Reducing Identity Pain - Tim Bray (OSCON 2013)

Tim Bray (Google, Inc.) Passwords don't scale to the Internet. Tools like 1password and LastPass help, but not enough, and aren't civilian-friendly. We'd love to do away with passwords but not with security; the Net is full of bad guys who will steal and misuse your data given the slightest opportunity. The situation is even worse on mobiles, where typing in a password is horribly painful and to be avoided if at all possible. There have been a succession of standards that are supposed to solve the problem: XACML, SAML, OpenID, OAuth; so far, none of them have got the traction their inventors hoped for. Recently, the chief editor of the OAuth 2 spec stamped out of the room, branding it a failure. One of the problems is that there's been lots of focus on security and user experience, but hardly any on Developer Experience; ask, for example, anyone who's tried to get OAuth 1 working at scale. This talk summarizes the issues and tries to cover the whole state of play, with a particular focus on mobile issues and on available resources for the OSS developer. Don't miss an upload! Subscribe! http://goo.gl/szEauh Stay Connected to O'Reilly Media by Email - http://goo.gl/YZSWbO Follow O'Reilly Media: http://plus.google.com/+oreillymedia https://www.facebook.com/OReilly https://twitter.com/OReillyMedia