View
15.755
Download
0
Category
Tags:
Preview:
DESCRIPTION
OAuth is more than an authentication protocol. A decade from now, OAuth will be viewed as the great enabler of new business models and wealth creation in the app economy. In this session we'll investigate why many business development ideas don't make it past the whiteboard and how OAuth changes that. We'll tickle our imaginations and explore what is possible in a world where crossing trust boundaries is done with lower risk, more control and higher security. We Will Discuss » - Blockers to Business Innovation - How OAuth Changes the Rules - Re-Imagining the Future of Business Development
Citation preview
Bigger, Better Business withOAuth11.11.17 @ 11:05 PSTVOIP or Dial-in (see chat)
Sam Ramji @sramjiBrian Mulloy @landlessness
groups.google.com/group/api-craft
Your hosts
@sramji@landlessness
4
groups.google.com/group/api-craft
5
youtube.com/apigee
THE PLATFORMIMPERATIVE
Every market in history has had intermediaries
Business CustomersIntermediaries
These intermediaries connect buyers and sellers by knowing what both want and creating convenient ways to transact
Apps are the new intermediaries.
Business CustomersApps
They occupy many niches already and continue to multiply
Data from Wikipedia
0
100,000
200,000
300,000
400,000
500,000
600,000
0
2000000000
4000000000
6000000000
8000000000
10000000000
12000000000
App Store Growth 2008-2011
Apps AvailableTotal App Down-loads
As do devices.
Mary MeekerKleiner Perkins
Companies cannot build for all these niches as each one requires distinct expertise in design and development, and there are too many niches.
As Marc Andreessen observed recently
Marc Andreessen
“ In short, software is eating the world.
We are in the middle of a dramatic and broad technological and economic shift in which software companies are poised to take over large swathes of the economy.
Evans, Hagiu, and Schmalensee explored this deeply in 2006
And Annabelle Gawer has formalized the solution
The platform business model.
PLATFORMSAREOPEN
As we’ve learned from digital natives like
open platforms grow the fastest.
Visualization by Apigee
In the API era of competition, speed is crucial because critical mass leads rapidly to market dominance.
[Ecosystem Competition]
Kishore S. Swaminathan, Chief Scientist, Accenture
Open platforms mean that apps can be built by developers quickly
without formal commitment to joint research, joint development, and joint marketing.
Open platforms decouple partners from the platform provider’s business cycles.
This reduces the cost of innovation,
enabling many more experiments to be made more quickly,
increasing the chance of a major improvement to the platform business, its customers, and its intermediaries.
This is low-friction innovation.
OPENDOES NOT MEANSECURE
This takes us to the stakes required for a digital business in the API era.
For an intermediary to connect a buyer and seller, there must be trust.
The intermediary must be trustworthy, and the transaction must be trustworthy.
In modern businesses, buyers (users)have accounts with sellers (providers)
which are filled with data as well as transaction privileges.
without breaking their relationship with the seller.
For the system to function well,buyers must be able to fire their intermediary
With apps as the intermediary, new dynamics exist on top of the historical foundation.
Apps are new.
They are often short-lived.
Their business model depends on building a high volume of users.
They must have some way to attain their first transaction and be proven or else improved.
And this way must align with the loose coupling philosophy at the heart of an open platform
otherwise we’ve just secured our way back into old-fashioned closed businesses
and killed our platform opportunity.
James GovernorRedmonk
“ 20th Century IT was about raising barriers to entry for competitors.
21st Century IT is about lowering barriers to participation.
So how do you build a trustworthy system in an open world?
It takes an open security architecture.
INTRODUCINGOAUTH
and it’s the right choice for securing open platforms.
It’s a free and open protocol
built on licenses from the Open Web Foundation
The Valet Key Metaphor
Eran Hammer-Lahav compares the OAuth model to a valet key.
This is an apt metaphor.
A Valet Key for Open Platforms
The heart of OAuth is an authorization token with limited rights
which the user can revoke at any timeshould they become suspicious or dissatisfied with the app they’re using to access your business.
When the token is first granted
the business shows the user what rights the app is asking for
and this negotiation is invisible to the app.
A perfect design for bootstrapping trust.
Just Enough Permission
An app should have just enough permission to do the things the user wants it to.
OAuth allows for granular access to the user’s account.
The current alternative is all or none
Give the app your username and password – which gives the app access to everything about you.
In OAuth, permissions can be gracefully upgraded as well.
If the user tries to do something in an app and they haven’t authorized the corresponding permission, the business can give the users the option to add that permission, using the bootstrapping sequence used to grant the token in the first place.
Just Enough Responsibility
App developers are not security experts.
A developer’s job is to make software that does what it is supposed to do.
A security expert’s job is to make sure software never does what it is not supposed to do.
App developers DO NOT WANT the responsibility of holding a user’s secret information.
Usernames and passwords, Credit card and banking information,Lifetime history of everyone you’ve emailed
These are heavy secrets and require heavy security.
The right place for these is within your own business, secured by your own experts and your own infrastructure investments.
Decoupling partners from these challenges
keeps security consistent
with the open platform potential for low-friction innovation.
THE OAUTHIMPERATIVE
The most popular intermediariesare connecting buyers with several complementary sellers at the same time
That increases their value to the buyer
but also multiplies the difficulty and risk of security
If one app holds secrets for many businesses
that app becomes the highest-risk part of the system.
As more businesses follow the platform imperative and add APIs
there is an imperative for the healthy growth of the market through the new intermediaries.
The imperative is to make it easy for developers to build great apps that can delight users and grow businesses.
The imperative is for businessesto standardize on OAuth.
“We have our own version of OAuth”
“We invented something that’s kind of like OAuth”
The imperative is to make it easy for developers to build great apps that can delight users and grow businesses.
The imperative is for businessesto standardize on OAuth.
No developers were harmed in the production of this presentation.
A BRIEF HISTORYOF OAUTH
89
3 B.O.
90
App
91
U CANT HASMAH PASWORDZ!
AppUser
AppDeveloper
PLZ?
92
AppUser
AppDeveloper
Limited
93
94
95
96
NO MOAR 4 U!
APITeam
AppDeveloper
PLZ?
97
AppUser
APITeam
APIAppWorld of
APIsApp
StoreInternalSystems
AppDeveloper
98
BigCustomer
BigCompany
BigPartner
AppUser
APITeam
AppDeveloper
BigCompany
99
4 A.O.
100
AppUser
APITeam
AppDeveloper
BigCustomer
BigCompany
BigPartner
101
a
b
102
capability
security
a
b
103
Questions?
THANK YOUQuestions and ideas to:
@sramji@landlessness
groups.google.com/group/api-craftyoutube.com/apigee
Recommended