Understanding
                   Digital ID World 2007



   David Recordon                         Eve Maler
Open Platfor...
quot;Its definitely time to declare              quot;OpenID is a protocol made
      OpenID a winnerquot;                 ...
What is OpenID?
•   Single sign-on for the web
•   Simple and light-weight
    (not going to replace your bank card pin)

...
An OpenID is a URI
•   URLs are globally unique
    and ubiquitous

•   OpenID allows proving
    ownership of an URI

•  ...
OpenID is Decentralized
Benefits
•   Reduces the number of usernames and
    passwords
•   Simplifies new account creation
•   Allows for lightweigh...
OpenID is one of Phil’s Anchors




                             WikiPedia.org
...but it also enables and powers
O
                       M
 E
        Using OpenID


D
always with attributes -- now with claims
O
        M
 E
How Does it Work?


D
As a Conversation

  Who are you?



             I’m davidrecordon.com




     Prove it!
Discovers My Provider




quot;openid.serverquot; points to my OpenID Provider
(crypto happens)
Creating an OpenID
pip.VeriSignLabs.com            MyOpenID.com


   ClaimID.com                  MyVidoop.com

http://ope...
OpenID is Really Easy
quot;This is a
 geek's toy,
nobody will
ever have an
 OpenID!quot;
~120 million OpenIDs
     (including every AOL user)




                                  OpenID 1.1 - Estimated from var...
quot;Nobody will ever use this!quot;
6
                         Total Relying Parties



                                                                      ...
Total Relying Parties                 (aka places you can login with OpenID)




6,000


4,500


3,000


1,500


   0
    ...
quot;So that's great there
are so many blogs, but
what about something
        real?quot;
quot;What about security?quot;
“Protocol Security?”
like any protocol...think as
      you implement
the best solutions will
 around the browser
Higgins & Bandit
(open source identity selector plugin and desktop app with OpenID support)
MyVidoop Plugin
(a password manager tied into your OpenID account add-on for Firefox)
Sxipper
(a form filler password manager with OpenID integration add-on for Firefox)
Symantec Identity Client
(OpenID form-fill, upcoming provider, and claims integration)
VeriSign's OpenID SeatBelt
(an OpenID convenience and security add-on for Firefox)



                      works with
IE Team has posted a job
ad mentioning quot;OpenIDquot;
quot;Does the idea of redefining the role of the Internet browser a...
OpenID is great for innovation
quot;What about the Foundation?quot;
Founding Board
Scott Kveton          David Recordon
Chair                 Vice-Chair
scott@kveton.com      david@sixapart....
Current Efforts
•   Add four corporate board members
•   Finalize an IPR policy for future technical work
    (effort let ...
“So, what about the enterprise?”
“What is OpenID@Work?”
•   Exploratory program launched by Sun in May
•   Why?
    •   Learn from experience!
    •   Analyze use cases that conn...
The Sun Provider
•   Only for Sun employees
    •   http://openid.sun.com/nickname
    •   These are effectively pseudonym...
Architecture
                    Enterprise-class and open-sourced




OpenSSO.dev.java.net/public/extensions/openid

    ...
How are they being used?
•   Not for business use -- an “employee perk”
    •   ProjectConcordia.org wiki (work-related us...
Formal Security Review
•   Business purposes:
    What we are trying to achieve, so that risks can be
    appropriately me...
Do Sun Websites Accept OpenID?
  •   Pitched to several community site owners
      •   No takers to date
  •   Why?
     ...
Offer all employees
 OpenIDs; open source
   Enterprise SSO and
  identity manager with
    LDAP and OpenID

 Internal SSO...
Thanks!
                        Questions?
                        http://openid.net/
                     http://sun.com/...
Digital ID World 2007 - Understanding Openid
Digital ID World 2007 - Understanding Openid
Upcoming SlideShare
Loading in...5
×

Digital ID World 2007 - Understanding Openid

2,818

Published on

Presentation by David Recordon (Six Apart) and Eve Maler (Sun) about OpenID and the enterprise.

