Implementing OpenID
8700 views
OpenID Overview - Seoul July 2007
20543 views
Implications Of OpenID (Google Tech Ta...
33616 views
The Implications of OpenID
18226 views
Implementing OpenID
5243 views
Building the Social Web with OpenID
9654 views
Web 2.0 Expo Berlin: OpenID Emerging f...
2776 views
Simon Willison @ FOWA Feb 07
3251 views
More Info
on Slideshare: 86261
from embeds: 468
Slideshow transcript
Slide 1: Bootcamp Simon Willison David Recordon simonwillison.net davidrecordon.com simon@simonwillison.net drecordon@verisign.com OSCON July 24th, 2007
Slide 2: Who are We? • David Recordon • VeriSign Employee since May of 2006 • OpenID Foundation Vice- Chair • Co-Author of various OpenID specifications • Past employee of Six Apart, where OpenID was created
Slide 3: Who are We? • Simon Willison • Ex-Yahoo!, now freelance • “Europe’s first OpenID consultant” • Co-creator of the Django Web Framework
Slide 4: The Plan • Basic concepts of OpenID • Hands on - Creating and using an OpenID • Adoption, history, and status • Security concerns • Break • Security solutions • Clever and creative hacks • OpenID in code • Q&A
Slide 5: What is OpenID?
Slide 6: OpenID is a decentralised mechanism for Single Sign On
Slide 7: What problems does it solve?
Slide 8: “Too many passwords!”
Slide 9: “Someone else already grabbed my username”
Slide 10: “My online profile is scattered across dozens of sites”
Slide 11: What is an OpenID?
Slide 12: An OpenID is a URI
Slide 13: http://swillison.livejournal.com/
Slide 14: http://simonw.myopenid.com/
Slide 15: http://openid.aol.com/simonwillison/
Slide 16: http://simonwillison.net/
Slide 17: What can you do with an OpenID?
Slide 18: You can claim that you own it
Slide 19: You can prove that claim
Slide 20: Why is that useful?
Slide 21: You can use it for authentication
Slide 22: “Who the heck are you?!” Login? Home | Main Schedule | Map | Mobile | About iCalico | Web 2.0 Expo Search Welcome to ExpoCal! Go Social calendaring for Web 2.0 Expo, April. 15-18, 2007. Build lists of interesting looking sessions, check out what your friends are going to see, or tag surf your way to serependity. My Schedule By Day You need to be logged in to keep a SUNDAY, APRIL 15, MONDAY, APRIL 16, WEDNESDAY, APRIL 18, TUESDAY, APRIL 17, 2007 list of talks and sessions you are 2007 2007 2007 interested in attending. Popular Today Popular Today Popular Today Popular Today \"Building Social \"Conference Welcome\" Tim \"Mobile 2.0\" Ajit Jaokar Mike \"Welcome\" Tim O'Reilly login | sign up Applications\" Stowe Boyd O'Reilly McCue; Ilkka Raiskinen; \"Jeff Weiner in Conversation \"High Performance \"A Conversation with Jeff Paola Tonelli with John Battelle\" Jeff Webpages\" Steve Bezos\" Jeffrey P. Bezos \"State of the Web 2.0: Weiner John B... Souders Tenni Theurer \"Built to Last or Built to Measuring the Participatory \"Web 2.0 for the Enterprise: Is \"Ignite\" Sell: Is There a Difference? Web\" Bill Tancer It Soup Yet?\" Dan Farber \" John Batt... \"Eric Schmidt in Conversation Satish Dha... Today: All with John Battelle\" Eric Today: All Today: All Schmidt John... Today: All Popular: Tags Popular: Speaker Community Design and User Ajit Jaokar Bill Tancer Brian Mulloy Charlene Ajax Li Dan Farber David Knight Dirk-Willem van Experience Keynotes Marketing Gulik Dmitry Dimov Eric Schmidt Ilkka and Community Strategy and Raiskinen James Baty Jay Adelson Jay Business Models Web 2.0 Bhatti Jeff Weiner Jeffrey P. Bezos Joe Fundamentals Web 2.0 Services John Battelle Kathy Sierra Kelly Kraus and Platforms Web Operations advertising Goto Kerry Fleming Kevin Lynch Luke Sontag business design digitalid django experience Mike McCue Mena Trott Paola Tonelli flickr free google javascript marketing microformats products and services Rich Skrenta Ross Mayfield Satish openid php Dharmaraj Subrah Iyar Tim O'Reilly rails search skypejournal social syndication all tags yahoo everybody! Random People ChrisC1971 alexiskold atomsplitter billvision brady emccm Everything! gervasio goodsboy gustav heinika hienhuynh hotwheel http://jalanoly.pip.verisignlabs.com/ Find: all talks, the all speakers, all tags, or users. http://suleyman.pip.verisignlabs.com/ http://vishnu.myopenid.com/ jessie jggaines leeclw maisany markgoines nborwankar pbuder philip ron_topright shameer shua slevine timknight tomas wilsonminer
