’ve been Where we’re goingWhat we’ve learned
Google Confidential and Proprietary What we’ve learned from federated login Users are... ● being asked questions like “How do you want to authenticate?” ● confused by permissions and their privacy implications ● locked out when their IDP account is inaccessible Developers are... Where we’ve been Where we’re goingWhat we’ve learned
Google Confidential and Proprietary What we’ve learned from federated login Users are... ● being asked questions like “How do you want to authenticate?” ● confused by permissions and their privacy implications ● locked out when their IDP account is inaccessible Developers are... ● still using username/password because it’s in frameworks Where we’ve been Where we’re goingWhat we’ve learned
Google Confidential and Proprietary What we’ve learned from federated login Users are... ● being asked questions like “How do you want to authenticate?” ● confused by permissions and their privacy implications ● locked out when their IDP account is inaccessible Developers are... ● still using username/password because it’s in frameworks ● (often unknowingly) not handling edge cases Where we’ve been Where we’re goingWhat we’ve learned
Google Confidential and Proprietary What we’ve learned from federated login Users are... ● being asked questions like “How do you want to authenticate?” ● confused by permissions and their privacy implications ● locked out when their IDP account is inaccessible Developers are... ● still using username/password because it’s in frameworks ● (often unknowingly) not handling edge cases Where we’ve been Where we’re goingWhat we’ve learned
Google Confidential and Proprietary Where we’ve been What we’ve learned Where we’re going with Identity Toolkit
Google Confidential and Proprietary Demos of Identity Toolkit v3 http://goo.gl/Bm1bpc Where we’ve been What we’ve learned Where we’re going
Google Confidential and Proprietary Identify the user, then authenticate Where we’ve been What we’ve learned Where we’re going
Google Confidential and Proprietary Existing users Where we’ve been What we’ve learned Where we’re going Identify the user, then authenticate
Google Confidential and Proprietary Existing users Prompt for existing password Where we’ve been What we’ve learned Where we’re going Identify the user, then authenticate
Google Confidential and Proprietary New users Where we’ve been What we’ve learned Where we’re going Identify the user, then authenticate
Google Confidential and Proprietary New users Prompt to create password Where we’ve been What we’ve learned Where we’re going Identify the user, then authenticate
Google Confidential and Proprietary Existing “Sign in with Google” users Where we’ve been What we’ve learned Where we’re going Identify the user, then authenticate
Google Confidential and Proprietary Existing “Sign in with Google” users Route to Sign in with Google login flow Where we’ve been What we’ve learned Where we’re going Identify the user, then authenticate
Google Confidential and Proprietary Existing users Password sarah@comcast.net nikhil@gmail.com meng@outlook.com bruno@yahoo.com Where we’ve been What we’ve learned Where we’re going Identify the user, then authenticate
Google Confidential and ProprietaryWhere we’ve been What we’ve learned Where we’re going Identify the user, then authenticate
Google Confidential and Proprietary New users Where we’ve been What we’ve learned Where we’re going Identify the user, then authenticate
Google Confidential and Proprietary New users Where we’ve been What we’ve learned Identify the user, then authenticate Where we’re going
Google Confidential and Proprietary Identify the user, then authenticate New users 1. Identifiable IDP 2. Fast Email Verification Where we’ve been What we’ve learned Where we’re going
Google Confidential and Proprietary Fast email verification Essentially doing a password reset email every time Where we’ve been What we’ve learned Where we’re going
Google Confidential and Proprietary Fast email verification Essentially doing a password reset email every time ...without sending an email Where we’ve been What we’ve learned Where we’re going
Google Confidential and Proprietary Fast email verification Essentially doing a password reset email every time ...without sending an email RP IDP Provides the user’s email address Where we’ve been What we’ve learned Where we’re going
Google Confidential and Proprietary Fast email verification Essentially doing a password reset email every time ...without sending an email RP IDP Provides the user’s email address True/False, is the email address signed in to the user agent? Where we’ve been What we’ve learned Where we’re going
Google Confidential and Proprietary Fast email verification Essentially doing a password reset email every time ...without sending an email RP IDP Provides the user’s email address True/False, is the email address signed in to the user agent?User is authenticated Where we’ve been What we’ve learned Where we’re going
Google Confidential and Proprietary Where we’re going with Identity Toolkit Fast email verification ● Avoid double consent since user gave the email address to the RP ● IDP could provide public info associated with the email if useful (profile picture, public username, etc.) Where we’ve been What we’ve learned Where we’re going
Google Confidential and Proprietary Where we’re going with Identity Toolkit Typing an email address?! Where we’ve been What we’ve learned Where we’re going
Google Confidential and Proprietary Where we’re going with Identity Toolkit Typing an email address? ...use an account chooser instead Where we’ve been What we’ve learned Where we’re going
