Emerging From Web 2.0
     Web 2.0 Expo Berlin 2007
quot;Its definitely time to declare              quot;OpenID is a protocol made
      OpenID a winnerquot;                 ...
What is OpenID?
•   Single sign-on for the web
•   Simple and light-weight
    (not going to replace your bank card pin)

...
An OpenID is a URI
•   URLs are globally unique
    and ubiquitous

•   OpenID allows proving
    ownership of an URI

•  ...
OpenID is Decentralized
Benefits
•   Reduces the number of usernames and
    passwords
•   Simplifies new account creation
•   Allows for lightweigh...
O
      M
    E
How Does it Work?


D
As a Conversation

  Who are you?



             I’m davidrecordon.com




     Prove it!
Discovers My Provider




quot;openid.serverquot; points to my OpenID Provider
(crypto happens)
Getting an OpenID




   http://openid.net/get/
OpenID is Really Easy
quot;This is a
 geek's toy,
nobody will
ever have an
 OpenID!quot;
~160 million OpenIDs
     (including every AOL user)




                                  OpenID 1.1 - Estimated from var...
quot;Nobody will ever use this!quot;
Total Relying Parties              (aka places you can login with OpenID)




6,000


4,500


3,000


1,500


   0
       ...
quot;So that's great there
are so many blogs, but
what about something
        real?quot;
quot;What about security?quot;
“Protocol Security?”
like any protocol...think as
      you implement
the best solutions may
  around the browser
MyVidoop Plugin
(a password manager tied into your OpenID account add-on for Firefox)
Sxipper
(a form filler password manager with OpenID integration add-on for Firefox)
Symantec Identity Client
(OpenID form-fill, upcoming provider, and claims integration)
VeriSign's OpenID SeatBelt
(an OpenID convenience and security add-on for Firefox)



                      works with
IE Team has posted a job
ad mentioning quot;OpenIDquot;
quot;Does the idea of redefining the role of the Internet browser a...
OpenID is great for innovation
“So, what about OpenID 2.0?”
OpenID 2.0
• Cleans up the 1.1 specification
• Adds a few useful features
 • Robust extensibility
 • Enhanced service disco...
“Any OpenID in the enterprise?”
Offer all employees
 OpenIDs; open source
   Enterprise SSO and
  identity manager with
    LDAP and OpenID

 Internal SSO...
Open.ID.ee
I come from E-stonia
• A small EU country with ~1.3M inhabitants
• Access to internet considered a “civil right”
• Had firs...
ID-card
ID-card is a...
• Photo ID like any other
• We are interested in Electronic ID:
 • The chip contains your name, age, gende...
Authentication

• Is about proving who you are.
• Available to any service that wants to use it
 • Online banking
 • Filin...
quot;How does this happen?quot;
Entering your PIN code is
  your consent to send
  personal data to the
         service
Yes/No decision
quot;So what is the problem?quot;
Users do not always want this.
Users want control of their
       personal data.
What is Identity?

• Wikipedia: “the sameness of two things”
 • “Things” are users
 • Users are website visitors
• “Who ar...
Are you the same you
that signed up with us?
ID-card contains
government verified
       identity
Same Can be Different

• Bank: Martin Paljak, the account owner
• Forum: user who registered as “catluvr99”
• Blog: author...
Is the OpenID you
present the same as we
 have in our database?
Websites really need to
match identifiers, not
 collect your personal
          data.
Solution: OpenID
• id.ee => open.id.ee
• OpenID service that uses ID-cards for
  authentication
• Gives users more control...
Simplicity

• One privacy policy to check
• One trust decision to make
• One purpose for the OpenID service
 • Encapsulate...
No need to sign up, it
   JustWorks
... if you have the needed
hardware and software ...
quot;So if everybody implements
 OpenID, are we all happy?quot;
quot;What about website developers?quot;
ID-card Sucks!
• Implementing support is difficult
 • Technically challenging (SSL certificates
    and such)
• Users don’t ...
I Forgot!

• Mobile-ID: same stuff inside your GSM SIM
  card
 • Same technology inside ...
 • ... but totally different t...
What is Mobile-ID?

• Smaller ID-card
• No hardware needed - your phone is
  your card reader
• No need to install softwar...
beep-beep!
If you’re going to write
  new code, why not
     OpenID code?
Benefits of OpenID
• Only one interface to implement
 • And lots of expertise available globally
• If website uses open.id....
So ...

