Name: Google I/O 2012 - OAuth 2.0 for Identity and Data Access !
Uploaded: 2013-03-15T16:32:46.000Z
Duration: 58 min 56 s
Description: VoiceTubeの動画で発音を聞きながら英語表現を覚えよう！学べる英語：

I hope you're all here for the OAuth 2 session.

転換語

My name is Ryan Boyd, and I am a developer

Normally, by the day, I'm working on our cloud data

services like Google BigQuery, but OAuth 2 has been a passion

of mine since I started in Google at about 2006.

I was working on our proprietary authorization

protocols, AuthSub and ClientLogin, and I realized

how painful doing authorization for our APIs was

And frankly, I think most developers spend about 80% of

their time dealing with authorization, and then the

other 20% of the time dealing with the actual APIs that they

And it was especially problematic because, back

then, there were these proprietary protocols across

many different API providers, so if you learned how to

interact with Google's APIs using ClientLogin or AuthSub,

and you went over to Yahoo, you might have to use BBAuth.

You went to other providers, you have to use other

So I'm super happy that we've standardized on OAuth for

We had OAuth 1, and that was still a little bit of painful

At least, it was standard across many providers, and now

The draft is nearly complete, any day now, I think.

And with OAuth 2, things got a lot easier for developers, and

OAuth 2 is such a passion of mine that I actually recently

released a book, a few months ago, with O'Reilly, talking

It's a very short book, but gives you a good introduction

So in order to understand OAuth, we first need to

I went sailing last weekend, sailing school, and sailing is

There's way too many terms even for me to remember.

Hopefully, OAuth will be a little bit better than that,

So we're going to introduce a couple terms up front here,

and then throughout the talk, we'll give you some additional

terms that are little bit less important, but are nonetheless

things that are essential to understand OAuth.

Authentication is about verifying the identity of a

user, knowing the user is who they say they are.

When you go and visit a website, and it asks you to

login, you type a user name and password, that website

verifies that you've typed the right password for that

But after it authenticates you, it needs to figure out

what resources you should have access to, and that's what

authorization is all about, making sure that you have

access to your data and only your data, or the very least

So if you went and logged into your email account, and you

had access to your colleague Tom's email, this

So that's what authorization is all about, making sure that

you have access to only the right information.

How many of you ever shared a password with an application,

a third party app, so it can access your data on something

All right, some of you are just being shy here, because

I'm pretty sure everyone in this audience has done that at

some point in time, and this is obviously very bad for the

And it's also very bad for the security of users as, after

You should never be asking them for their passwords for

You have an opportunity, as developers, to eliminate the

need for users to reveal the passwords to your application.

At the same time, you have an opportunity to restrict the

level of data available to your application to only what

your application needs in order to make a good

And then you have an opportunity to allow the users

to revoke access to your app when your application no

This is your opportunity, but it's important to understand.

I believe that you have an obligation to your users, an

字幕リスト動画再生

Google I/O 2012 - OAuth 2.0 for Identity and Data Access !

email

address

mobile

sad