Google Confidential and Proprietary Where we’re going with Identity Toolkit Typing an email address? ...use accountchooser.com instead Where we’ve been What we’ve learned Where we’re going
Google Confidential and Proprietary Where we’re going with Identity Toolkit Recap: Putting all of the pieces together [demos, take 2] Where we’ve been What we’ve learned Where we’re going
Google Confidential and Proprietary Authorization is important though! Limited permissions makes login smoother for users Where we’ve been What we’ve learned Where we’re going
Google Confidential and Proprietary Authorization is important though! Limited permissions makes login smoother for users Incremental auth makes interesting apps possible! ● Calendar management services ● Social-recommendation-based services ● Cloud storage management/viewing services Where we’ve been What we’ve learned Where we’re going
Google Confidential and Proprietary How do sites enable this experience? Where we’ve been What we’ve learned Where we’re going
Google Confidential and Proprietary It should be easy, but it’s not Developers shouldn’t need to be security experts. Where we’ve been What we’ve learned Where we’re going
Google Confidential and Proprietary It should be easy, but it’s not Developers shouldn’t need to be security experts. ~150k views ~65k views ~17k views Where we’ve been What we’ve learned Where we’re going
Google Confidential and Proprietary We’re making progress Where we’ve been What we’ve learned Where we’re going
Google Confidential and Proprietary But we’re not there yet The easiest authentication system to build is username/password It’s still the default Where we’ve been What we’ve learned Where we’re going
Google Confidential and Proprietary Google Identity Toolkit intends to lower the bar Handles multiple protocols Where we’ve been What we’ve learned Where we’re going
Google Confidential and Proprietary Google Identity Toolkit intends to lower the bar Handles multiple protocols ● Google, Facebook, Yahoo, AOL, Microsoft and Paypal Where we’ve been What we’ve learned Where we’re going
Google Confidential and Proprietary Google Identity Toolkit intends to lower the bar Handles multiple protocols ● Google, Facebook, Yahoo, AOL, Microsoft and Paypal ● Just verify a JWT and issue a session cookie Where we’ve been What we’ve learned Where we’re going { "iss" : "https://identitytoolkit.google.com", "user_id" : 123, "aud" : "6332423432073.apps.googleusercontent.com", "provider_id" : "google.com", "exp" : 1407089191, "iat" : 1405879591, "email" : "jsmith@gmail.com" }
Google Confidential and Proprietary Google Identity Toolkit intends to lower the bar Handles multiple protocols ● Google, Facebook, Yahoo, AOL, Microsoft and Paypal ● Just verify a JWT and issue a session cookie ● Same process for all IDPs, same format JWT for all IDPs Where we’ve been { "iss" : "https://identitytoolkit.google.com", "user_id" : 123, "aud" : "6332423432073.apps.googleusercontent.com", "provider_id" : " facebook.com", "exp" : 1407089191, "iat" : 1405879591, "email" : "jsmith@gmail.com" } What we’ve learned Where we’re going
Google Confidential and Proprietary Google Identity Toolkit intends to lower the bar Handles multiple protocols ● Google, Facebook, Yahoo, AOL, Microsoft and Paypal ● Just verify a JWT and issue a session cookie ● Same process for all IDPs, same format JWT for all IDPs UX is hard to implement Where we’ve been What we’ve learned Where we’re going
Google Confidential and Proprietary Google Identity Toolkit intends to lower the bar Handles multiple protocols ● Google, Facebook, Yahoo, AOL, Microsoft and Paypal ● Just verify a JWT and issue a session cookie ● Same process for all IDPs, same format JWT for all IDPs UX is hard to implement ● Pre-built widgets for Android, iOS, and JavaScript Where we’ve been What we’ve learned Where we’re going
Google Confidential and Proprietary Google Identity Toolkit intends to lower the bar Handles multiple protocols ● Google, Facebook, Yahoo, AOL, Microsoft and Paypal ● Just verify a JWT and issue a session cookie ● Same process for all IDPs, same format JWT for all IDPs UX is hard to implement ● Pre-built widgets for Android, iOS, and JavaScript Edge cases are everywhere (merging, mutating, marooning) Where we’ve been What we’ve learned Where we’re going
Google Confidential and Proprietary Google Identity Toolkit intends to lower the bar Handles multiple protocols ● Google, Facebook, Yahoo, AOL, Microsoft and Paypal ● Just verify a JWT and issue a session cookie ● Same process for all IDPs, same format JWT for all IDPs UX is hard to implement ● Pre-built widgets for Android, iOS, and JavaScript Edge cases are everywhere (merging, mutating, marooning) Where we’ve been What we’ve learned Where we’re going
Google Confidential and Proprietary Identity Toolkit intends to lower the bar Migration for existing sites 1. Upload UIDs, emails, and passwords 2. Implement widgets 3. Slowly roll-out federated login Where we’ve been What we’ve learned Where we’re going
Google Confidential and Proprietary Identity Toolkit intends to lower the bar Migration for existing sites 1. Upload UIDs, emails, and passwords 2. Implement widgets 3. Slowly roll-out federated login ○ Yahoo mail users slowly get migrated to Yahoo federation ○ Outlook users slowly get migrated to Microsoft federation ○ Gmail users slowly get migrated to Google federation ○ AOL users slowly get migrated to AOL federation Where we’ve been What we’ve learned Where we’re going
Google Confidential and Proprietary Thanks! I’m Jack Greenberg jgreenberg@google.com See https://developers.google.com/identity-toolkit/ to implement it yourself

