Securing Your Ecosystem (FOWA Las Vegas 2011)
- 1. Securing your ecosystem @raffi http://www.flickr.com/photos/mklingo/
- 2. Speaking at @fowa! Let’s talk about securing ecosystems & let’s talk @twitterapi! 29 Jun via Twitter for iPhone from Meet, Las Vegas 233 South 4th Street Las Vegas, Nevada 89101 View Tweets at this place
- 4. >660K Developers on @twitterAPI
- 5. >900K Apps + The Official ones
- 6. >200M users on @twitter
- 8. Users are paramount http://www.flickr.com/photos/ilya/
- 9. Users need 2 things protected ⇢ identity ⇢ data http://www.flickr.com/photos/ilya/
- 10. Security is hard to bolt on “later” http://www.flickr.com/photos/ragzrejected/
- 13. Case study in @twitterAPI
- 14. We used to be basic auth
- 15. raffi ← Username : totallysecure ← Password
- 16. Base64(raffi:totallysecure) cmFmZmk6dG90YWxseXNlY3VyZQ==
- 17. GET /secure HTTP/1.1 Host: localhost Authorization: Basic cmFmZmk6dG90YWxseXNlY3VyZQ==
- 19. OAuth
- 20. The carrot
- 21. further protect our users ⇢ mandate the use of OAuth ⇢ understand where our traffic is coming from
- 22. This conversion was a challenge
- 23. And... One more time, protect our users ⇢ break out a new permissions model ⇢ try to make it extremely clear to a user what apps are doing
- 24. Be really really really (really) ∞ explicit
- 25. Check back with me next year — i might be able to say how it went
- 27. What would I do if i were you? ⇢ forget basic auth! ⇢ go straight to OAuth 2 ⇢ understand your “problem”
- 28. Make sure to have the tools you need http://www.flickr.com/photos/11872189@N00/
- 29. Our Users @taylorswift13
- 31. Follow me Questions? @raffi