Green Button, OpenID & OAuth
Outline
-
Green Button Developers
-
Atom XML
-
OAuth 2.0
-
OpenID
-
OpenID Connect
Green Button Developers
-
Metered resources
-
electricity
-
gas
-
water.
-
-
Using atom+xml based streams of Energy Usage
-
Information (EUI) encapsulated within an Atom Feed
-
Green Button Developers
Green Button Developers
-
Atom Syndication Format Standard
-
Using atom+xml based streams of Energy Usage
-
Information (EUI) encapsulated within an Atom Feed
-
-
XML schema References
Atom XML
-
Atom Syndication Format Standard
-
Web feed and News feed
-
RFC 4287
-
RFC 5023
Atom XML Data
<?xml version="1.0" encoding="utf-8"?>
<feed xmlns="http://www.w3.org/2005/Atom">
<title>Example Feed</title>
<subtitle>A subtitle.</subtitle>
<link href="http://example.org/feed/" rel="self" />
<link href="http://example.org/" />
<id>urn:uuid:60a76c80-d399-11d9-b91C-0003939e0af6</id>
<updated>2003-12-13T18:30:02Z</updated>
<author>
<name>John Doe</name>
<email>johndoe@example.com</email>
</author>
<entry>
<title>Atom-Powered Robots Run Amok</title>
<link href="http://example.org/2003/12/13/atom03" />
<link rel="alternate" type="text/html" href="http://example.org/2003/12/13/atom03.html"/>
<link rel="edit" href="http://example.org/2003/12/13/atom03/edit"/>
<id>urn:uuid:1225c695-cfb8-4ebb-aaaa-80da344efa6a</id>
<updated>2003-12-13T18:30:02Z</updated>
<summary>Some text.</summary>
</entry>
</feed>OAuth
-
A open Standard
-
Commonly used as a way for Internet users to grant
- websites and applications access to their information
-
Designed specifically to work with Hypertext Transfer Protocol (HTTP)
-
Essentially allows access tokens to be issued to third-party clients by an authorization
OpenID
-
It allows users to be authenticated by co-operating sites (known as relying parties, or RP) using a third-party service.
OpenID connect
-
It is an authentication layer on top of OAuth 2.0
-
The standard is controlled by the OpenID Foundation.
Authentication
OpenID and OAuth difference
-
OpenID is about authentication (ie. proving who you are)
-
OAuth is about authorization (ie. to grant access to functionality/data/etc.. without having to deal with the original authentication).
-
OAuth could be used in external partner sites to allow access to protected data without them having to re-authenticate a user.
OpenID, OpenID Connect and OAuth difference
-
OpenID and OpenID Connect are authentication protocols while OAuth2 is an authorization protocol.
-
The most significant difference between OpenID Connect and OAuth2 is the id_token.
-
OIDC contains an id_token while OAuth2 does not.
-
-
In OpenID Connect it contains user info endpoint while OAuth2 does not.
-
OpenID Connect defines how to send a signed and encrypted request object where OAuth2 does not.
OpenID scenario
-
The scenario for OpenID:
-
User wants to access his account on example.com
-
example.com (the "Relying Party" in OpenID lingo) asks the user for his OpenID
-
User enters his OpenID
example.com redirects the user to his OpenID provider -
User authenticates himself to the OpenID provider
OpenID provider redirects the user back to example.com
example.com allows the user to access his account
-
OAuth scenario
-
And now the scenario for OAuth
-
User is on example.com and wants to import his contacts from mycontacts.com
-
example.com (the "Consumer" in OAuth lingo) redirects the user to mycontacts.com (the "Service Provider")
- User authenticates himself to mycontacts.com (which can happen by using OpenID)
- mycontacts.com asks the user whether he wants to authorize example.com to access his contacts
- User makes his choice
- mycontacts.com redirects the user back to example.com
- example.com retrieves the contacts from mycontacts.com
- example.com informs the user that the import was successful
-
Summary