Recomendados

Cis14 google's account chooser
Cis14 google's account chooserCis14 google's account chooser
Cis14 google's account chooserCloudIDSummit
 
CIS13: So, You Want to Be a Relying Party: Federated Login with Google Identi...
CIS13: So, You Want to Be a Relying Party: Federated Login with Google Identi...CIS13: So, You Want to Be a Relying Party: Federated Login with Google Identi...
CIS13: So, You Want to Be a Relying Party: Federated Login with Google Identi...CloudIDSummit
 
Identity toolkit
Identity toolkitIdentity toolkit
Identity toolkitGbolahan Alli
 
Fashion of the 21st century
Fashion of the 21st centuryFashion of the 21st century
Fashion of the 21st centuryMrG
 
Fashion through the decades
Fashion through the decadesFashion through the decades
Fashion through the decadesmarifex88
 
Remaining Agile with Billions of Documents: Appboy and Creative MongoDB Schemas
Remaining Agile with Billions of Documents: Appboy and Creative MongoDB SchemasRemaining Agile with Billions of Documents: Appboy and Creative MongoDB Schemas
Remaining Agile with Billions of Documents: Appboy and Creative MongoDB SchemasMongoDB
 
Visual Design with Data
Visual Design with DataVisual Design with Data
Visual Design with DataSeth Familian
 
How to Overcome Sales Call Reluctance- Webinar slide deck
How to Overcome Sales Call Reluctance- Webinar slide deckHow to Overcome Sales Call Reluctance- Webinar slide deck
How to Overcome Sales Call Reluctance- Webinar slide deckeGrabber
 

Recomendados

Cis14 google's account chooser
Cis14 google's account chooserCis14 google's account chooser
Cis14 google's account chooserCloudIDSummit
 
CIS13: So, You Want to Be a Relying Party: Federated Login with Google Identi...
CIS13: So, You Want to Be a Relying Party: Federated Login with Google Identi...CIS13: So, You Want to Be a Relying Party: Federated Login with Google Identi...
CIS13: So, You Want to Be a Relying Party: Federated Login with Google Identi...CloudIDSummit
 
Identity toolkit
Identity toolkitIdentity toolkit
Identity toolkitGbolahan Alli
 
Fashion of the 21st century
Fashion of the 21st centuryFashion of the 21st century
Fashion of the 21st centuryMrG
 
Fashion through the decades
Fashion through the decadesFashion through the decades
Fashion through the decadesmarifex88
 
Remaining Agile with Billions of Documents: Appboy and Creative MongoDB Schemas
Remaining Agile with Billions of Documents: Appboy and Creative MongoDB SchemasRemaining Agile with Billions of Documents: Appboy and Creative MongoDB Schemas
Remaining Agile with Billions of Documents: Appboy and Creative MongoDB SchemasMongoDB
 
Visual Design with Data
Visual Design with DataVisual Design with Data
Visual Design with DataSeth Familian
 
How to Overcome Sales Call Reluctance- Webinar slide deck
How to Overcome Sales Call Reluctance- Webinar slide deckHow to Overcome Sales Call Reluctance- Webinar slide deck
How to Overcome Sales Call Reluctance- Webinar slide deckeGrabber
 
Irresponsible Disclosure: Short Handbook of an Ethical Developer
Irresponsible Disclosure: Short Handbook of an Ethical DeveloperIrresponsible Disclosure: Short Handbook of an Ethical Developer
Irresponsible Disclosure: Short Handbook of an Ethical DeveloperLemi Orhan Ergin
 
Coding Google... you can do it!
Coding Google... you can do it!Coding Google... you can do it!
Coding Google... you can do it!wesley chun
 
Cybercrime and the Developer Java2Days 2016 Sofia
Cybercrime and the Developer Java2Days 2016 SofiaCybercrime and the Developer Java2Days 2016 Sofia
Cybercrime and the Developer Java2Days 2016 SofiaSteve Poole
 
Google Launchpad: Design Day Keynote
Google Launchpad: Design Day KeynoteGoogle Launchpad: Design Day Keynote
Google Launchpad: Design Day Keynoteamuirwood
 
Becoming Unphishable
Becoming UnphishableBecoming Unphishable
Becoming UnphishableFIDO Alliance
 
CIS14: Identifying Things (and Things Identifying Us)
CIS14: Identifying Things (and Things Identifying Us)CIS14: Identifying Things (and Things Identifying Us)
CIS14: Identifying Things (and Things Identifying Us)CloudIDSummit
 
Google+: how to connect with your customers using Google+
Google+: how to connect with your customers using Google+Google+: how to connect with your customers using Google+
Google+: how to connect with your customers using Google+Simon Kaheru
 
Google FIDO Authentication Case Study
Google FIDO Authentication Case StudyGoogle FIDO Authentication Case Study
Google FIDO Authentication Case StudyFIDO Alliance
 
Infosec Sucks - and its not because of he people.
Infosec Sucks - and its not because of he people.Infosec Sucks - and its not because of he people.
Infosec Sucks - and its not because of he people.Dan Murray
 
Google Case Study - Towards simpler, stronger authentication
Google Case Study - Towards simpler, stronger authenticationGoogle Case Study - Towards simpler, stronger authentication
Google Case Study - Towards simpler, stronger authenticationFIDO Alliance
 
