Web Service Authentication with BBAuth

1
Web Service Authenticationwith BBAuth

• Dan Theurer, Technical Evangelist
• Yahoo! Developer Network
• WWW2007 Conference, Banff , CA May 12th
  2007 2007

2
Its about data

• Provide programmatic
• access to data that is
• stored on Yahoo!
• -gt Web service
• Integration (Internal / External / Partners)
• Enable users to consume data in their own way
• Mixing and Remixing Content.
• Beyond the browser mobile, desktop, etc.

3
Yahoo! APIs
4
The Power of Authentication

• At this point it gets really interesting. Not
  only can you write at that point but you can get
  personalized content.
• Authenticated APIs
• Your Bookmarks
• Your Events
• Your Photos
• Your Mail - New
• Y! Mail is a biggest online email platform with
  over 250 million users.
• A multiple of that in total registered users

5
Browser Based Authentication

• Similar to Flickr Auth
• Recent implementations are
• OpenAuth from AOL
• Windows Live ID from Microsoft.
• Potential to enable a lot of data API's
• It can be used to log in to different
  applications with a Yahoo! ID.
• ID part was an easy add, main idea was to provide
  access to YOUR data

6
Single Sign-Onidproxy.net - menuism.com -
buxfer.com
7
How Browser-Based Authentication Works
8
BBAuth Demo
9
BBAuth Application Flow
In the re-direct to the applications success
URL, Yahoo includes a token
The calls are signed with the secret issued by
Yahoo.
Application submits signed appid and token
cookie WSSID (in response body)
api.login.yahoo.com
foo.net
Endpoint?appidxyzWSSID123 and cookie in header

• cookies are valid for one hour
• foo.net can re-submit token for a fresh cookie
  for up to 14 days

Data
10
Contact

• Yahoo! Developer Network Blog
• http//developer.yahoo.com/blog
• My Info
• http//theurer.cc/blog
• dan_at_yahoo-inc.com
• Slides
• http//theurer.cc/talks/2007www_final.ppt

11
(No Transcript)
12
(No Transcript)
13
(No Transcript)
14
(No Transcript)