online identity getting to know your users
DESCRIPTION
A talk I gave at London Web StandardsTRANSCRIPT
![Page 1: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/1.jpg)
Online IdentityGetting to know your users
Cristiano Betta, Developer Evangelist
![Page 2: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/2.jpg)
Developer Evangelist
![Page 3: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/3.jpg)
Why am I here?
![Page 4: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/4.jpg)
![Page 5: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/5.jpg)
Do we always want to use the same identity?
![Page 6: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/6.jpg)
Should we always want to use the same identity?
![Page 7: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/7.jpg)
Authentication vs Authorisation
![Page 8: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/8.jpg)
![Page 9: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/9.jpg)
![Page 10: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/10.jpg)
A little history lesson
![Page 11: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/11.jpg)
Username + password
![Page 12: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/12.jpg)
![Page 13: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/13.jpg)
Security considerations
![Page 14: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/14.jpg)
Security nightmare
![Page 15: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/15.jpg)
4.7% of users have the password password 8.5% have the passwords password or 123456
9.8% have the passwords password, 123456 or 12345678 14% have a password from the top 10 passwords 40% have a password from the top 100 passwords 79% have a password from the top 500 passwords 91% have a password from the top 1000 passwords Source: xato.net/passwords/more-top-worst-passwords/
![Page 16: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/16.jpg)
wiki.skullsecurity.org/Passwords
![Page 17: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/17.jpg)
45% admit to leaving a website instead of re-setting their password or answering security questionsSource: bit.ly/bluestats
![Page 18: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/18.jpg)
![Page 19: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/19.jpg)
![Page 20: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/20.jpg)
OpenID
![Page 21: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/21.jpg)
![Page 22: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/22.jpg)
![Page 23: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/23.jpg)
OAuth 1.0
![Page 24: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/24.jpg)
![Page 25: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/25.jpg)
Request'Request'Token'
Grant'Request'Token'
Direct'User'to'Service' Obtain'Authoriza:on'
Direct'to'Consumer'Request'Access'Token'
Grant'Access'Token'
Access'Resources'
![Page 26: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/26.jpg)
![Page 27: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/27.jpg)
OAuth 1.0a
![Page 28: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/28.jpg)
![Page 29: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/29.jpg)
OAuth 2.0
![Page 30: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/30.jpg)
OAuth 2.0
![Page 31: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/31.jpg)
Direct'User'to'Service' Obtain'Authoriza5on'
Request'Access'Token'
Grant'Access'Token'
Direct'to'Consumer'Access'Resources'/'Profile'
Consumer' Service-Provider'
![Page 32: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/32.jpg)
![Page 33: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/33.jpg)
OAuth 2.0 and the Road to Hellhomakov.blogspot.de/2013/03/oauth1-oauth2-oauth.html
![Page 34: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/34.jpg)
OAuth 2.0 + OpenID Connect
![Page 35: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/35.jpg)
![Page 36: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/36.jpg)
Identity Providers
![Page 37: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/37.jpg)
Out of 657 surveyed users 66% think that social sign-in is a desirable alternative.Source: bit.ly/bluestats
![Page 38: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/38.jpg)
Google Facebook Twitter
![Page 39: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/39.jpg)
![Page 40: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/40.jpg)
Social vs Concrete
![Page 41: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/41.jpg)
![Page 42: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/42.jpg)
![Page 43: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/43.jpg)
![Page 44: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/44.jpg)
![Page 45: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/45.jpg)
![Page 46: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/46.jpg)
• Name, email, location
![Page 47: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/47.jpg)
• Name, email, location
• Friends, address
![Page 48: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/48.jpg)
• Name, email, location
• Friends, address
• Verified address, payment address, account type
![Page 49: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/49.jpg)
• Name, email, location
• Friends, address
• Verified address, payment address, account type
• Seamless checkout
![Page 50: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/50.jpg)
Demo
![Page 51: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/51.jpg)
The nature of an identity matters
![Page 52: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/52.jpg)
Recognize the difference between authentication and authorization
![Page 53: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/53.jpg)
Well used authorization can improve the user experience beyond plain user identification
![Page 54: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/54.jpg)
The user experience should be enhanced not impaired by user authentication
![Page 55: Online identity getting to know your users](https://reader035.vdocuments.site/reader035/viewer/2022062319/5558ba80d8b42aa52a8b4e2c/html5/thumbnails/55.jpg)