Published in: Technology, Education
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,818
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
96
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Digital ID World 2007 - Understanding Openid

  1. 1. Understanding Digital ID World 2007 David Recordon Eve Maler Open Platforms Tech Lead Technology Director david@sixapart.com eve.maler@sun.com
  2. 2. quot;Its definitely time to declare quot;OpenID is a protocol made OpenID a winnerquot; for the public, by the public. TechCrunch No one owns or controls your login information:You do.quot; 37signals quot;...sees great potential for OpenID's use alongside enterprise-ready software infrastructurequot; Sun Microsystems quot;taking the world by stormquot; quot;this high profile announcement marks Tim O'Reilly the importance of single sign on identity technology to the future of the Internetquot; ReadWriteWeb
  3. 3. What is OpenID? • Single sign-on for the web • Simple and light-weight (not going to replace your bank card pin) • Easy to use and deploy • Built upon proven existing technologies (DNS, HTTP, SSL/TLS, Diffie-Hellman) • Decentralized (you don't have to ask anyone permission to implement it) • Free!
  4. 4. An OpenID is a URI • URLs are globally unique and ubiquitous • OpenID allows proving ownership of an URI • People already have identity at URLs via blogs, photos, MySpace, FaceBook, etc • People already describe relationships via URLs (e.g. links to my friends)
  5. 5. OpenID is Decentralized
  6. 6. Benefits • Reduces the number of usernames and passwords • Simplifies new account creation • Allows for lightweight accounts • Simplifies internal SSO • Enables wide-spread benefit of strong authentication • Enables decentralized reputation • Enables social network portability
  7. 7. OpenID is one of Phil’s Anchors WikiPedia.org
  8. 8. ...but it also enables and powers
  9. 9. O M E Using OpenID D always with attributes -- now with claims
  10. 10. O M E How Does it Work? D
  11. 11. As a Conversation Who are you? I’m davidrecordon.com Prove it!
  12. 12. Discovers My Provider quot;openid.serverquot; points to my OpenID Provider
  13. 13. (crypto happens)
  14. 14. Creating an OpenID pip.VeriSignLabs.com MyOpenID.com ClaimID.com MyVidoop.com http://openid.net/wiki/index.php/OpenIDServers and you may already have one
  15. 15. OpenID is Really Easy
  16. 16. quot;This is a geek's toy, nobody will ever have an OpenID!quot;
  17. 17. ~120 million OpenIDs (including every AOL user) OpenID 1.1 - Estimated from various services
  18. 18. quot;Nobody will ever use this!quot;
  19. 19. 6 Total Relying Parties 0 (aka places you can login with OpenID) 0 6,000 2 4,500 3,000 1,500 0 '05 ct ov ec '06 b ar r ay e ly g p Ap Au n Fe Se Ju O M M D N Ju p Jan Se OpenID 1.1 - As viewed by MyOpenID.com
  20. 20. Total Relying Parties (aka places you can login with OpenID) 6,000 4,500 3,000 1,500 0 '05 ct ov ec '06 b ar r ay e ly g p ct ov ec '07 b ar r ay e ly st 22 Ap Ap Au n n Fe Se Fe Ju Ju gu O O M M M M D D N Ju N Ju p p Jan Jan Au Se Se OpenID 1.1 - As viewed by MyOpenID.com
  21. 21. quot;So that's great there are so many blogs, but what about something real?quot;
  22. 22. quot;What about security?quot;
  23. 23. “Protocol Security?”
  24. 24. like any protocol...think as you implement
  25. 25. the best solutions will around the browser
  26. 26. Higgins & Bandit (open source identity selector plugin and desktop app with OpenID support)
  27. 27. MyVidoop Plugin (a password manager tied into your OpenID account add-on for Firefox)
  28. 28. Sxipper (a form filler password manager with OpenID integration add-on for Firefox)
  29. 29. Symantec Identity Client (OpenID form-fill, upcoming provider, and claims integration)
  30. 30. VeriSign's OpenID SeatBelt (an OpenID convenience and security add-on for Firefox) works with