Andreas Toscano Mielenhausen_Объединяя бриф, креатив и технологии
Andreas Toscano Mielenhausen_Объединяя бриф, креатив и технологииAndreas Toscano Mielenhausen_Объединяя бриф, креатив и технологии
Andreas Toscano Mielenhausen_Объединяя бриф, креатив и технологииAdWatch Isobar
 
Innovation Applied to B2B Content Marketing
Innovation Applied to B2B Content MarketingInnovation Applied to B2B Content Marketing
Innovation Applied to B2B Content MarketingNewsCred
 
Google Case Study: Strong Authentication for Employees and Consumers
Google Case Study: Strong Authentication for Employees and ConsumersGoogle Case Study: Strong Authentication for Employees and Consumers
Google Case Study: Strong Authentication for Employees and ConsumersFIDO Alliance
 
London Bloggers Meetup: Search Engine Optimisation Edition - slides
London Bloggers Meetup: Search Engine Optimisation Edition - slidesLondon Bloggers Meetup: Search Engine Optimisation Edition - slides
London Bloggers Meetup: Search Engine Optimisation Edition - slidesKlaxon
 
Identity 2.0 - OpenID And User Centric Identity
Identity 2.0 - OpenID And User Centric IdentityIdentity 2.0 - OpenID And User Centric Identity
Identity 2.0 - OpenID And User Centric IdentityMartin Strandbygaard
 
Content is ux
Content is uxContent is ux
Content is uxSarah Richards
 
Internet Privacy
Internet PrivacyInternet Privacy
Internet PrivacyGirindro Pringgo Digdo
 
Google+ 101 for Nonprofits
Google+ 101 for NonprofitsGoogle+ 101 for Nonprofits
Google+ 101 for NonprofitsAnnie Lynsen
 
Agile Austin - Deliver Double the Value in Half the Time
Agile Austin - Deliver Double the Value in Half the TimeAgile Austin - Deliver Double the Value in Half the Time
Agile Austin - Deliver Double the Value in Half the TimeDavid Hawks
 
Building excellent products gaza, jan 2017
Building excellent products gaza, jan 2017Building excellent products gaza, jan 2017
Building excellent products gaza, jan 2017Lama K Banna
 
CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content HighlightsCloudIDSummit
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016CloudIDSummit
 

Mais conteúdo relacionado

Semelhante a CIS14: Google's Identity Toolkit

Irresponsible Disclosure: Short Handbook of an Ethical Developer
Irresponsible Disclosure: Short Handbook of an Ethical DeveloperIrresponsible Disclosure: Short Handbook of an Ethical Developer
Irresponsible Disclosure: Short Handbook of an Ethical DeveloperLemi Orhan Ergin
 
Coding Google... you can do it!
Coding Google... you can do it!Coding Google... you can do it!
Coding Google... you can do it!wesley chun
 
Cybercrime and the Developer Java2Days 2016 Sofia
Cybercrime and the Developer Java2Days 2016 SofiaCybercrime and the Developer Java2Days 2016 Sofia
Cybercrime and the Developer Java2Days 2016 SofiaSteve Poole
 
Google Launchpad: Design Day Keynote
Google Launchpad: Design Day KeynoteGoogle Launchpad: Design Day Keynote
Google Launchpad: Design Day Keynoteamuirwood
 
Becoming Unphishable
Becoming UnphishableBecoming Unphishable
Becoming UnphishableFIDO Alliance
 
CIS14: Identifying Things (and Things Identifying Us)
CIS14: Identifying Things (and Things Identifying Us)CIS14: Identifying Things (and Things Identifying Us)
CIS14: Identifying Things (and Things Identifying Us)CloudIDSummit
 
Google+: how to connect with your customers using Google+
Google+: how to connect with your customers using Google+Google+: how to connect with your customers using Google+
Google+: how to connect with your customers using Google+Simon Kaheru
 
Google FIDO Authentication Case Study
Google FIDO Authentication Case StudyGoogle FIDO Authentication Case Study
Google FIDO Authentication Case StudyFIDO Alliance
 
Infosec Sucks - and its not because of he people.
Infosec Sucks - and its not because of he people.Infosec Sucks - and its not because of he people.
Infosec Sucks - and its not because of he people.Dan Murray
 
Google Case Study - Towards simpler, stronger authentication
Google Case Study - Towards simpler, stronger authenticationGoogle Case Study - Towards simpler, stronger authentication
Google Case Study - Towards simpler, stronger authenticationFIDO Alliance
 
Andreas Toscano Mielenhausen_Объединяя бриф, креатив и технологии
Andreas Toscano Mielenhausen_Объединяя бриф, креатив и технологииAndreas Toscano Mielenhausen_Объединяя бриф, креатив и технологии
Andreas Toscano Mielenhausen_Объединяя бриф, креатив и технологииAdWatch Isobar
 
Innovation Applied to B2B Content Marketing
Innovation Applied to B2B Content MarketingInnovation Applied to B2B Content Marketing
Innovation Applied to B2B Content MarketingNewsCred
 
Google Case Study: Strong Authentication for Employees and Consumers
Google Case Study: Strong Authentication for Employees and ConsumersGoogle Case Study: Strong Authentication for Employees and Consumers
Google Case Study: Strong Authentication for Employees and ConsumersFIDO Alliance
 
