Open Identity at AOL
Upcoming SlideShare
Loading in...5

Like this? Share it with your network

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads


Total Views
On Slideshare
From Embeds
Number of Embeds



Embeds 1 1

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide
  • This session is about how and why AOL is adopting Open Identity protocols and standards like OpenID, CardSpace, and SAML, the lessons learned, the challenges faced and the open issues still to be solved.
  • isn't this the goal for pretty much everyone ?
  • Flat identity model - for example AOL accounts can have master/sub relations but AIM/ICQ/etc. cannot Need for semantic Identity Data Model
  • Taking the best of each


  • 1. Open Identity at AOL Praveen Alavilli Authentication Team AOL LLC
  • 2. Why Identity Matters for AOL?
    • Increase global reach, usage and monetization of products, services, programming and platforms
  • 3. Well in simple terms …
    • Allow any user that can be reliably identified
        • provide personalized services to a greater audience with a lower barrier to entry
        • consumer can use an identity they already have
    • Allow users to use their AOL Identity at any place on the Internet that accepts them
    • Make the AOL identity more valuable in the Web 2.0 space by participating in the Open Identity Meta System
    • Provide easier integration process for 3rd party
  • 4. Where in AOL ?
    • Many of AOL's value added services are Identity based
        • personal services and public presence
          • Pictures, Video, Journals, Xdrive, AIM, WebMail, …
        • high-value transactions
          • AOL Bill Pay, Finance, Portfolios, …
        • personalization of existing non-identity based services
          • Mapquest, Magnets, …
  • 5. Identity evolution in AOL
    • AOL Accounts (w/ account relations)
    • AIM Accounts
    • ICQ Accounts
    • Delegated accounts
        •,, etc.
    • Domain based accounts
        • email address, vanity domains, personal domains, etc.
    • Federated accounts
        • Verizon, hansenet, etc.
  • 6. We had to deal with ….
    • Several Closed Systems of our own
    • Different implementations & integrations
        • Several proprietary
    • User experiences
    • Client Vs web
    • SSO from client to web and vice versa
    • Up/Down sell processes to move identities from one type to another, and
    • Authorizations and Subscriptions
    • Identity Model itself
  • 7. What we learned …. the hard way !
    • Keep Systems Open
    • Need for a Flat Identity model
    • Adopt Open Standards & Protocols
    • Need for simpler and lighter federations both inside & outside of our “walled garden”
  • 8. We are looking at …
        • OpenID
        • Liberty/SAML
        • CardSpace
  • 9. Things we tried so far …
    • OpenID Provider (Relying Party Support underway)
        • All AOL/AIM users have an OpenID (<sn>)
    • SAMLv2 Lightweight Web Browser SSO Profile 'aka' Simple Federation Protocol
        • AOL - Verizon Bundling
    • Verisign Seatbelt
        • Verisign’s effort to help solve phishing problems
    • Liberty ID-FF/ID-WSF
        • AOL Radio Clients & some Media devices like D-Link
    • Higgins STS (still in very early stages)
  • 10. the way we look at them …. complex protocols and frameworks, designed for Web services - not well suited for browser based services, lack of toolkits/modules, poor adoption, service provisioning Complex WS-* protocol and message formats (mainly for IDPs), OS dependent, user education, lack of toolkits/modules, user self provisioning Lack of Service invocation support, phishing, user awareness,Trust, user education Cons solves a wide range of use cases, high trust, consent management for service invocation, details can be hidden from users no service provisioning, consistent UI (phishing resistant), reasonable Trust level no provisioning, toolkits/modules, simple and easy to implement and deploy Pros Liberty/SAML CardSpace OpenID
  • 11. OpenAuth
    • Our answer to the problems of
        • Complexity
        • Service invocation
        • Simple Provisioning
        • Identity for Web 2.0 applications
  • 12. OpenAuth
    • Simple API to Authenticate AOL/AIM/ICQ Users
    • Light-weight “provisioning” and easy integration/use
    • Well known/understood Technologies
        • HTTP/TLS/XML/JSON/…
    • Permission (Consent) Management
    • Secure Token exchange for ‘deputization’ of services
    • Designed for AOL Open Services Consumption
    • Supports Redirect, AJAX, and Direct Models for Web 2.0 apps
    • Also …
        • OpenID Provider (OP)
        • OpenID Authentication Token Exchange Extension
        • OpenID Consumer/Relying Party - accepts 3rd party OpenIDs
  • 13. Question/Comments….
    • [email_address]