Implementing Privacy: OAuth & Token Madness

Ruby, Web Applications
Location: Ballroom A7
Average rating: ****.
(4.33, 3 ratings)

Ever cringe when you’re asked to enter your email address and password to a third party service? Even worse when we build systems which collect people’s credentials. It’s the password anti-pattern.

Privacy and security are important, but when it comes to real running apps, it works wins over it’s secure.

This has two main themes.

  • How to use tokens and other tricks to protect the privacy of your users.
  • While examples will be from a ruby on rails application, this talk is more on general web development practices for privacy.

There is no totally secure or private system out there, especially when we build social web applications. But there are many things which can be done to improve privacy. For each application you have to look at what the threat model is for leaking personal information. Everything from how your user passwords are stored to what happens if a hacker gets a full dump of your database.

  • What happens when a user’s email is compromised by a third party service?
  • How to provide simple sharing with casual privacy.
  • What is ‘good enough’ crypto.
  • Understanding the difference between Authorization and Authentication.

This talk is based on experience designing and architecting Yahoo! Fire Eagle, a location sharing service which was the first implementation of both OAuth and Ruby on Rails at yahoo.

Photo of Rabble Evan Henshaw-Plath

Rabble Evan Henshaw-Plath

cuboxsa.com

Rabble is an independent hacker. He has extensive experience doing ruby on rails development and generally causing a ruckus. He was the architect for Odeo.com and Yahoo! Fire Eagle location broker platform. He’s currently causing trouble with the entp.com kids.

  • Intel
  • Microsoft
  • Google
  • SourceForge.net
  • Sun Microsystems
  • Facebook
  • Gear6
  • Kaltura
  • Liferay
  • MindTouch
  • MySpace.com
  • Novell, Inc.
  • Open Invention Network
  • Rackspace Cloud
  • Schooner Information Technology
  • Silicon Mechanics
  • Symbian Foundation
  • Twilio
  • WSO2
  • Yabarana Corporation

Sponsorship Opportunities

For information on exhibition and sponsorship opportunities at the conference, contact Sharon Cordesse at scordesse@oreilly.com

Download the OSCON Sponsor/Exhibitor Prospectus

Media Partner Opportunities

Download the Media & Promotional Partner Brochure (PDF) for information on trade opportunities with O'Reilly conferences or contact mediapartners@ oreilly.com

Press and Media

For media-related inquiries, contact Maureen Jennings at maureen@oreilly.com

OSCON Newsletter

To stay abreast of conference news and to receive email notification when registration opens, please sign up for the OSCON newsletter (login required)

Contact Us

View a complete list of OSCON contacts