  31. 31. IE Team has posted a job ad mentioning quot;OpenIDquot; quot;Does the idea of redefining the role of the Internet browser appeal to you? Do the terms HTTP, RSS, Microformats, and OpenID, excite you? If so, then this just might be the opportunity for you.quot;
  32. 32. OpenID is great for innovation
  33. 33. quot;What about the Foundation?quot;
  34. 34. Founding Board Scott Kveton David Recordon Chair Vice-Chair scott@kveton.com david@sixapart.com Dick Hardt Martin Atkins Treasurer Secretary dick@sxip.com mart@degeneration.co.uk Johannes Ernst Drummond Reed jernst@netmesh.us drummond.reed@cordance.net Bill Washburn Artur Bergman Executive Director sky@crucially.net bill@oidf.org
  35. 35. Current Efforts • Add four corporate board members • Finalize an IPR policy for future technical work (effort let by OIDF, AOL, Microsoft, Sun, Symantec,VeriSign,Yahoo!) • Develop a trademark policy that supports the World-wide OpenID community • Develop and refined core messaging for OpenID and websites oriented toward developers, users, and other potential adopters • Coordinate World-wide joint marketing and evangelism (Snorri Giorgetti appointed as European representative)
  36. 36. “So, what about the enterprise?”
  37. 37. “What is OpenID@Work?”
  38. 38. • Exploratory program launched by Sun in May • Why? • Learn from experience! • Analyze use cases that connect business scenarios and “enterprise-strength” technology • Pass on our experiences to customers, partners, and others • What does it include? • An OpenID Provider (of a specialized sort) • Advising Sun website teams on OpenID • A non-assertion covenant (important IPR declaration) • Sharing what we learn
  39. 39. The Sun Provider • Only for Sun employees • http://openid.sun.com/nickname • These are effectively pseudonyms (and we don’t peek) • Can be used directly or with delegation • Use of Sun’s OpenID authentication service means: • “Yes, this person is associated with this OpenID” and “This person is a current Sun employee” • OpenID relying parties can act on this additional knowledge • e.g. offer discounts to proven Sun employees
  40. 40. Architecture Enterprise-class and open-sourced OpenSSO.dev.java.net/public/extensions/openid OpenSSO.dev.java.net http://blogs.sun.com/hubertsblog has more information
  41. 41. How are they being used? • Not for business use -- an “employee perk” • ProjectConcordia.org wiki (work-related use that I undertake on my own recognizance) • Not currently using for internal applications • Not a corporate approved authn mechanism • Currently low usage • <1% of employees have signed up (~350) • ~7% the number of employees on Facebook
  42. 42. Formal Security Review • Business purposes: What we are trying to achieve, so that risks can be appropriately measured and mitigated? • Data governance: What responsibilities do we have regarding employee data privacy? • Authentication: Why did we choose the password method? • Protocol and implementation: Where are the “holes”? • www.laurenwood.org/anyway - starting September 19th
  43. 43. Do Sun Websites Accept OpenID? • Pitched to several community site owners • No takers to date • Why? • Doesn’t completely remove local account management • Allows decentralized authorization only if everyone adopts it • No currently deployed OpenID standard for locally and third party asserted authorization claims • Business prioritization • Lost account costs not high enough • Not high-enough user demand
  44. 44. Offer all employees OpenIDs; open source Enterprise SSO and identity manager with LDAP and OpenID Internal SSO for bug trackers and wikis OpenID Provider with plans to ship in enterprise products this year Shared OpenID Provider for their businesses and partners Project management, CRM, and billing for small businesses
  45. 45. Thanks! Questions? http://openid.net/ http://sun.com/identity/ David Recordon Eve Maler davidrecordon.com xmlgrrl.com/blog/ david@sixapart.com eve.maler@sun.com
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×