Beyond the login screen - Part I
Shyamala Mar 9
Recently I came across this tweet,
This tweet got me thinking, Personal data even how trivial it is can be dangerous in the hands of a wrong person. But can we stop collecting data about the user? Can we say with certainty that the system we are building is impenetrable?
We as part of a product team has responsibility to be transparent to our users about What data of the user our product needs and Why the user has to share it, So the user is conscious of the data being shared and there by implications.
Let us not be very greedy to ask for all data at once from the user.
I think we can also apply lean principle in collecting the data from the user, by asking for user's data only when we need them and of course explaining the Whats and Whys.
We can craft a unique solution for each of our suite of products ourselves or we can abstract away the method of collecting some of the most common user data that we collect in a safe, secure and trusted way.
There are a number of Open standards for exchanging the authentication and authorization data between users and services/products. Most popular among them are SAML, OAuth2 and OpenId Connect. These standards gives us the trust that a user data is exchanged in a secure manner that is transparent to the user.
Let us bring a change in thought process that authentication or authorization is not mere a login screen. Let us think about these aspects early in our product design phase.
So may be it is time for us to think about these Federated Authentication and Authorization standards, that gives users the right to grant and revoke access to their data at any point?
In the next part , I will go deeper in to one of these Open Standards OpenID Connect..