What is it ... and what does it mean to me? David Orrell [email_address] 9 Aug 2007

What's this about? Learn about what OpenID is. See how web identity systems are changing. Hopefully be convinced that it's a good thing!

Learn about what OpenID is.

See how web identity systems are changing.

Hopefully be convinced that it's a good thing!

What is OpenID? “OpenID is an open, decentralized, free framework for user-centric digital identity.” (from OpenID.net) (...for the Web) (...for Web 2.0)

“OpenID is an open, decentralized, free framework for user-centric digital identity.”

(from OpenID.net)

(...for the Web)

(...for Web 2.0)

What is an OpenID? http://dno.myopenid.com or http://openid.eduserv.org.uk/dno

http://dno.myopenid.com

or

http://openid.eduserv.org.uk/dno

An OpenID is itself a web entity.

An OpenID is itself a web entity.

An OpenID is itself a web entity. It's an identity system using Web technologies.

An OpenID is itself a web entity.

It's an identity system using Web technologies.

An OpenID is itself a web entity. It's an identity system using Web technologies. It's scalable.

An OpenID is itself a web entity.

It's an identity system using Web technologies.

It's scalable.

An OpenID is itself a web entity. It's an identity system using Web technologies. It's scalable. It's elegant and really simple!

An OpenID is itself a web entity.

It's an identity system using Web technologies.

It's scalable.

It's elegant and really simple!

Open and Decentralised The 3 key qualities...

The 3 key qualities...

(1) No one provider holds key to the OpenID network. A sustainable foundation to the system, with the user in control. Open and Decentralised

(1) No one provider holds key to the OpenID network.

A sustainable foundation to the system, with the user in control.

(2) Pervasively Open Source. Providers don't have to worry about technology and vendor lock-in. Open and Decentralised

(2) Pervasively Open Source.

Providers don't have to worry about technology and vendor lock-in.

(3) Light-weight enough to be 'layered' with other technologies. Open and Decentralised

(3) Light-weight enough to be 'layered' with other technologies.

What's in an OpenID? http:// dno.myopenid.com me my identity provider

http:// dno.myopenid.com

Why users should care...

Why users should care...

A user can choose who holds their identity.

A user can choose who holds their identity.

http://openid.net/wiki/index.php/OpenIDServers lists around 60 providers. Or your employer, college might provide one. Why not run your own?

http://openid.net/wiki/index.php/OpenIDServers

lists around 60 providers.

Or your employer, college might provide one.

Why not run your own?

Users get single sign on between resources. - common username - common password - sign on once (or client certificates: MyOpenID / certifi.ca)

Users get single sign on between resources.

- common username

- common password

- sign on once

(or client certificates: MyOpenID / certifi.ca)

Users get single sign on between resources. - common username - common password - sign on once (or client certificates: MyOpenID / certifi.ca) Their credentials are only stored by their identity provider(s).

Users get single sign on between resources.

- common username

- common password

- sign on once

(or client certificates: MyOpenID / certifi.ca)

Their credentials are only stored by their identity provider(s).

Users can easily register for services. OpenID has a 'simple registration extension'.

Users can easily register for services.

OpenID has a 'simple registration extension'.

Easy registration for light-weight purposes, like posting comments on blogs.

Easy registration for light-weight purposes, like posting comments on blogs.

Easy registration for light-weight purposes, like posting comments on blogs. Better than persistent cookies.

Easy registration for light-weight purposes, like posting comments on blogs.

Better than persistent cookies.

Easy registration for light-weight purposes, like posting comments on blogs. Better than persistent cookies. Can associate an OpenID with an existing account.

Easy registration for light-weight purposes, like posting comments on blogs.

Better than persistent cookies.

Can associate an OpenID with an existing account.

Users can choose their identity dno.myopenid.com I'm not forced to use 'dno34562' at someconsumer.com and 'dno234' at someotherconumer.com

Users can choose their identity

dno.myopenid.com

I'm not forced to use

'dno34562' at someconsumer.com and 'dno234' at someotherconumer.com

Users can choose their identity dno.myopenid.com I'm not forced to use 'dno34562' at someconsumer.com and 'dno234' at someotherconumer.com Even better if I am my identity provider

Users can choose their identity

dno.myopenid.com

I'm not forced to use

'dno34562' at someconsumer.com and 'dno234' at someotherconumer.com

Even better if I am my identity provider

OK, this sounds great, but...

