<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<br>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style></style>
<table class="backgroundTable" width="100%" bgcolor="#ffffff"
cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td valign="top" align="left">
<table cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="border-top: 0px solid rgb(0, 0, 0);
border-bottom: 1px solid rgb(255, 255, 255);
background-color: rgb(255, 255, 255); text-align:
center;" align="center"><span style="font-size:
10px; color: rgb(96, 96, 96); line-height: 200%;
font-family: verdana; text-decoration: none;">Email
not
displaying correctly? <a
href="http://www.oplin.org/4cast/"
style="font-size: 10px; color: rgb(0, 0, 255);
line-height: 200%; font-family: verdana;
text-decoration: none;">View
it in your browser.</a></span></td>
</tr>
<tr>
<td style="border-top: 0px solid rgb(51, 51, 51);
border-bottom: 0px solid rgb(255, 255, 255);
background-color: rgb(255, 255, 255);">
<center><a href=""><img id="editableImg1"
src="cid:part2.08070608.05040503@oplin.org"
title="OPLIN" alt="OPLIN 4Cast" align="middle"
border="0"></a></center>
</td>
</tr>
</tbody>
</table>
<table style="width: 763px; height: 877px;"
bgcolor="#ffffff" cellpadding="20" cellspacing="0">
<tbody>
<tr>
<td style="font-size: 12px; color: rgb(0, 0, 0);
line-height: 150%; font-family: trebuchet ms;"
valign="top"
background="http://www.oplin.org/4cast/wp-content/themes/4cast/images/kubrickbgwide.jpg"
bgcolor="#ffffff">
<p><!-- Make sure you modify the 4Cast title in this section -->
<span style="font-size: 20px; font-weight: bold;
color: rgb(0, 0, 0); font-family: arial;
line-height: 110%;">OPLIN 4Cast #321: "Social
login" authentication</span><br>
<!-- Make sure you modify the date of the 4Cast in this section -->
<span style="font-size: 11px; font-weight: normal;
color: rgb(102, 102, 102); font-style: italic;
font-family: arial;">February 13th, 2013</span></p>
<!-- Begin copy of Web Source here -->
<p style="text-align: justify;font-size: 16px;
font-family: arial; line-height: 110%;"><img
alt="social login"
src="cid:part4.08030101.00000603@oplin.org"
height="78" width="170" align="left">Unless you
spend very little time on the web, you've probably
been to sites that require you to log in, but give
you the option of using your Facebook or Twitter
(or some other) account to log in instead of
creating (and remembering) yet another username
and password. This "social login" option is
popular with the public, but can create problems
when the computer code running in the background
is configured poorly. That's what happened to
people on many websites for a short time last
Thursday, when using their Facebook login on other
sites took them to a Facebook page instead of the
website they wanted. Social login can also lead to
some security problems. So perhaps it may not be
time (yet) to let your patrons access their
library accounts using their social media
accounts.
</p>
<div> </div>
<ul style="text-align: left;">
<li style="text-align: justify; font-size: 16px;
font-family: arial; line-height: 110%;"><a
href="http://www.scmagazine.com/fraud-could-rise-if-retail-customers-use-facebook-login/article/279490/">Fraud
could rise if retail customers use Facebook
login</a> (SC Magazine/Danielle Walker)
"'[T]he lack of identity proofing and weak
authentication for social network identities can
expose merchants to more fraud,' Gartner said.
'Service providers therefore have to defend
themselves. They may allow social network
registration, but augment the process with
additional controls when a retail site provides
access to sensitive data and monetary
transactions.' The trend will, however, fuel
higher demand of specialized vendors that
support the use of social networking identities
through 'open standard,' or publicly available,
authentication systems like OpenID or OAuth,
which are used by sites like Twitter and
Facebook, [Gartner Research VP Ant] Allan said."</li>
<li style="text-align: justify; font-size: 16px;
font-family: arial; line-height: 110%;"><a
href="http://readwrite.com/2013/02/07/facebook-hijacks-internet-sites-for-an-hour">Facebook
hijacks Internet sites for an hour Thursday
afternoon</a> (ReadWrite/Dan Rowinski) "The
Facebook connection was not just passively
disrupting sites, as Web plugins sometimes do,
but actively dragging users away from their
destination sites to Facebook's own platform.
