• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Street conf overview
 

Street conf overview

on

  • 282 views

 

Statistics

Views

Total Views
282
Views on SlideShare
282
Embed Views
0

Actions

Likes
0
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Street conf overview Street conf overview Presentation Transcript

    • Internet Identity November 2011
    • Updates
      • 1. Account Chooser
      • Simplify SignIn/Signup on the web
      • 2. OAuth2/OpenIDConnect
      • Eliminate password reuse (one password)
      • 3. Identity verification
      • CHOOSE to share your VERIFIED legal identity (name/address) with a site
      • 4. Strong authentication
      • Secure the "one password" with additional protection
    •  
    •  
    •  
    •  
    • 1. Account Chooser
        • accountchooser.com
        • Working group in OpenID Foundation
          • NOT protocol specific
          • Current version is site specific
          • Next version is global to the browser
        • Implemented in products such as Janrain Engage and Google Identity Toolkit
        • Google replacing its own login box
          •   opt-in by searching for "account chooser experiment"
    •  
    • 2. OAuth2/OpenIDConnect
        • oauth.net (OAuth2 in particular)
        • ONE protocol for identity in the cloud = OAuth
          • On-premise systems still use a mix
          • Protocol supports many use cases
            • Federated Login=OpenIDConnect
        • Simpler story for developers
          • Use OAuth for identity in the cloud
            • Web services friendly (REST/JSON)
          • OpenIDConnect is OpenID v2 rebuilt on OAuth
    • 3. Identity Verification
        • How do you PROVE you are not a dog on the Internet?
        • What if you WANT to share your legal identity (name/address) with a site so you can access..
          • Your online medical records
          • Your Social Security, Tax, etc. records
          • Your utility records
          • Premium content you have paid for
          • ...
    •  
    •  
    •  
    •  
    • Behind the scenes
      • 1. How was the user's identity verified?
      • 2. What is the business model?
      • 3. How was the user's login authentication?
    • Identity verification
        • Done via attribute providers
          • Some already have a verified identity for the user
          • Others will perform the verification from scratch
        • ID/DataWeb demo
          • Shown at the OIX event
    •  
    •  
    •  
    •  
    • Postcard code technique
        • Common approach
        • Social Security Administration
        • Hospitals
        • Google Maps
        • etc..
      • Big difference
        • Previously it was once per site (and costly)
        • Now it is once per person
          • Better usability (for 2nd, 3rd, ... site)
          • Lower cost (cost spread across sites)
    •  
    • Business Model
        • User consents for the site (UserIDTV) to see their address
        • Site does not get ACTUAL address until they pay the attribute provider
          • Fee is decided by attribute provider
          • Site decides what attribute providers to support
        • Significant interest as shown by the OIX event
        • Government RP's could use this model as well
        • ID/DataWeb and Google are ready for pilots now
        • Other IDPs and Attribute Providers are expected in the future
    • Business Model
        • Significant interest as shown by the OIX event
          • Government RP's could use this model as well
        • ID/DataWeb and Google are ready for pilots now
          • Other IDPs and Attribute Providers are expected in the future
    • 4. Strong authentication
      • Secure the "one password" with additional protection
    • User Authentication
    • Authentication as an attribute
      • Same API calling mechanism to get street address can also be used to learn how the login session was authenticated
        • $2/user/year for verified address
        • $5/user/year for address + OTP
        • $10/user/year for address + certificate
        • $20/user/year for in-person-verification + certificate
        • etc.... 
    • Who will handle authentication?
        • Big consumer IDPs making some progress with OTPs
        • Revenue potential is attracting other companies
        • Mobile carriers are a common example
    •  
    • Phone purchase process
        • Bonnie orders a new phone online
        • Consents for carrier to
          • be her street address attribute provider for address
          • be her authentication provider
        • Bonnie's new phone arrives
          • Turn it on, unlock it
          • Mail/Addressbook/etc. syncs automatically
          • Browser logged into account using device ID
          • Bonnie visits an RP and it detects the strong authentication (for a fee)
        • Simple user experience + powerful security
    • Summary
      • 1. Account Chooser
      • Simplify SignIn/Signup on the web
      • 2. OAuth2/OpenIDConnect
      • Eliminate password reuse (one password)
      • 3. Identity verification
      • CHOOSE to share your VERIFIED legal identity (name/address) with a site
      • 4. Strong authentication
      • Secure the "one password" with additional protection