Location for older content from homepage
OLD CONTENT
This site contains public information on Interent Identity topics
To be notified of new posts to this site, or changes, please subscribe to the blog at http://oauthgoog.blogspot.com
Overlap of OAuth, OpenID, SAML, SaaS, 2ndFactorAuth, InfoCards, OpenSocial, Portable Contacts...
OAuthMint - An abstract model for dealing with Identity transformations
Usability Research on Federated Login
Identifier first and password managers
Sample site incorporating latest usability research (includes videos of key features)
Research Summary
Best practices for RP account-linking logic
Using OpenID without having to change your login box
Overview of hybrid onboarding
Formal announcement (part 1 and part 2) of Google's OpenID IDP, including documentation and discussion group
Announcement of Google's support for the PopUp style UI
Yahoo UX Research on their IDP endpoint
Thoughts on combining Google & Yahoo OpenID UX research
Early UX notes on browser integration for federated login (especially IDP discovery) [See IIW 2009b notes]
An early draft proposal for a Personal Discovery Service to bootstrap IDP discovery without a browser extension
A draft of a Central Discovery Service specific to federated login is also available (or see slide version)
Early UX notes on privacy and authentication
Mobile apps for complex login systems
In-depth article by a journalist covering the usability of OpenID
Google's UI Research on login boxes that support federated login (Originally presented at the OpenID Concent Advisory Council on September 18, 2008 and announced in this blog post)
Information on another approach that simply asks for Email in the login box
Slide deck on the background of Google's FedLogin research
Additional UX feedback for sites that require unique usernames
Working prototypes of this UI and others
UX research on desktop apps using federated login and/or OAuth
Auto-detecting OAuth approval from a desktop app
Videos of that desktop prototype with different federated login and strong authentication mechanisms
Early UX notes on authorizing rich-client devices without a web browser
OpenID IDP certification checklist
Suggested best-practices for identity providers to protect user passwords from dictionary attacks
Early UX notes on strong authentication
Early UX notes on timeouts and password reprompts
Adding PINs to a relying party site
Suggested Identity blogs to follow
The challenges of Active Clients
Mozilla summary of why they shut down Persona
Sign Out behavior
June 2013 research report by Google
Attribute Providers
The content on this topic has moved to the OpenAXN working group site
OAuth2 Assertion Flows
Generating OAuth2 assertions from a Google App Engine app
Sending OAuth2 assertions to a Google API
Google authored articles on OAuth
Overview of OAuth for Product/Project Managers
Guide to user interface issues of OAuth
Google's experimental OAuth-WRAP support
Google APIs accessible via OAuth
Google Data API documentation (Apps, Base, Blogger, Calendar, Code Search, Contacts, Finance Portfolio, Health, Notebook, Spreadsheets, Picasa Web Albums, Documents, Webmaster Tools, YouTube, etc.)
Documentation on OAuth Authentication for Web Applications and Using OAuth with the Google Data API Client Libraries
More resources
Experimental support for OAuth with IMAP
Hybrid Protocol (OAuth + OpenID)
Collaborative site for protocol development (Step2)
Jan 29 2009 Google announcement of hybrid support
Demo of hybrid protocol (the source is also available)
Proposal for an OpenID OAuth extension (spec)
Proposal for an OAuth extension Supporting Unregistered Consumers (spec)
Protocol Description (Archival interest only, superseded by the spec proposals above)
Presentation on Hybrid Protocol
OAuth Proxy
Documentation (Old draft documentation)
Walkthrough of MySpace gadget and Google Contacts gadget
Presentation on OAuth Proxy
Blog post on oauth.net - including proposal for key rotation and gadget extension
OAuth Proxy to SSO Integration Guide
Two Legged OAuth
Google I/O 2009 presentations on
Enterprise use of 2-legged OAuth (see Part 2 of slides or video)
Enterprise use of GData APIs with 2-legged OAuth [coming end of May]
Open Social REST APIs & 2-legged OAuth
OAuth + Google Apps Engine
Sample app that runs on Google Apps Engine and connects to Google Health via OAuth, including open source code
IDP as a Service (OpenID & SAML)
LDAP type (directory access) cloud service