London Bloggers Meetup: Search Engine Optimisation Edition - slides
London Bloggers Meetup: Search Engine Optimisation Edition - slidesLondon Bloggers Meetup: Search Engine Optimisation Edition - slides
London Bloggers Meetup: Search Engine Optimisation Edition - slidesKlaxon
 
Identity 2.0 - OpenID And User Centric Identity
Identity 2.0 - OpenID And User Centric IdentityIdentity 2.0 - OpenID And User Centric Identity
Identity 2.0 - OpenID And User Centric IdentityMartin Strandbygaard
 
Google+ 101 for Nonprofits
Google+ 101 for NonprofitsGoogle+ 101 for Nonprofits
Google+ 101 for NonprofitsAnnie Lynsen
 
Agile Austin - Deliver Double the Value in Half the Time
Agile Austin - Deliver Double the Value in Half the TimeAgile Austin - Deliver Double the Value in Half the Time
Agile Austin - Deliver Double the Value in Half the TimeDavid Hawks
 
Building excellent products gaza, jan 2017
Building excellent products gaza, jan 2017Building excellent products gaza, jan 2017
Building excellent products gaza, jan 2017Lama K Banna
 

Semelhante a CIS14: Google's Identity Toolkit (20)

Irresponsible Disclosure: Short Handbook of an Ethical Developer
Irresponsible Disclosure: Short Handbook of an Ethical DeveloperIrresponsible Disclosure: Short Handbook of an Ethical Developer
Irresponsible Disclosure: Short Handbook of an Ethical Developer
 
Coding Google... you can do it!
Coding Google... you can do it!Coding Google... you can do it!
Coding Google... you can do it!
 
Cybercrime and the Developer Java2Days 2016 Sofia
Cybercrime and the Developer Java2Days 2016 SofiaCybercrime and the Developer Java2Days 2016 Sofia
Cybercrime and the Developer Java2Days 2016 Sofia
 
Google Launchpad: Design Day Keynote
Google Launchpad: Design Day KeynoteGoogle Launchpad: Design Day Keynote
Google Launchpad: Design Day Keynote
 
Becoming Unphishable
Becoming UnphishableBecoming Unphishable
Becoming Unphishable
 
CIS14: Identifying Things (and Things Identifying Us)
CIS14: Identifying Things (and Things Identifying Us)CIS14: Identifying Things (and Things Identifying Us)
CIS14: Identifying Things (and Things Identifying Us)
 
Google+: how to connect with your customers using Google+
Google+: how to connect with your customers using Google+Google+: how to connect with your customers using Google+
Google+: how to connect with your customers using Google+
 
Google FIDO Authentication Case Study
Google FIDO Authentication Case StudyGoogle FIDO Authentication Case Study
Google FIDO Authentication Case Study
 
Infosec Sucks - and its not because of he people.
Infosec Sucks - and its not because of he people.Infosec Sucks - and its not because of he people.
Infosec Sucks - and its not because of he people.
 
Google Case Study - Towards simpler, stronger authentication
Google Case Study - Towards simpler, stronger authenticationGoogle Case Study - Towards simpler, stronger authentication
Google Case Study - Towards simpler, stronger authentication
 
Andreas Toscano Mielenhausen_Объединяя бриф, креатив и технологии
Andreas Toscano Mielenhausen_Объединяя бриф, креатив и технологииAndreas Toscano Mielenhausen_Объединяя бриф, креатив и технологии
Andreas Toscano Mielenhausen_Объединяя бриф, креатив и технологии
 
Innovation Applied to B2B Content Marketing
Innovation Applied to B2B Content MarketingInnovation Applied to B2B Content Marketing
Innovation Applied to B2B Content Marketing
 
Google Case Study: Strong Authentication for Employees and Consumers
Google Case Study: Strong Authentication for Employees and ConsumersGoogle Case Study: Strong Authentication for Employees and Consumers
Google Case Study: Strong Authentication for Employees and Consumers
 
London Bloggers Meetup: Search Engine Optimisation Edition - slides
London Bloggers Meetup: Search Engine Optimisation Edition - slidesLondon Bloggers Meetup: Search Engine Optimisation Edition - slides
London Bloggers Meetup: Search Engine Optimisation Edition - slides
 
Identity 2.0 - OpenID And User Centric Identity
Identity 2.0 - OpenID And User Centric IdentityIdentity 2.0 - OpenID And User Centric Identity
Identity 2.0 - OpenID And User Centric Identity
 
Content is ux
Content is uxContent is ux
Content is ux
 
Internet Privacy
Internet PrivacyInternet Privacy
Internet Privacy
 
Google+ 101 for Nonprofits
Google+ 101 for NonprofitsGoogle+ 101 for Nonprofits
Google+ 101 for Nonprofits
 
Agile Austin - Deliver Double the Value in Half the Time
Agile Austin - Deliver Double the Value in Half the TimeAgile Austin - Deliver Double the Value in Half the Time
Agile Austin - Deliver Double the Value in Half the Time
 
Building excellent products gaza, jan 2017
Building excellent products gaza, jan 2017Building excellent products gaza, jan 2017
Building excellent products gaza, jan 2017
 