• Users get more control over their private
  data and OpenID provides it
• Websites have a simple and easy way to...
Finally a win-win solution?
Almost there ...
Anonymity

• Users want anonymity
 • At least partial
• Remaining anonymous is a privilege
 • Spam, death threats etc must...
The story
• Riots in Tallinn that leaded to cyber-attacks
• Petition letter to force a politician resign
  collected almos...
OpenID 2.0

• New feature: identity selection
 • You get to choose the OpenID sent to
    the website
• Choose between ope...
or
http://open.id.ee/5a0eaba4bb1fb68a39ddec57c15dbff1543d6f461b2203f74
Anonymous OpenID

• No (zero) personal data in the URL
• One anonymous URL per user per website
 • The “account” problem m...
Extra Features

• Identity theft virtually impossible
 • re-claiming is painless
• Some registration data is always true
 ...
Why do I Care?

• I’m a user too!
• We export the ID technology of Estonia
• Online privacy issues are being discussed
• V...
Why you should care!
• Implement OpenID - get access to our
  technology
• Other EU countries deploying ID-cards
 • Simila...
Thanks!
                     Questions?
                      http://openid.net/
              https://open.id.ee/about/en...
Web 2.0 Expo Berlin: OpenID Emerging from Web 2.0
Web 2.0 Expo Berlin: OpenID Emerging from Web 2.0
Web 2.0 Expo Berlin: OpenID Emerging from Web 2.0
Web 2.0 Expo Berlin: OpenID Emerging from Web 2.0
Web 2.0 Expo Berlin: OpenID Emerging from Web 2.0
Web 2.0 Expo Berlin: OpenID Emerging from Web 2.0
Web 2.0 Expo Berlin: OpenID Emerging from Web 2.0
Web 2.0 Expo Berlin: OpenID Emerging from Web 2.0
Web 2.0 Expo Berlin: OpenID Emerging from Web 2.0
Web 2.0 Expo Berlin: OpenID Emerging from Web 2.0
Web 2.0 Expo Berlin: OpenID Emerging from Web 2.0
Web 2.0 Expo Berlin: OpenID Emerging from Web 2.0
Web 2.0 Expo Berlin: OpenID Emerging from Web 2.0
Web 2.0 Expo Berlin: OpenID Emerging from Web 2.0
Upcoming SlideShare
Loading in...5
×

Web 2.0 Expo Berlin: OpenID Emerging from Web 2.0

7,529

Published on

David Recordon and Martin Paljak's talk on OpenID generally and its use in Estonia tied to smartcards.

Published in: Business, Technology
3 Comments
10 Likes
Statistics
Notes
  • B2C:
    SmartSignin makes it quick and easy for you to securely sign-in to anything from anywhere using any device*. Both Free Plans and Paid Plans are available. No credit card is required. To find out more how SmartSignin can make your life on the Internet easier and more secure, point your browser to www.SmartSignin.com
    We need your feedback.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • The video that goes with the slides (50 min)
    http://billaut.typepad.com/jm/2007/11/do-you-know.html

    <br /><object type="application/x-shockwave-flash" data="http://vpod.tv/jmbillaut/350685/flash/nVideoPlayer?path=http://vpod.tv/jmbillaut/350685/flash/nVideoPlayer?path=http://vpod.tv/jmbillaut/350685/flash/nVideoPlayer?path=http://vpod.tv/jmbillaut/350685/flash/nVideoPlayer" width="350" height="288"><param name="movie" value="http://vpod.tv/jmbillaut/350685/flash/nVideoPlayer?path=http://vpod.tv/jmbillaut/350685/flash/nVideoPlayer?path=http://vpod.tv/jmbillaut/350685/flash/nVideoPlayer?path=http://vpod.tv/jmbillaut/350685/flash/nVideoPlayer" /></object>
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • The video that goes with the slides (50 min)
    http://billaut.typepad.com/jm/2007/11/do-you-know.html

    <br /><object type="application/x-shockwave-flash" data="http://vpod.tv/jmbillaut/350685/flash/nVideoPlayer?path=http://vpod.tv/jmbillaut/350685/flash/nVideoPlayer?path=http://vpod.tv/jmbillaut/350685/flash/nVideoPlayer?path=http://vpod.tv/jmbillaut/350685/flash/nVideoPlayer" width="350" height="288"><param name="movie" value="http://vpod.tv/jmbillaut/350685/flash/nVideoPlayer?path=http://vpod.tv/jmbillaut/350685/flash/nVideoPlayer?path=http://vpod.tv/jmbillaut/350685/flash/nVideoPlayer?path=http://vpod.tv/jmbillaut/350685/flash/nVideoPlayer" /></object>
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total Views
7,529
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
342
Comments
3
Likes
10
Embeds 0
No embeds

