This site contains public information from Google that is shared with open source communities working on projects in the identity space To be notified of new posts to this site, or changes, please subscribe to the blog at http://oauthgoog.blogspot.com/ Overlap of OAuth, OpenID, SAML, SaaS, 2ndFactorAuth, InfoCards, OpenSocial, Portable Contacts... Usability Research on Federated Login Research Summary Google's UI Research on login boxes that support federated login (Originally presented at the OpenID Concent Advisory Council on September 18, 2008 and announced in this blog post) Information on another approach that simply asks for Email in the login box Slide deck on the background of Google's FedLogin research Additional UX feedback for sites that require unique usernames Working prototypes of this UI and others Overview of hybrid onboarding UX research on desktop apps using federated login and/or OAuth Auto-detecting OAuth approval from a desktop app Formal announcement (part 1 and part 2) of Google's OpenID IDP, including documentation and discussion group Announcement of Google's support for the PopUp style UI Yahoo UX Research on their IDP endpoint Thoughts on combining Google & Yahoo OpenID UX research In-depth article by a journalist covering the usability of OpenID Early UX notes on browser integration for federated login (especially IDP discovery) [See IIW 2009b notes] An early draft proposal for a Personal Discovery Service to bootstrap IDP discovery without a browser extension Suggested best-practices for identity providers to protect user passwords from dictionary attacks Early UX notes on strong authentication Early UX notes on privacy and authentication Early UX notes on timeouts and password reprompts Early UX notes on authorizing rich-client devices without a web browser Google authored articles on OAuth Google Data
API documentation (Apps, Base, Blogger, Calendar, Code Search,
Contacts, Finance Portfolio, Health, Notebook, Spreadsheets, Picasa Web
Albums, Documents, Webmaster Tools, YouTube, etc.) Documentation on OAuth Authentication for Web Applications and Using OAuth with the Google Data API Client Libraries More resources Hybrid Protocol (OAuth + OpenID) Business Goals Protocol Description (Archival interest only, superseded by the spec proposals above) Extended Association Protocol Presentation on Hybrid Protocol OAuth Proxy Documentation (Old draft documentation) Social OAuth Proxy Walkthrough of MySpace gadget and Google Contacts gadget Presentation on OAuth Proxy Two Legged OAuth Google I/O 2009 presentations on Enterprise use of 2-legged OAuth (see Part 2 of slides or video) Sample app that runs on Google Apps Engine and connects to Google Health via OAuth, including open source code IDP as a Service (OpenID & SAML) See Part1 of slides or video Events Gartner Identity and Access management Summit 2009 (slides of Eric Sachs keynote) The 92% success demo IIW 2008b on Nov 10-12, 2008 Google presentation on Background of Federated Login research Digital Identity World on September 10, 2008 Presentation on OAuth and WS-Trust OAuth Summit on June 26, 2008 Announcement of OAuth for all Google Data APIs (and MySpace's similar announcement the same day) Google Contacts (including our E-mail usernames @google.com) Google Security Product Managers: Eric Sachs <esachs> and Yariv Adan <yariv> Google security engineers: Dirk Balfanz <balfanz>, Breno de Medeiros <breno>, Brian Eaton <beaton> |