Mais de CloudIDSummit

CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content HighlightsCloudIDSummit
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016CloudIDSummit
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CloudIDSummit
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2CloudIDSummit
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CloudIDSummit
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CloudIDSummit
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CloudIDSummit
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CloudIDSummit
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCloudIDSummit
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCloudIDSummit
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CloudIDSummit
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCloudIDSummit
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCloudIDSummit
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCloudIDSummit
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCloudIDSummit
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...CloudIDSummit
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCloudIDSummit
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCloudIDSummit
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCloudIDSummit
 
CIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCloudIDSummit
 

Mais de CloudIDSummit (20)

CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content Highlights
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean Deuby
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
 
CIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of Things
 

Último

From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 

Último (20)

From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 

CIS14: Google's Identity Toolkit

  • 2. Google Confidential and Proprietary Trying to eliminate passwords on the Internet Where we’ve been What we’ve learned Where we’re going with Identity Toolkit
  • 3. Google Confidential and Proprietary Where we’ve been What we’ve learned Where we’re going with Identity Toolkit Trying to eliminate passwords on the Internet
  • 4. Google Confidential and Proprietary Which apps and websites are we talking about? The vast majority of them, but not all of them Where we’ve been What we’ve learned Where we’re going
  • 5. Google Confidential and Proprietary Which apps and websites are we talking about? The vast majority of them, but not all of them ● A few apps are incredibly tightly knit to one IDP Where we’ve been What we’ve learned Where we’re going
  • 6. Google Confidential and Proprietary Which apps and websites are we talking about? The vast majority of them, but not all of them ● A few apps are incredibly tightly knit to one IDP ● A few apps have stricter security or regulatory concerns (can often be handled by layering on the flows we’ll discuss) Where we’ve been What we’ve learned Where we’re going
  • 7. Google Confidential and Proprietary Passwords (wordpress.com) What we’ve learned Where we’re goingWhere we’ve been
  • 8. Google Confidential and Proprietary Passwords ● Usernames are hard to remember (wordpress.com) What we’ve learned Where we’re goingWhere we’ve been
  • 9. Google Confidential and Proprietary Passwords ● Usernames are hard to remember ● Passwords are hard to remember (wordpress.com) What we’ve learned Where we’re goingWhere we’ve been
  • 10. Google Confidential and Proprietary Passwords ● Usernames are hard to remember ● Passwords are hard to remember ● Typing is annoying (wordpress.com) What we’ve learned Where we’re goingWhere we’ve been
  • 11. Google Confidential and Proprietary Passwords ● Usernames are hard to remember ● Passwords are hard to remember ● Typing is annoying ● Recovery based on email msgs (wordpress.com) What we’ve learned Where we’re goingWhere we’ve been
  • 12. Google Confidential and Proprietary Passwords ● Usernames are hard to remember ● Passwords are hard to remember ● Typing is annoying ● Recovery based on email msgs ● Password databases get hacked (wordpress.com) What we’ve learned Where we’re goingWhere we’ve been
  • 13. Google Confidential and Proprietary Passwords ● Usernames are hard to remember ● Passwords are hard to remember ● Typing is annoying ● Recovery based on email msgs ● Password databases get hacked ● Often no risk-based challenges(wordpress.com) What we’ve learned Where we’re goingWhere we’ve been
  • 14. Google Confidential and Proprietary Federated login What we’ve learned Where we’re goingWhere we’ve been
  • 15. Google Confidential and Proprietary Federated login Simple What we’ve learned Where we’re goingWhere we’ve been
  • 16. Google Confidential and Proprietary Federated login Simple Secure What we’ve learned Where we’re goingWhere we’ve been
  • 17. Google Confidential and Proprietary Federated login Simple Secure ...in isolation What we’ve learned Where we’re goingWhere we’ve been
  • 18. Google Confidential and Proprietary Where we’ve been What we’ve learned Where we’re going with Identity Toolkit
  • 19. Google Confidential and Proprietary Password and federation side-by-side is common (opentable.com) Where we’ve been What we’ve learned Where we’re going
  • 20. Google Confidential and Proprietary Password recovery as login is growing (WeChat) Where we’ve been Where we’re goingWhat we’ve learned
  • 21. Google Confidential and Proprietary Password-only is still common (nytimes.com) Where we’ve been Where we’re goingWhat we’ve learned
  • 22. Google Confidential and Proprietary What we’ve learned from federated login Users are… Where we’ve been Where we’re goingWhat we’ve learned
  • 23. Google Confidential and Proprietary What we’ve learned from federated login Users are... ● being asked questions like “How do you want to authenticate?” Where we’ve been Where we’re goingWhat we’ve learned
  • 24. Google Confidential and Proprietary What we’ve learned from federated login Users are... ● being asked questions like “How do you want to authenticate?” ● confused by permissions and their privacy implications Where we’ve been Where we’re goingWhat we’ve learned
