OLD CONTENT This site contains public information from Google that is shared with open source communities working on projects in the identity space To be notified of new posts to this site, or changes, please subscribe to the blog at http://oauthgoog.blogspot.com Overlap of OAuth, OpenID, SAML, SaaS, 2ndFactorAuth, InfoCards, OpenSocial, Portable Contacts... Usability Research on Federated Login Sample site incorporating latest usability research (includes videos of key features) Research Summary Best practices for RP account-linking logic Using OpenID without having to change your login box Overview of hybrid onboarding Formal announcement (part 1 and part 2) of Google's OpenID IDP, including documentation and discussion group Announcement of Google's support for the PopUp style UI Yahoo UX Research on their IDP endpoint Thoughts on combining Google & Yahoo OpenID UX research Early UX notes on browser integration for federated login (especially IDP discovery) [See IIW 2009b notes] An early draft proposal for a Personal Discovery Service to bootstrap IDP discovery without a browser extension Early UX notes on privacy and authentication In-depth article by a journalist covering the usability of OpenID Google's UI Research on login boxes that support federated login (Originally presented at the OpenID Concent Advisory Council on September 18, 2008 and announced in this blog post) Information on another approach that simply asks for Email in the login box Slide deck on the background of Google's FedLogin research Additional UX feedback for sites that require unique usernames Working prototypes of this UI and others UX research on desktop apps using federated login and/or OAuth Auto-detecting OAuth approval from a desktop app Early UX notes on authorizing rich-client devices without a web browser OpenID IDP certification checklist Suggested best-practices for identity providers to protect user passwords from dictionary attacks Early UX notes on strong authentication Early UX notes on timeouts and password reprompts Attribute Providers
OAuth2 Assertion Flows Google authored articles on OAuth Google Data API documentation (Apps, Base, Blogger, Calendar, Code Search, Contacts, Finance Portfolio, Health, Notebook, Spreadsheets, Picasa Web Albums, Documents, Webmaster Tools, YouTube, etc.) Documentation on OAuth Authentication for Web Applications and Using OAuth with the Google Data API Client Libraries More resources Experimental support for OAuth with IMAP Hybrid Protocol (OAuth + OpenID) Business Goals Protocol Description (Archival interest only, superseded by the spec proposals above) Extended Association Protocol Presentation on Hybrid Protocol OAuth Proxy Documentation (Old draft documentation) Social OAuth Proxy Walkthrough of MySpace gadget and Google Contacts gadget Presentation on OAuth Proxy Two Legged OAuth Google I/O 2009 presentations on Enterprise use of 2-legged OAuth (see Part 2 of slides or video) Sample app that runs on Google Apps Engine and connects to Google Health via OAuth, including open source code IDP as a Service (OpenID & SAML) See Part1 of slides or video |