Location for older content from homepage

OLD CONTENT

This site contains public information on Interent Identity topics

To be notified of new posts to this site, or changes, please subscribe to the blog at http://oauthgoog.blogspot.com

Overlap of OAuth, OpenID, SAML, SaaS, 2ndFactorAuth, InfoCards, OpenSocial, Portable Contacts...

OAuthMint - An abstract model for dealing with Identity transformations

Usability Research on Federated Login

Status of Google as an RP

Account Chooser approach

Identifier first and password managers

Sample site incorporating latest usability research (includes videos of key features)

Research Summary

Best practices for RP account-linking logic

Removing support for an IDP

Using OpenID without having to change your login box

Overview of hybrid onboarding

Formal announcement (part 1 and part 2) of Google's OpenID IDP, including documentation and discussion group

Announcement of Google's support for the PopUp style UI

Yahoo UX Research on their IDP endpoint

Thoughts on combining Google & Yahoo OpenID UX research

Early UX notes on browser integration for federated login (especially IDP discovery) [See IIW 2009b notes]

An early draft proposal for a Personal Discovery Service to bootstrap IDP discovery without a browser extension

A draft of a Central Discovery Service specific to federated login is also available (or see slide version)

Early UX notes on privacy and authentication

Mobile apps for complex login systems

In-depth article by a journalist covering the usability of OpenID

Google's UI Research on login boxes that support federated login (Originally presented at the OpenID Concent Advisory Council on September 18, 2008 and announced in this blog post)

Information on another approach that simply asks for Email in the login box

Slide deck on the background of Google's FedLogin research

Additional UX feedback for sites that require unique usernames

Working prototypes of this UI and others

UX research on desktop apps using federated login and/or OAuth

Auto-detecting OAuth approval from a desktop app

Videos of that desktop prototype with different federated login and strong authentication mechanisms

Early UX notes on authorizing rich-client devices without a web browser

OpenID IDP certification checklist

Suggested best-practices for identity providers to protect user passwords from dictionary attacks

Early UX notes on strong authentication

Early UX notes on timeouts and password reprompts

Adding PINs to a relying party site

Suggested Identity blogs to follow

The challenges of Active Clients

Mozilla summary of why they shut down Persona

Sign Out behavior

June 2013 research report by Google

Attribute Providers

The content on this topic has moved to the OpenAXN working group site

OAuth2 Assertion Flows

Generating OAuth2 assertions from a Google App Engine app

Sending OAuth2 assertions to a Google API

Google authored articles on OAuth

Overview of OAuth for Product/Project Managers

Guide to user interface issues of OAuth

OAuth WRAP Profile

Discussion Group

MSFT PDC pre-announcement

Google's experimental OAuth-WRAP support

Google APIs accessible via OAuth

Google Data API documentation (Apps, Base, Blogger, Calendar, Code Search, Contacts, Finance Portfolio, Health, Notebook, Spreadsheets, Picasa Web Albums, Documents, Webmaster Tools, YouTube, etc.)

Documentation on OAuth Authentication for Web Applications and Using OAuth with the Google Data API Client Libraries

Using GData from Gadgets

More resources

Experimental support for OAuth with IMAP

Hybrid Protocol (OAuth + OpenID)

Business Goals

Collaborative site for protocol development (Step2)

Jan 29 2009 Google announcement of hybrid support

Demo of hybrid protocol (the source is also available)

Proposal for an OpenID OAuth extension (spec)

Proposal for an OAuth extension Supporting Unregistered Consumers (spec)

Protocol Description (Archival interest only, superseded by the spec proposals above)