  • 25. Google Confidential and Proprietary What we’ve learned from federated login Users are... ● being asked questions like “How do you want to authenticate?” ● confused by permissions and their privacy implications ● locked out when their IDP account is inaccessible Where we’ve been Where we’re goingWhat we’ve learned
  • 26. Google Confidential and Proprietary What we’ve learned from federated login Users are... ● being asked questions like “How do you want to authenticate?” ● confused by permissions and their privacy implications ● locked out when their IDP account is inaccessible Developers are... Where we’ve been Where we’re goingWhat we’ve learned
  • 27. Google Confidential and Proprietary What we’ve learned from federated login Users are... ● being asked questions like “How do you want to authenticate?” ● confused by permissions and their privacy implications ● locked out when their IDP account is inaccessible Developers are... ● still using username/password because it’s in frameworks Where we’ve been Where we’re goingWhat we’ve learned
  • 28. Google Confidential and Proprietary What we’ve learned from federated login Users are... ● being asked questions like “How do you want to authenticate?” ● confused by permissions and their privacy implications ● locked out when their IDP account is inaccessible Developers are... ● still using username/password because it’s in frameworks ● (often unknowingly) not handling edge cases Where we’ve been Where we’re goingWhat we’ve learned
  • 29. Google Confidential and Proprietary What we’ve learned from federated login Users are... ● being asked questions like “How do you want to authenticate?” ● confused by permissions and their privacy implications ● locked out when their IDP account is inaccessible Developers are... ● still using username/password because it’s in frameworks ● (often unknowingly) not handling edge cases Where we’ve been Where we’re goingWhat we’ve learned
  • 30. Google Confidential and Proprietary Where we’ve been What we’ve learned Where we’re going with Identity Toolkit
  • 31. Google Confidential and Proprietary Demos of Identity Toolkit v3 http://goo.gl/Bm1bpc Where we’ve been What we’ve learned Where we’re going
  • 32. Google Confidential and Proprietary Identify the user, then authenticate Where we’ve been What we’ve learned Where we’re going
  • 33. Google Confidential and Proprietary Existing users Where we’ve been What we’ve learned Where we’re going Identify the user, then authenticate
  • 34. Google Confidential and Proprietary Existing users Prompt for existing password Where we’ve been What we’ve learned Where we’re going Identify the user, then authenticate
  • 35. Google Confidential and Proprietary New users Where we’ve been What we’ve learned Where we’re going Identify the user, then authenticate
  • 36. Google Confidential and Proprietary New users Prompt to create password Where we’ve been What we’ve learned Where we’re going Identify the user, then authenticate
  • 37. Google Confidential and Proprietary Existing “Sign in with Google” users Where we’ve been What we’ve learned Where we’re going Identify the user, then authenticate
  • 38. Google Confidential and Proprietary Existing “Sign in with Google” users Route to Sign in with Google login flow Where we’ve been What we’ve learned Where we’re going Identify the user, then authenticate
  • 39. Google Confidential and Proprietary Existing users Password sarah@comcast.net nikhil@gmail.com meng@outlook.com bruno@yahoo.com Where we’ve been What we’ve learned Where we’re going Identify the user, then authenticate
  • 40. Google Confidential and ProprietaryWhere we’ve been What we’ve learned Where we’re going Identify the user, then authenticate
  • 41. Google Confidential and Proprietary New users Where we’ve been What we’ve learned Where we’re going Identify the user, then authenticate
  • 42. Google Confidential and Proprietary New users Where we’ve been What we’ve learned Identify the user, then authenticate Where we’re going
  • 43. Google Confidential and Proprietary Identify the user, then authenticate New users 1. Identifiable IDP 2. Fast Email Verification Where we’ve been What we’ve learned Where we’re going
  • 44. Google Confidential and Proprietary Fast email verification Essentially doing a password reset email every time Where we’ve been What we’ve learned Where we’re going
  • 45. Google Confidential and Proprietary Fast email verification Essentially doing a password reset email every time ...without sending an email Where we’ve been What we’ve learned Where we’re going
  • 46. Google Confidential and Proprietary Fast email verification Essentially doing a password reset email every time ...without sending an email RP IDP Provides the user’s email address Where we’ve been What we’ve learned Where we’re going
  • 47. Google Confidential and Proprietary Fast email verification Essentially doing a password reset email every time ...without sending an email RP IDP Provides the user’s email address True/False, is the email address signed in to the user agent? Where we’ve been What we’ve learned Where we’re going
  • 48. Google Confidential and Proprietary Fast email verification Essentially doing a password reset email every time ...without sending an email RP IDP Provides the user’s email address True/False, is the email address signed in to the user agent?User is authenticated Where we’ve been What we’ve learned Where we’re going
  • 49. Google Confidential and Proprietary Where we’re going with Identity Toolkit Fast email verification ● Avoid double consent since user gave the email address to the RP ● IDP could provide public info associated with the email if useful (profile picture, public username, etc.) Where we’ve been What we’ve learned Where we’re going
  • 50. Google Confidential and Proprietary Where we’re going with Identity Toolkit Typing an email address?! Where we’ve been What we’ve learned Where we’re going
