March 10, 2008

The Need for Delegated Authentication

The net is abuzz today about a scam application that is stealing people's G-mail account credentials.
Or rather, the app is mis-using those account credentials when people hand them over to the application.

Sound familiar? Yes, that's exactly the sort of issue that Windows Live ID Delegated Authentication is intending to combat.

If I think about an archiver application for an online mailbox, then I would want to allow it to do this action on your behalf:

  • Read a copy of each e-mail in your mailbox

But NOT allow it to do these things:

  • Send e-mail on your behalf
  • Delete items in your mailbox
  • Access any of your other data (Contacts, Calender, etc) apart from your mailbox

So how does Delegated Authentication help in this case?

Delegated Authentication is a way to permit access to personal information, but with more precise control over access and usage permissions than the current binary decision (that is, fully on or fully off) that comes with the generally bad practice of handing over your account credentials to another Web site.

[ Delegated Auth Whitepaper ]

In other words, if I were using this particular app, I would want to grant it something like a Mailbox.Read permission only, but not Mailbox.Write or Mailbox.Send or Calender.Read or Contacts.Read, and definitely not giving it my full acccount credentials.

The core principles here are that people should scope the permissions they grant to an application to access their data in the cloud, and they should get out of the bad habit of handing over their account credentials (such as passwords)

Angus Logan posted an impassioned statement showing why Live ID users should only even enter their account credential into their identity provider (login.live.com), which is a timely reminder to all Live ID users.

We also took a very strong stance on this in the Delegated Auth Whitepaper:

Only hand over your password and account credentials to your identity provider (for example, Windows Live ID), and to NO ONE else.

Hopefully today's issue will act as a wakeup call to the industry and result in a very serious look at consent-based data access techniques like Windows Live ID Delegated Authentication

Entry categories: Live ID
Posted by Jorgen Thelin at March 10, 2008 11:52 AM - [PermaLink]
 
Traceback List
Delivering Data Portability (Part 2) - Sharing Contacts Between Social Networks
Excerpt: Today sees another a huge step forward for the social networking world by enabling sharing of contacts and friends lists BETWEEN different social networks - yet in a safe and secure way that firmly gives users the choice of how to use and control their...
Weblog: TheArchitect.co.uk - Jorgen Thelin's weblog
Tracked: March 25, 2008 01:31 AM
Delivering Data Portability (Part 2) - Sharing Contacts Between Social Networks
Excerpt: Today sees another a huge step forward for the social networking world by enabling sharing of contacts and friends lists BETWEEN different social networks - yet in a safe and secure way that firmly gives users the choice of how to use and control their...
Weblog: TheArchitect.co.uk - Jorgen Thelin's weblog
Tracked: March 25, 2008 02:11 PM