No notes for slide

Web 2.0 Expo Berlin: OpenID Emerging from Web 2.0

  1. 1. Emerging From Web 2.0 Web 2.0 Expo Berlin 2007
  2. 2. quot;Its definitely time to declare quot;OpenID is a protocol made OpenID a winnerquot; for the public, by the public. TechCrunch No one owns or controls your login information:You do.quot; 37signals quot;...sees great potential for OpenID's use alongside enterprise-ready software infrastructurequot; Sun Microsystems quot;taking the world by stormquot; quot;this high profile announcement marks Tim O'Reilly the importance of single sign on identity technology to the future of the Internetquot; ReadWriteWeb
  3. 3. What is OpenID? • Single sign-on for the web • Simple and light-weight (not going to replace your bank card pin) • Easy to use and deploy • Built upon proven existing technologies (DNS, HTTP, SSL/TLS, Diffie-Hellman) • Decentralized (you don't have to ask anyone permission to implement it) • Free!
  4. 4. An OpenID is a URI • URLs are globally unique and ubiquitous • OpenID allows proving ownership of an URI • People already have identity at URLs via blogs, photos, MySpace, FaceBook, etc • People already describe relationships via URLs (e.g. links to my friends)
  5. 5. OpenID is Decentralized
  6. 6. Benefits • Reduces the number of usernames and passwords • Simplifies new account creation • Allows for lightweight accounts • Simplifies internal SSO • Enables wide-spread benefit of strong authentication • Enables decentralized reputation • Enables social network portability
  7. 7. O M E How Does it Work? D
  8. 8. As a Conversation Who are you? I’m davidrecordon.com Prove it!
  9. 9. Discovers My Provider quot;openid.serverquot; points to my OpenID Provider
  10. 10. (crypto happens)
  11. 11. Getting an OpenID http://openid.net/get/
  12. 12. OpenID is Really Easy
  13. 13. quot;This is a geek's toy, nobody will ever have an OpenID!quot;
  14. 14. ~160 million OpenIDs (including every AOL user) OpenID 1.1 - Estimated from various services
  15. 15. quot;Nobody will ever use this!quot;
  16. 16. Total Relying Parties (aka places you can login with OpenID) 6,000 4,500 3,000 1,500 0 ov b ay ly '06 ar ne ov ay ly '05 ct ec r g ne p ec '07 b ct ar r st 22 Ap Ap Au Fe Se Fe Ju Ju gu O O M M M M D D Ju Ju N N p p Jan Jan Au Se Se OpenID 1.1 - As viewed by MyOpenID.com
  17. 17. quot;So that's great there are so many blogs, but what about something real?quot;
  18. 18. quot;What about security?quot;
  19. 19. “Protocol Security?”
  20. 20. like any protocol...think as you implement
  21. 21. the best solutions may around the browser
  22. 22. MyVidoop Plugin (a password manager tied into your OpenID account add-on for Firefox)
  23. 23. Sxipper (a form filler password manager with OpenID integration add-on for Firefox)
  24. 24. Symantec Identity Client (OpenID form-fill, upcoming provider, and claims integration)
  25. 25. VeriSign's OpenID SeatBelt (an OpenID convenience and security add-on for Firefox) works with
  26. 26. IE Team has posted a job ad mentioning quot;OpenIDquot; quot;Does the idea of redefining the role of the Internet browser appeal to you? Do the terms HTTP, RSS, Microformats, and OpenID, excite you? If so, then this just might be the opportunity for you.quot;
  27. 27. OpenID is great for innovation
  28. 28. “So, what about OpenID 2.0?”
  29. 29. OpenID 2.0 • Cleans up the 1.1 specification • Adds a few useful features • Robust extensibility • Enhanced service discovery • quot;Directed identityquot; • XRI • About six independent library implementations of final draft
  30. 30. “Any OpenID in the enterprise?”
  31. 31. Offer all employees OpenIDs; open source Enterprise SSO and identity manager with LDAP and OpenID Internal SSO for bug trackers and wikis OpenID Provider with plans to ship in enterprise products this year Shared OpenID Provider for their businesses and partners Project management, CRM, and billing for small businesses
  32. 32. Open.ID.ee
  33. 33. I come from E-stonia • A small EU country with ~1.3M inhabitants • Access to internet considered a “civil right” • Had first parliament elections over the internet in 2005 • 80%+ of the population have a digital ID- card
  34. 34. ID-card
  35. 35. ID-card is a... • Photo ID like any other • We are interested in Electronic ID: • The chip contains your name, age, gender and social security number • Two PIN codes: one for authentication and one for signing documents