Developers at Say Media, ReadWrite's parent
company, believe that the problem was caused by
Facebook Connect having problems with oAuth
authentication that allows users to sign into a
site using their Facebook profiles."</li>
<li style="text-align: justify; font-size: 16px;
font-family: arial; line-height: 110%;"><a
href="http://www.theregister.co.uk/2013/02/04/twitter_oauth_apps_logged_in_with_old_passwords/">Twitter
clients stay signed in with pre-breach
passwords</a> (The Register/Simon Sharwood)
"Twitter spokesperson Jim Prosser did not deny
that clients can continue to access the service
even after passwords have been changed, and told
<em>The Reg</em>, by email, that 'TweetDeck and
other clients use [open authentication standard]
OAuth, so as long as you don't sign out, you
don't have to re-input your credential every
time you open the app.' Prosser has also pointed
out that the situation described above is an
OAuth token issue, not a password issue."</li>
<li style="text-align: justify; font-size: 16px;
font-family: arial; line-height: 110%;"><a
href="http://www.zdnet.com/googles-continuing-odyssey-to-sink-passwords-7000010307/">Google's
continuing odyssey to sink passwords</a>
(ZDNet/John Fontana) "What hasn't changed,
however, is the Achilles Heel that affects
Google and other consumer identity federation
schemes - the relying party role. These are the
Web sites that leave it up to companies like
Google, Yahoo, Microsoft, Facebook and others to
issue identities. The relying party is the one
that accepts those credentials for
authentication and must check with the issuer
(known as the IdP) to confirm they are valid.
The relying party problem is akin to not having
any merchants (relying parties) that will accept
your credit card."</li>
</ul>
<div style="text-align: left;"> </div>
<p style="text-align: left; font-size: 20px;
font-family: arial; line-height: 110%;"><small><strong><em>Graphic
fact:</em></strong></small><br>
</p>
<div style="text-align: justify; font-size: 16px;
font-family: arial; line-height: 110%;">There's a
nice graphic on the Wikipedia <a
href="http://en.wikipedia.org/wiki/OAuth#OpenID_vs._pseudo-authentication_using_OAuth">OAuth
page</a> that illustrates how OAuth and OpenID
work in simple terms.
</div>
<div style="text-align: left;"> </div>
<!-- End paste of web source here --> </td>
</tr>
<tr>
<td style="" solid="" background-color:="" rgb(255,=""
255,="" 255);="" >="" valign="top" width="760"
background="http://www.oplin.org/4cast/wp-content/themes/4cast/images/kubrickbgwide.jpg"><span
style="font-size: 10px; color: rgb(96, 96, 96);
line-height: 100%; font-family: verdana;">
<hr><!-- Begin standard subscription verbiage -->
<div style="text-align: justify;">The <strong><em>OPLIN
4cast</em></strong>
is a weekly compilation of
recent headlines, topics, and trends that could
impact public
libraries. You can subscribe to it in a variety
of ways, such as: <br>
</div>
<div style="text-align: left;"> </div>
<ul>
<li style="text-align: justify;"><strong>RSS
feed.</strong>
You
can receive the OPLIN 4cast
via RSS feed by subscribing to the following
URL:
<a class="moz-txt-link-freetext" href="http://www.oplin.org/4cast/index.php/?feed=rss2">http://www.oplin.org/4cast/index.php/?feed=rss2</a>.
</li>
<li style="text-align: justify;"><strong>Live
Bookmark.</strong>
If you're using the Firefox
web browser, you can go to the 4cast website
(<a class="moz-txt-link-freetext" href="http://www.oplin.org/4cast/">http://www.oplin.org/4cast/</a>) and click on the
orange "radio wave" icon
on the right side of the address bar. In
Internet Explorer 7, click on
the same icon to view or subscribe to the
4cast RSS feed. </li>
<li style="text-align: justify;"><strong>E-mail.</strong>
You
can have the OPLIN 4cast
delivered via e-mail (a'la OPLINlist and
OPLINtech) by subscribing to
the 4cast mailing list at
<a class="moz-txt-link-freetext" href="http://mail.oplin.org/mailman/listinfo/OPLIN4cast">http://mail.oplin.org/mailman/listinfo/OPLIN4cast</a>.
</li>
</ul>
</span> </td>
</tr>
<tr>
<td style="border-top: 0px solid rgb(255, 255, 255);
background-color: rgb(255, 255, 204);" valign="top"
width="760"
background="http://www.oplin.org/4cast/wp-content/themes/4cast/images/kubrickfooter.jpg">
<br>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<title>OPLIN 4Cast</title>
<style>
.headerTop { background-color:#FFFFFF; border-top:0px solid #000000; border-bottom:1px solid #FFFFFF; text-align:center; }
.adminText { font-size:16px; color:#0000FF; line-height:200%; font-family:verdana; text-decoration:none; }
.headerBar { background-color:#FFFFFF; border-top:0px solid #333333; border-bottom:0px solid #FFFFFF; }
.title { font-size:20px; font-weight:bold; color:#000000; font-family:arial; line-height:110%; }
.subTitle { font-size:11px; font-weight:normal; color:#000000; font-style:italic; font-family:arial; }
.defaultText { font-size:12px; color:#000000; line-height:150%; font-family:trebuchet ms; }
.footerRow { background-color:#FFFFCC; border-top:0px solid #FFFFFF; }
.footerText { font-size:10px; color:#996600; line-height:100%; font-family:verdana; }
a { color:#0000FF; color:#0000FF; color:#0000FF; }
</style>
</body>
</html>