Eduserv OpenID Meeting: OpenID Today

Today Eduserv OpenID Meeting

quot;Its deﬁnitely time to declare quot;OpenID is a protocol made OpenID a winnerquot; for the public, by the public. TechCrunch No one owns or controls your login information:You do.quot; 37signals quot;...sees great potential for OpenID's use alongside enterprise-ready software infrastructurequot; Sun Microsystems quot;taking the world by stormquot; quot;this high proﬁle announcement marks Tim O'Reilly the importance of single sign on identity technology to the future of the Internetquot; ReadWriteWeb

What is OpenID? • Single sign-on for the web • Simple and light-weight (not going to replace your bank card pin) • Easy to use and deploy • Built upon proven existing technologies (DNS, HTTP, SSL/TLS, Difﬁe-Hellman) • Decentralized (you don't have to ask anyone permission to implement it) • Free!

An OpenID is a URI • URLs are globally unique and ubiquitous • OpenID allows proving ownership of an URI • People already have identity at URLs via blogs, photos, MySpace, FaceBook, etc • People already describe relationships via URLs (e.g. links to my friends)

OpenID is Decentralized

quot;What problems does it solve?quot;

Too many usernames

Too many passwords

Signup is too hard

Directories are hard

Strong auth is complex

The web lacks identity

OpenID is another important building block.

Identity is not just one thing

...but it is really about trust

With OpenID, you get to choose who you trust. (and even change your mind later)

O M E How Does it Work? D

As a Conversation Who are you? I’m davidrecordon.com Prove it!

Discovers My Provider quot;openid.serverquot; points to my OpenID Provider

(crypto happens)

O M E Using OpenID D

Getting an OpenID http://openid.net/get/

OpenID is Really Easy

quot;This is a geek's toy, nobody will ever have an OpenID!quot;

~160 million OpenIDs (including every AOL user) OpenID 1.1 - Estimated from various services

quot;Nobody will ever use this!quot;

Total Relying Parties (aka places you can login with OpenID) 6,000 4,500 3,000 1,500 0 ov b ay ly '06 ar ne ov ay ly '05 ct ec r g ne p ec '07 b ct ar r st 22 Ap Ap Au Fe Se Fe Ju Ju gu O O M M M M D D Ju Ju N N p p Jan Jan Au Se Se OpenID 1.1 - As viewed by MyOpenID.com

quot;So that's great there are so many blogs, but what about something real?quot;

http://janrain.com/blog/2007/11/05/openid-in-higher-education/

“Any OpenID in the enterprise?”

Offer all employees OpenIDs; open source Enterprise SSO and identity manager with LDAP and OpenID Internal SSO for bug trackers and wikis OpenID Provider with plans to ship in enterprise products this year Shared OpenID Provider for their businesses and partners Project management, CRM, and billing for small businesses

quot;What about security?quot;

“Protocol Security?”

like any protocol...think as you implement

What about phishing?

Kitten Overload! More kittens! Simon Willison - FOWA 02/07

Kitten Overload! Identity theft! FAKE :'( Simon Willison - FOWA 02/07

Safe Sign-In Pages

Estonian ID-card http://open.id.ee/

the best solutions may around the browser

Microsoft CardSpace

MyVidoop Plugin (a password manager tied into your OpenID account add-on for Firefox)

Sxipper (a form ﬁller password manager with OpenID integration add-on for Firefox)

Symantec Identity Client (OpenID form-ﬁll, upcoming provider, and claims integration)

VeriSign's OpenID SeatBelt (an OpenID convenience and security add-on for Firefox) works with

IE Team has posted a job ad mentioning quot;OpenIDquot; quot;Does the idea of redeﬁning the role of the Internet browser appeal to you? Do the terms HTTP, RSS, Microformats, and OpenID, excite you? If so, then this just might be the opportunity for you.quot;

OpenID doesn't dictate an authentication method

OpenID is great for innovation

quot;How do I deploy OpenID?quot;

OpenID Specs • OpenID Authentication 1.1 • OpenID Simple Registration 1.0 • Yadis Discovery Protocol • OpenID Authentication 2.0 (implementors draft) • OpenID Attribute Exchange 1.0 (draft) • OpenID PAPE 1.0 (draft) • OpenID Data Transport Protocol (draft)

Final Speciﬁcations • OpenID Authentication 1.1 • What most people think of for OpenID • What I’m mainly talking about today • Very simple • OpenID Simple Registration Extension • Exchange basic proﬁle data • Keep the user in charge

OpenID Authentication 2.0 • Cleans up the 1.1 speciﬁcation • Adds a few useful features • Robust extensibility • Enhanced service discovery • quot;Directed identityquot; • XRI • About six independent library implementations of ﬁnal draft

Attribute Exchange • Flexible framework for exchange rich proﬁle attributes • Keeps the user in charge • Allows updating data in a distributed fashion

PAPE • Communicate details about how the user authenticated • High-level policies such as “phishing resistant” or “multi-factor” • Increasingly important with higher value OpenID transactions

Lots Easy of Code • Libraries in C#, C++, Java, Perl, Python, Ruby, PHP, and ColdFusion • Can have something working within a weekend • Need to think a bit about security and usability

“Why OpenID and education?”

Thanks! Questions? http://openid.net/ David Recordon davidrecordon.com david@sixapart.com

http://www.eduserv.org.uk	105
http://www.eduserve.org.uk	1
http://www.slideshare.net	1

Eduserv OpenID Meeting: OpenID Today

by David Recordon on Nov 08, 2007

Accessibility

Categories

Tags

Upload Details

Usage Rights

3 Embeds 107

Statistics

Eduserv OpenID Meeting: OpenID Today — Presentation Transcript