Slide 23: “I’m simonwillison.net”
Slide 24: “prove it!” Login? Home | Main Schedule | Map | Mobile | About iCalico | Web 2.0 Expo Search Welcome to ExpoCal! Go Social calendaring for Web 2.0 Expo, April. 15-18, 2007. Build lists of interesting looking sessions, check out what your friends are going to see, or tag surf your way to serependity. My Schedule By Day You need to be logged in to keep a SUNDAY, APRIL 15, MONDAY, APRIL 16, WEDNESDAY, APRIL 18, TUESDAY, APRIL 17, 2007 list of talks and sessions you are 2007 2007 2007 interested in attending. Popular Today Popular Today Popular Today Popular Today \"Building Social \"Conference Welcome\" Tim \"Mobile 2.0\" Ajit Jaokar Mike \"Welcome\" Tim O'Reilly login | sign up Applications\" Stowe Boyd O'Reilly McCue; Ilkka Raiskinen; \"Jeff Weiner in Conversation \"High Performance \"A Conversation with Jeff Paola Tonelli with John Battelle\" Jeff Webpages\" Steve Bezos\" Jeffrey P. Bezos \"State of the Web 2.0: Weiner John B... Souders Tenni Theurer \"Built to Last or Built to Measuring the Participatory \"Web 2.0 for the Enterprise: Is \"Ignite\" Sell: Is There a Difference? Web\" Bill Tancer It Soup Yet?\" Dan Farber \" John Batt... \"Eric Schmidt in Conversation Satish Dha... Today: All with John Battelle\" Eric Today: All Today: All Schmidt John... Today: All Popular: Tags Popular: Speaker Community Design and User Ajit Jaokar Bill Tancer Brian Mulloy Charlene Ajax Li Dan Farber David Knight Dirk-Willem van Experience Keynotes Marketing Gulik Dmitry Dimov Eric Schmidt Ilkka and Community Strategy and Raiskinen James Baty Jay Adelson Jay Business Models Web 2.0 Bhatti Jeff Weiner Jeffrey P. Bezos Joe Fundamentals Web 2.0 Services John Battelle Kathy Sierra Kelly Kraus and Platforms Web Operations advertising Goto Kerry Fleming Kevin Lynch Luke Sontag business design digitalid django experience Mike McCue Mena Trott Paola Tonelli flickr free google javascript marketing microformats products and services Rich Skrenta Ross Mayfield Satish openid php Dharmaraj Subrah Iyar Tim O'Reilly rails search skypejournal social syndication all tags yahoo everybody! Random People ChrisC1971 alexiskold atomsplitter billvision brady emccm Everything! gervasio goodsboy gustav heinika hienhuynh hotwheel http://jalanoly.pip.verisignlabs.com/ Find: all talks, the all speakers, all tags, or users. http://suleyman.pip.verisignlabs.com/ http://vishnu.myopenid.com/ jessie jggaines leeclw maisany markgoines nborwankar pbuder philip ron_topright shameer shua slevine timknight tomas wilsonminer
Slide 25: (crypto happens)
Slide 26: “OK, you’re in!” Login? Home | Main Schedule | Map | Mobile | About iCalico | Web 2.0 Expo Search Welcome to ExpoCal! Go Social calendaring for Web 2.0 Expo, April. 15-18, 2007. Build lists of interesting looking sessions, check out what your friends are going to see, or tag surf your way to serependity. My Schedule By Day You need to be logged in to keep a SUNDAY, APRIL 15, MONDAY, APRIL 16, WEDNESDAY, APRIL 18, TUESDAY, APRIL 17, 2007 list of talks and sessions you are 2007 2007 2007 interested in attending. Popular Today Popular Today Popular Today Popular Today \"Building Social \"Conference Welcome\" Tim \"Mobile 2.0\" Ajit Jaokar Mike \"Welcome\" Tim O'Reilly login | sign up Applications\" Stowe Boyd O'Reilly McCue; Ilkka Raiskinen; \"Jeff Weiner in Conversation \"High Performance \"A Conversation with Jeff Paola Tonelli with John Battelle\" Jeff Webpages\" Steve Bezos\" Jeffrey P. Bezos \"State of the Web 2.0: Weiner John B... Souders Tenni Theurer \"Built to Last or Built to Measuring the Participatory \"Web 2.0 for the Enterprise: Is \"Ignite\" Sell: Is There a Difference? Web\" Bill Tancer It Soup Yet?