Distributed Identity Management University of Applied Sciences Rapperswil April 14, 2008 Corsin Camichel, ccamiche@hsr.ch

Distributed Identity Management

Agenda Traditional login process What is OpenID How OpenID works Live Demo For Developers Your Questions

Traditional login process

What is OpenID

How OpenID works

Live Demo

For Developers

Your Questions

Login Today How many accounts do you have? GMail, Yahoo Mail, Hotmail ... MySpace / FaceBook / StudiVZ ... How many different passwords do you use?

How many accounts do you have?

GMail, Yahoo Mail, Hotmail ...

MySpace / FaceBook / StudiVZ ...

How many different passwords do you use?

The Way A Login Works Register for an account (share your data) Verify your email address First login with the new account Server verifies credentials Repeat steps for any other website ... End up with 30 accounts on 30 websites

Register for an account (share your data)

Verify your email address

First login with the new account

Server verifies credentials

Repeat steps for any other website ...

End up with 30 accounts on 30 websites

What is OpenID? new open standard for logging in identified by URI (AHV, finger print) http://openid.hsr.ch/ccamiche http://cocaman.ch Single-Sign-On (SSO) only one password used over 250 million accounts worldwide

new open standard for logging in

identified by URI (AHV, finger print)

http://openid.hsr.ch/ccamiche

http://cocaman.ch

Single-Sign-On (SSO)

only one password used

over 250 million accounts worldwide

The OpenID Way You create an OpenID You can use your Flickr account, Google Account or any other provider out there Go to the website Login with your OpenID Define what data you like to share That is it. You have created an account

You create an OpenID

You can use your Flickr account, Google Account or any other provider out there

Go to the website

Login with your OpenID

Define what data you like to share

That is it. You have created an account

OpenID Login

How It Works

The Process In Detail Creative Commons Wiki

Creative Commons Wiki

Data not being shared Your Password Things you do not want to give the website (see my “ personas ”)

Your Password

Things you do not want to give the website (see my “ personas ”)

Developers I Create an user account based on OpenID data Respect the specs Becoming part of Firefox 3.0 & Internet Explorer 8 Big companies start to use OpenID (Yahoo, Google, VeriSign, Microsoft ...)

Create an user account based on OpenID data

Respect the specs

Becoming part of Firefox 3.0 & Internet Explorer 8

Big companies start to use OpenID (Yahoo, Google, VeriSign, Microsoft ...)

Developers II Many ready-to-use implementations for PHP, Java, Ruby ... Add-ons for CMS, Wikis and others No hassle with the detailed specification

Many ready-to-use implementations for PHP, Java, Ruby ...

Add-ons for CMS, Wikis and others

No hassle with the detailed specification

Fears Phishing Man-in-the-middle attacks Remember: It is only an Authentication, NOT an Authorization system

Phishing

Man-in-the-middle attacks

Remember: It is only an Authentication, NOT an Authorization system

More Information?! http://openid.net http://openid.net/developers/specs http://myopenid.com

http://openid.net

http://openid.net/developers/specs

http://myopenid.com

Any Questions?