Passwords don’t scale to the Internet. Tools like 1password and LastPass help, but not enough, and aren’t civilian-friendly. We’d love to do away with passwords but not with security; the Net is full of bad guys who will steal and misuse your data given the slightest opportunity.
The situation is even worse on mobiles, where typing in a password is horribly painful and to be avoided if at all possible.
There have been a succession of standards that are supposed to solve the problem: XACML, SAML, OpenID, OAuth; so far, none of them have got the traction their inventors hoped for. Recently, the chief editor of the OAuth 2 spec stamped out of the room, branding it a failure.
One of the problems is that there’s been lots of focus on security and user experience, but hardly any on Developer Experience; ask, for example, anyone who’s tried to get OAuth 1 working at scale.
This talk summarizes the issues and tries to cover the whole state of play, with a particular focus on mobile issues and on available resources for the OSS developer.
Help us make this conference the best it can be for you. Have questions you'd like this speaker to address? Suggestions for issues that deserve extra attention? Feedback that you'd like to share with the speaker and other attendees?
Join the conversation here (requires login)
For information on exhibition and sponsorship opportunities at the conference, contact Sharon Cordesse at (707) 827-7065 or firstname.lastname@example.org.
View a complete list of OSCON contacts