Eduserv OpenID Meeting: OpenID Today

Slide 1: Today Eduserv OpenID Meeting

Slide 2: \"Its definitely time to declare \"OpenID is a protocol made OpenID a winner\" for the public, by the public. TechCrunch No one owns or controls your login information:You do.\" 37signals \"...sees great potential for OpenID's use alongside enterprise-ready software infrastructure\" Sun Microsystems \"taking the world by storm\" \"this high profile announcement marks Tim O'Reilly the importance of single sign on identity technology to the future of the Internet\" ReadWriteWeb

Slide 3: What is OpenID? • Single sign-on for the web • Simple and light-weight (not going to replace your bank card pin) • Easy to use and deploy • Built upon proven existing technologies (DNS, HTTP, SSL/TLS, Diffie-Hellman) • Decentralized (you don't have to ask anyone permission to implement it) • Free!

Slide 4: An OpenID is a URI • URLs are globally unique and ubiquitous • OpenID allows proving ownership of an URI • People already have identity at URLs via blogs, photos, MySpace, FaceBook, etc • People already describe relationships via URLs (e.g. links to my friends)

Slide 5: OpenID is Decentralized

Slide 6: \"What problems does it solve?\"

Slide 7: Too many usernames

Slide 8: Too many passwords

Slide 9: Signup is too hard

Slide 10: Directories are hard

Slide 11: Strong auth is complex

Slide 12: The web lacks identity

Slide 13: OpenID is another important building block.

Slide 14: Identity is not just one thing

Slide 15: ...but it is really about trust

Slide 16: With OpenID, you get to choose who you trust. (and even change your mind later)

Slide 17: O M E How Does it Work? D

Slide 18: As a Conversation Who are you? I’m davidrecordon.com Prove it!

Slide 19: Discovers My Provider \"openid.server\" points to my OpenID Provider

Slide 20: (crypto happens)

Slide 21: O M E Using OpenID D

Slide 22: Getting an OpenID http://openid.net/get/

Slide 23: OpenID is Really Easy

Slide 24: \"This is a geek's toy, nobody will ever have an OpenID!\"

Slide 25: ~160 million OpenIDs (including every AOL user) OpenID 1.1 - Estimated from various services

Slide 27: \"Nobody will ever use this!\"

Slide 28: Total Relying Parties (aka places you can login with OpenID) 6,000 4,500 3,000 1,500 0 ov b ay ly '06 ar ne ov ay ly '05 ct ec r g ne p ec '07 b ct ar r st 22 Ap Ap Au Fe Se Fe Ju Ju gu O O M M M M D D Ju Ju N N p p Jan Jan Au Se Se OpenID 1.1 - As viewed by MyOpenID.com

Slide 29: \"So that's great there are so many blogs, but what about something real?\"

Slide 31: http://janrain.com/blog/2007/11/05/openid-in-higher-education/

Slide 32: “Any OpenID in the enterprise?”

Slide 33: Offer all employees OpenIDs; open source Enterprise SSO and identity manager with LDAP and OpenID Internal SSO for bug trackers and wikis OpenID Provider with plans to ship in enterprise products this year Shared OpenID Provider for their businesses and partners Project management, CRM, and billing for small businesses

Slide 34: \"What about security?\"

Slide 35: “Protocol Security?”

Slide 36: like any protocol...think as you implement

Slide 37: What about phishing?

Slide 38: Kitten Overload! More kittens! Simon Willison - FOWA 02/07

Slide 39: Kitten Overload! Identity theft! FAKE :'( Simon Willison - FOWA 02/07

Slide 40: Safe Sign-In Pages

Slide 43: Estonian ID-card http://open.id.ee/

Slide 44: the best solutions may around the browser

Slide 45: Microsoft CardSpace

Slide 46: MyVidoop Plugin (a password manager tied into your OpenID account add-on for Firefox)

Slide 47: Sxipper (a form filler password manager with OpenID integration add-on for Firefox)

Slide 48: Symantec Identity Client (OpenID form-fill, upcoming provider, and claims integration)

Slide 49: VeriSign's OpenID SeatBelt (an OpenID convenience and security add-on for Firefox) works with

Slide 50: IE Team has posted a job ad mentioning \"OpenID\" \"Does the idea of redefining the role of the Internet browser appeal to you? Do the terms HTTP, RSS, Microformats, and OpenID, excite you? If so, then this just might be the opportunity for you.\"

Slide 51: OpenID doesn't dictate an authentication method

Slide 52: OpenID is great for innovation

Slide 53: \"How do I deploy OpenID?\"

Slide 54: OpenID Specs • OpenID Authentication 1.1 • OpenID Simple Registration 1.0 • Yadis Discovery Protocol • OpenID Authentication 2.0 (implementors draft) • OpenID Attribute Exchange 1.0 (draft) • OpenID PAPE 1.0 (draft) • OpenID Data Transport Protocol (draft)

Slide 55: Final Specifications • OpenID Authentication 1.1 • What most people think of for OpenID • What I’m mainly talking about today • Very simple • OpenID Simple Registration Extension • Exchange basic profile data • Keep the user in charge

Slide 56: OpenID Authentication 2.0 • Cleans up the 1.1 specification • Adds a few useful features • Robust extensibility • Enhanced service discovery • \"Directed identity\" • XRI • About six independent library implementations of final draft

Slide 57: Attribute Exchange • Flexible framework for exchange rich profile attributes • Keeps the user in charge • Allows updating data in a distributed fashion

Slide 58: PAPE • Communicate details about how the user authenticated • High-level policies such as “phishing resistant” or “multi-factor” • Increasingly important with higher value OpenID transactions

Slide 59: Lots Easy of Code • Libraries in C#, C++, Java, Perl, Python, Ruby, PHP, and ColdFusion • Can have something working within a weekend • Need to think a bit about security and usability

Slide 60: “Why OpenID and education?”

Slide 61: Thanks! Questions? http://openid.net/ David Recordon davidrecordon.com david@sixapart.com