\" Dan Farber \" John Batt... \"Eric Schmidt in Conversation Satish Dha... Today: All with John Battelle\" Eric Today: All Today: All Schmidt John... Today: All Popular: Tags Popular: Speaker Community Design and User Ajit Jaokar Bill Tancer Brian Mulloy Charlene Ajax Li Dan Farber David Knight Dirk-Willem van Experience Keynotes Marketing Gulik Dmitry Dimov Eric Schmidt Ilkka and Community Strategy and Raiskinen James Baty Jay Adelson Jay Business Models Web 2.0 Bhatti Jeff Weiner Jeffrey P. Bezos Joe Fundamentals Web 2.0 Services John Battelle Kathy Sierra Kelly Kraus and Platforms Web Operations advertising Goto Kerry Fleming Kevin Lynch Luke Sontag business design digitalid django experience Mike McCue Mena Trott Paola Tonelli flickr free google javascript marketing microformats products and services Rich Skrenta Ross Mayfield Satish openid php Dharmaraj Subrah Iyar Tim O'Reilly rails search skypejournal social syndication all tags yahoo everybody! Random People ChrisC1971 alexiskold atomsplitter billvision brady emccm Everything! gervasio goodsboy gustav heinika hienhuynh hotwheel http://jalanoly.pip.verisignlabs.com/ Find: all talks, the all speakers, all tags, or users. http://suleyman.pip.verisignlabs.com/ http://vishnu.myopenid.com/ jessie jggaines leeclw maisany markgoines nborwankar pbuder philip ron_topright shameer shua slevine timknight tomas wilsonminer
Slide 27: So it’s a bit like Microsoft Passport, then?
Slide 28: Yes, at a high level
Slide 29: But you don’t need to ask Microsoft’s permission to implement it
Slide 30: One organisation doesn’t get to own everyone’s credentials
Slide 31: And the standard isn’t owned by any one company or group
Slide 32: Who does get to own them?
Slide 33: You, the user, decide.
Slide 34: You pick your own provider
Slide 35: (just like e-mail)
Slide 36: So I’m still giving someone the keys to my kingdom?
Slide 37: Yes, but it can be someone you trust
Slide 38: If you have the ability to run your own server software, you can do it for yourself
Slide 39: We'll show you how to do that a little later on
Slide 40: OK, how do I use it?
Slide 45: So my users don’t have to sign up for an account?
Slide 46: Not necessarily
Slide 47: An OpenID tells you very little about a user
Slide 48: You don’t know their name
Slide 49: You don’t know their e-mail address
Slide 50: You don’t know if they’re a person or a spambot
Slide 51: (or a dog)
Slide 52: Where do I get that information from?
Slide 53: You ask them!
Slide 54: OpenID augments your regular sign-up process; it doesn't replace it
Slide 55: The simple registration extension can help users fill out your registration form
Slide 58: How can I tell if they’re an evil spambot?
Slide 59: Same as usual: challenge them with a CAPTCHA
Slide 60: botbouncer.com lets you outsource your CAPTCHAs
Slide 62: So how does OpenID actually work?
Slide 65: <link rel=\"openid.server\" href=\"http://www.myopenid.com/server\" />
Slide 66: “I’m simonwillison.myopenid.com”
Slide 67: Site fetches HTML, discovers identity provider
Slide 68: Establishes shared secret with identity provider (Using Diffie-Hellman key exchange)
Slide 69: Redirects you to the identity provider
Slide 70: If you’re logged in there, you get redirected back
Slide 71: How does my identity provider know who I am?
Slide 72: OpenID deliberately doesn’t specify
Slide 73: username/password is common
Slide 74: But providers can use other methods if they want to
Slide 75: Client SSL certificates
Slide 76: Out of band authentication via SMS, e-mail or Jabber
Slide 77: IP based login restrictions
Slide 78: SecurID keyfobs
Slide 79: The provider’s business is authentication: they can invest much more effort than regular sites
Slide 80: It’s also possible for a provider to just say “yes” to every query
Slide 81: Just say “yes”?
Slide 82: http://www.jkg.in/openid/ does this
Slide 83:
Add a comment on Slide 1
If you have a SlideShare account, login to comment; else you can comment as a guest- Favorites & Groups
Showing 1-50 of 56 (more)