Home‎ > ‎

Location for older content from homepage


 This site contains public information on Interent Identity topics
To be notified of new posts to this site, or changes, please subscribe to the blog at http://oauthgoog.blogspot.com

Overlap of OAuth, OpenID, SAML, SaaS, 2ndFactorAuth, InfoCards, OpenSocial, Portable Contacts...

Usability Research on Federated Login
Sample site incorporating latest usability research (includes videos of key features)
Research Summary
Best practices for RP account-linking logic
Overview of hybrid onboarding
Formal announcement (part 1 and part 2) of Google's OpenID IDP, including documentation and discussion group
Announcement of Google's support for the PopUp style UI
Yahoo UX Research on their IDP endpoint
Thoughts on combining Google & Yahoo OpenID UX research
Early UX notes on browser integration for federated login (especially IDP discovery) [See IIW 2009b notes]
An early draft proposal for a Personal Discovery Service to bootstrap IDP discovery without a browser extension
A draft of a Central Discovery Service specific to federated login is also available (or see slide version)
Early UX notes on privacy and authentication
In-depth article by a journalist covering the usability of OpenID
Google's UI Research on login boxes that support federated login (Originally presented at the OpenID Concent Advisory Council on September 18, 2008 and announced in this blog post)
Information on another approach that simply asks for Email in the login box
Slide deck on the background of Google's FedLogin research
Additional UX feedback for sites that require unique usernames
Working prototypes of this UI and others
UX research on desktop apps using federated login and/or OAuth
Auto-detecting OAuth approval from a desktop app
Videos of that desktop prototype with different federated login and strong authentication mechanisms
OpenID IDP certification checklist
Suggested best-practices for identity providers to protect user passwords from dictionary attacks
Early UX notes on strong authentication

Google APIs accessible via OAuth
Google Data API documentation (Apps, Base, Blogger, Calendar, Code Search, Contacts, Finance Portfolio, Health, Notebook, Spreadsheets, Picasa Web Albums, Documents, Webmaster Tools, YouTube, etc.)
Documentation on OAuth Authentication for Web Applications and Using OAuth with the Google Data API Client Libraries
More resources
Experimental support for OAuth with IMAP

Hybrid Protocol (OAuth + OpenID)
Business Goals
Collaborative site for protocol development (Step2)
Jan 29 2009 Google announcement of hybrid support
Demo of hybrid protocol (the source is also available)
Proposal for an OpenID OAuth extension (spec)
Proposal for an OAuth extension Supporting Unregistered Consumers (spec)
Protocol Description (Archival interest only, superseded by the spec proposals above)
Extended Association Protocol
Presentation on Hybrid Protocol

OAuth Proxy
Presentation on OAuth Proxy
Blog post on oauth.net - including proposal for key rotation and gadget extension
OAuth Proxy to SSO Integration Guide

Two Legged OAuth
Google I/O 2009 presentations on
Enterprise use of 2-legged OAuth (see Part 2 of slides or video)
Enterprise use of GData APIs with 2-legged OAuth [coming end of May]

OAuth + Google Apps Engine
Sample app that runs on Google Apps Engine and connects to Google Health via OAuth, including open source code

IDP as a Service (OpenID & SAML)
See Part1 of slides or video
LDAP type (directory access) cloud service