  36. 36. Authentication • Is about proving who you are. • Available to any service that wants to use it • Online banking • Filing your taxes • Various other services
  37. 37. quot;How does this happen?quot;
  38. 38. Entering your PIN code is your consent to send personal data to the service
  39. 39. Yes/No decision
  40. 40. quot;So what is the problem?quot;
  41. 41. Users do not always want this. Users want control of their personal data.
  42. 42. What is Identity? • Wikipedia: “the sameness of two things” • “Things” are users • Users are website visitors • “Who are you?”
  43. 43. Are you the same you that signed up with us?
  44. 44. ID-card contains government verified identity
  45. 45. Same Can be Different • Bank: Martin Paljak, the account owner • Forum: user who registered as “catluvr99” • Blog: author of the comment • http://open.id.ee/martin.paljak is Martin Paljak
  46. 46. Is the OpenID you present the same as we have in our database?
  47. 47. Websites really need to match identifiers, not collect your personal data.
  48. 48. Solution: OpenID • id.ee => open.id.ee • OpenID service that uses ID-cards for authentication • Gives users more control over their private data • Is NOT a government enforced/controlled service
  49. 49. Simplicity • One privacy policy to check • One trust decision to make • One purpose for the OpenID service • Encapsulate and protect users’ private data
  50. 50. No need to sign up, it JustWorks
  51. 51. ... if you have the needed hardware and software ...
  52. 52. quot;So if everybody implements OpenID, are we all happy?quot;
  53. 53. quot;What about website developers?quot;
  54. 54. ID-card Sucks! • Implementing support is difficult • Technically challenging (SSL certificates and such) • Users don’t like ID-cards anyway as they are often afraid of privacy issues • Most sites don’t need so high security • So... why bother?
  55. 55. I Forgot! • Mobile-ID: same stuff inside your GSM SIM card • Same technology inside ... • ... but totally different to implement ... • ... AGAIN!!!
  56. 56. What is Mobile-ID? • Smaller ID-card • No hardware needed - your phone is your card reader • No need to install software to use it online - websites have it
  57. 57. beep-beep!
  58. 58. If you’re going to write new code, why not OpenID code?
  59. 59. Benefits of OpenID • Only one interface to implement • And lots of expertise available globally • If website uses open.id.ee service exclusively, it has instant access to both ID-cards and Mobile-ID authentication • ... with privacy features included @ no cost
  60. 60. So ... • Users get more control over their private data and OpenID provides it • Websites have a simple and easy way to integrate newest authentication technologies with OpenID
  61. 61. Finally a win-win solution?
  62. 62. Almost there ...
  63. 63. Anonymity • Users want anonymity • At least partial • Remaining anonymous is a privilege • Spam, death threats etc must be punishable
  64. 64. The story • Riots in Tallinn that leaded to cyber-attacks • Petition letter to force a politician resign collected almost 100k names and e-mails • Including “George Bush”, “Rex the dog” and “!@#$ you” • Result: nothing.
  65. 65. OpenID 2.0 • New feature: identity selection • You get to choose the OpenID sent to the website • Choose between open.id.ee/martin.paljak ...
  66. 66. or http://open.id.ee/5a0eaba4bb1fb68a39ddec57c15dbff1543d6f461b2203f74
  67. 67. Anonymous OpenID • No (zero) personal data in the URL • One anonymous URL per user per website • The “account” problem mitigated • Still a guarantee that the user behind the OpenID is a real person
  68. 68. Extra Features • Identity theft virtually impossible • re-claiming is painless • Some registration data is always true • If user chooses to send it • “Why do they need it?”
  69. 69. Why do I Care? • I’m a user too! • We export the ID technology of Estonia • Online privacy issues are being discussed • Verified anonymity contributes to e-democracy
  70. 70. Why you should care! • Implement OpenID - get access to our technology • Other EU countries deploying ID-cards • Similar problems • Similar solutions • OpenID is designed for interoperability • ID-cards are in theory
  71. 71. Thanks! Questions? http://openid.net/ https://open.id.ee/about/english David Recordon Martin Paljak davidrecordon.com http://ideelabor.ee david@sixapart.com martin@ideelabor.ee
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×