  • 51. Google Confidential and Proprietary Where we’re going with Identity Toolkit Typing an email address? ...use an account chooser instead Where we’ve been What we’ve learned Where we’re going
  • 52. Google Confidential and Proprietary Where we’re going with Identity Toolkit Typing an email address? ...use accountchooser.com instead Where we’ve been What we’ve learned Where we’re going
  • 53. Google Confidential and Proprietary Where we’re going with Identity Toolkit Recap: Putting all of the pieces together [demos, take 2] Where we’ve been What we’ve learned Where we’re going
  • 54. Google Confidential and Proprietary Authorization is important though! Limited permissions makes login smoother for users Where we’ve been What we’ve learned Where we’re going
  • 55. Google Confidential and Proprietary Authorization is important though! Limited permissions makes login smoother for users Incremental auth makes interesting apps possible! ● Calendar management services ● Social-recommendation-based services ● Cloud storage management/viewing services Where we’ve been What we’ve learned Where we’re going
  • 56. Google Confidential and Proprietary How do sites enable this experience? Where we’ve been What we’ve learned Where we’re going
  • 57. Google Confidential and Proprietary It should be easy, but it’s not Developers shouldn’t need to be security experts. Where we’ve been What we’ve learned Where we’re going
  • 58. Google Confidential and Proprietary It should be easy, but it’s not Developers shouldn’t need to be security experts. ~150k views ~65k views ~17k views Where we’ve been What we’ve learned Where we’re going
  • 59. Google Confidential and Proprietary We’re making progress Where we’ve been What we’ve learned Where we’re going
  • 60. Google Confidential and Proprietary But we’re not there yet The easiest authentication system to build is username/password It’s still the default Where we’ve been What we’ve learned Where we’re going
  • 61. Google Confidential and Proprietary Google Identity Toolkit intends to lower the bar Handles multiple protocols Where we’ve been What we’ve learned Where we’re going
  • 62. Google Confidential and Proprietary Google Identity Toolkit intends to lower the bar Handles multiple protocols ● Google, Facebook, Yahoo, AOL, Microsoft and Paypal Where we’ve been What we’ve learned Where we’re going
  • 63. Google Confidential and Proprietary Google Identity Toolkit intends to lower the bar Handles multiple protocols ● Google, Facebook, Yahoo, AOL, Microsoft and Paypal ● Just verify a JWT and issue a session cookie Where we’ve been What we’ve learned Where we’re going { "iss" : "https://identitytoolkit.google.com", "user_id" : 123, "aud" : "6332423432073.apps.googleusercontent.com", "provider_id" : "google.com", "exp" : 1407089191, "iat" : 1405879591, "email" : "jsmith@gmail.com" }
  • 64. Google Confidential and Proprietary Google Identity Toolkit intends to lower the bar Handles multiple protocols ● Google, Facebook, Yahoo, AOL, Microsoft and Paypal ● Just verify a JWT and issue a session cookie ● Same process for all IDPs, same format JWT for all IDPs Where we’ve been { "iss" : "https://identitytoolkit.google.com", "user_id" : 123, "aud" : "6332423432073.apps.googleusercontent.com", "provider_id" : " facebook.com", "exp" : 1407089191, "iat" : 1405879591, "email" : "jsmith@gmail.com" } What we’ve learned Where we’re going
  • 65. Google Confidential and Proprietary Google Identity Toolkit intends to lower the bar Handles multiple protocols ● Google, Facebook, Yahoo, AOL, Microsoft and Paypal ● Just verify a JWT and issue a session cookie ● Same process for all IDPs, same format JWT for all IDPs UX is hard to implement Where we’ve been What we’ve learned Where we’re going
  • 66. Google Confidential and Proprietary Google Identity Toolkit intends to lower the bar Handles multiple protocols ● Google, Facebook, Yahoo, AOL, Microsoft and Paypal ● Just verify a JWT and issue a session cookie ● Same process for all IDPs, same format JWT for all IDPs UX is hard to implement ● Pre-built widgets for Android, iOS, and JavaScript Where we’ve been What we’ve learned Where we’re going
  • 67. Google Confidential and Proprietary Google Identity Toolkit intends to lower the bar Handles multiple protocols ● Google, Facebook, Yahoo, AOL, Microsoft and Paypal ● Just verify a JWT and issue a session cookie ● Same process for all IDPs, same format JWT for all IDPs UX is hard to implement ● Pre-built widgets for Android, iOS, and JavaScript Edge cases are everywhere (merging, mutating, marooning) Where we’ve been What we’ve learned Where we’re going
  • 68. Google Confidential and Proprietary Google Identity Toolkit intends to lower the bar Handles multiple protocols ● Google, Facebook, Yahoo, AOL, Microsoft and Paypal ● Just verify a JWT and issue a session cookie ● Same process for all IDPs, same format JWT for all IDPs UX is hard to implement ● Pre-built widgets for Android, iOS, and JavaScript Edge cases are everywhere (merging, mutating, marooning) Where we’ve been What we’ve learned Where we’re going
  • 69. Google Confidential and Proprietary Identity Toolkit intends to lower the bar Migration for existing sites 1. Upload UIDs, emails, and passwords 2. Implement widgets 3. Slowly roll-out federated login Where we’ve been What we’ve learned Where we’re going
  • 70. Google Confidential and Proprietary Identity Toolkit intends to lower the bar Migration for existing sites 1. Upload UIDs, emails, and passwords 2. Implement widgets 3. Slowly roll-out federated login ○ Yahoo mail users slowly get migrated to Yahoo federation ○ Outlook users slowly get migrated to Microsoft federation ○ Gmail users slowly get migrated to Google federation ○ AOL users slowly get migrated to AOL federation Where we’ve been What we’ve learned Where we’re going
  • 71. Google Confidential and Proprietary Thanks! I’m Jack Greenberg jgreenberg@google.com See https://developers.google.com/identity-toolkit/ to implement it yourself