A URL as an identity? Isn't a URL a counter-intuitive form of identity?

Isn't a URL a counter-intuitive form of identity?

A URL as an identity? Isn't a URL a counter-intuitive form of identity? Perhaps, but think of a blog, or MySpace... a URL is very much an identity.

Isn't a URL a counter-intuitive form of identity?

Perhaps, but think of a blog, or MySpace... a URL is very much an identity.

A URL can imply more.... http://openid.eduserv.org.uk/dno I am an employee of Eduserv

A URL can imply more....

http://openid.eduserv.org.uk/dno

In theory, a URL says much more...

In theory, a URL says much more...

In theory, a URL says much more... An OpenID is much richer than a username in what it can say (or imply) about a user.

In theory, a URL says much more...

An OpenID is much richer than a username in what it can say (or imply) about a user.

In theory, a URL says much more... An OpenID is much richer than a username in what it can say (or imply) about a user. Can delegate your identity from any URL: eg. your blog.

In theory, a URL says much more...

An OpenID is much richer than a username in what it can say (or imply) about a user.

Can delegate your identity from any URL: eg. your blog.

An OpenID is globally unique so could form the basis of decentralised social networks. Add support for microformats... xfn, hCard, MicroID? Check out... http://microformats.org http://microid.org http://simonwillison.net

What about privacy? Identity vs Privacy

Identity vs Privacy

What about privacy? OpenID does not solve problems around privacy. Again, keep in mind the context here: Web 2.0, social networks and the blogosphere.

OpenID does not solve problems around privacy.

Again, keep in mind the context here: Web 2.0, social networks and the blogosphere.

Phishing A 'bad' consumer can easily perform a phishing attack. OpenID does not necessarily make things better or worse!

A 'bad' consumer can easily perform a phishing attack.

OpenID does not necessarily make things better or worse!

Set you identity provider as your homepage or a bookmark and sign in first.

Verisign PIP SeatBelt Firefox extension Firefox 3 to have 'OpenID support'

Trust! 2 schools of thought.... (though not necessarily mutually exclusive)

2 schools of thought....

(though not necessarily mutually exclusive)

(1) OpenID is what is it because it doesn't do trust.

OpenID is what is it because it doesn't do trust.

(1) OpenID is what is it because it doesn't do trust. Consumers and identity providers need no prior agreements.

OpenID is what is it because it doesn't do trust.

Consumers and identity providers need no prior agreements.

(1) OpenID is what is it because it doesn't do trust. Consumers and identity providers need no prior agreements. Ad-hoc trust can still be achieved.

OpenID is what is it because it doesn't do trust.

Consumers and identity providers need no prior agreements.

Ad-hoc trust can still be achieved.

“This is not a trust system. Trust requires identity first.” (from OpenID.net)

“This is not a trust system. Trust requires identity first.”

(from OpenID.net)

(2) OpenID is simple and is there to be built on. Adding trust is a natural extension.

OpenID is simple and is there to be built on. Adding trust is a natural extension.

(2) OpenID is simple and is there to be built on. Adding trust is a natural extension. Consumers can white-list 'good' identity providers.

OpenID is simple and is there to be built on. Adding trust is a natural extension.

Consumers can white-list 'good' identity providers.

Relations with SAML/Shibboleth Don't they address the same thing!

Don't they address the same thing!

Relations with SAML/Shibboleth Don't they address the same thing! Can co-exist.

Don't they address the same thing!

Can co-exist.

Relations with SAML/Shibboleth Don't they address the same thing! Can co-exist. OpenID comes from a different angle, for different applications and for non-specific user-bases.

Don't they address the same thing!

Can co-exist.

OpenID comes from a different angle, for different applications and for non-specific user-bases.

Open Standards and Patents Patents => not so Open?

Patents => not so Open?

Open Standards and Patents Patents => not so Open? Sun, Verisign and JanRain have all issued patent-covenants: patents will not be enforced against implementations of OpenID.

Patents => not so Open?

Sun, Verisign and JanRain have all issued patent-covenants: patents will not be enforced against implementations of OpenID.

So, who's using it? All AOL users have an OpenID (even if they don't know it). 63 million users. All 33 000 Sun employees.

digg.com announced support. General theme is that there are more providers than consumers.

http://openid.net (Specifications) http://www.openiddirectory.com/ (Directory of resources) http://www.openidenabled.com/ (OpenID implementations) [email_address]