Passwords don’t scale to the Internet. Tools like 1password and LastPass help, but not enough, and aren’t civilian-friendly. We’d love to do away with passwords but not with security; the Net is full of bad guys who will steal and misuse your data given the slightest opportunity.
The situation is even worse on mobiles, where typing in a password is horribly painful and to be avoided if at all possible.
There have been a succession of standards that are supposed to solve the problem: XACML, SAML, OpenID, OAuth; so far, none of them have got the traction their inventors hoped for. Recently, the chief editor of the OAuth 2 spec stamped out of the room, branding it a failure.
One of the problems is that there’s been lots of focus on security and user experience, but hardly any on Developer Experience; ask, for example, anyone who’s tried to get OAuth 1 working at scale.
This talk summarizes the issues and tries to cover the whole state of play, with a particular focus on mobile issues and on available resources for the OSS developer.
Comments on this page are now closed.
For information on exhibition and sponsorship opportunities at the conference, contact Sharon Cordesse at (707) 827-7065 or email@example.com.
View a complete list of OSCON contacts