OpenID Progress EEMA Conference


Published on

Presentation about progress of the OpenID protocol and developments in trust frameworks

Published in: Technology
1 Comment
  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Don's version (Nov 19)
  • OpenID Progress EEMA Conference

    1. 1. OpenID a katalyst for EU e-id [email_address]
    2. 2. As an ID expert we like to present this problem
    3. 3. For 25 years nobody really cares! <ul><li>Double digit growth eCommerce </li></ul><ul><li>PKI Smartcards as a beer coaster </li></ul><ul><li>Infocard not shipped </li></ul><ul><li>Self asserted username-passwords is fine </li></ul><ul><li>Employees bypass security systems to do their real work </li></ul>
    4. 4. eID the right tool at the right time?
    5. 5. Different use-cases, or just a different market approach towards a consumer accepted e-ID?
    6. 6. Additional trends that confirm a need for a different approach <ul><li>Password fatigue </li></ul><ul><li>Mobile first </li></ul><ul><li>Socialisation of the web </li></ul><ul><li>Cloud – Services Integration </li></ul>
    7. 7. Registration fatigue ‘ GBA’
    8. 8. Consumers create single sign-on
    9. 9. A new identity console
    10. 10. Your digital identity on the social web 500M+ 175M+
    11. 11. Sharing your data under consent between services (oauth)
    12. 12. OpenID, one single digital identity for consumers? <ul><li>OpenID is a successful multichannel protocol to enable consumers and merchants to share identities </li></ul><ul><li>Consumers do not understand OpenID as their single identity </li></ul><ul><li>Identity providers want to promote their brand and competitive advantage </li></ul><ul><li>Re-use exiting accounts, like Google, Facebook, Hyves, LinkedIn </li></ul>More on OpenID situation 2011 “OpenID Swot ”
    13. 13. The Evolution of Open Identity <ul><li>OpenID User must understand and remember URL </li></ul><ul><li>Each OpenID Provider has different URL syntax </li></ul><ul><li>This worked “OK” on tech-focused blogs, wikis, discussion groups, etc. but not well with broader audiences and applications </li></ul><ul><li>Yahoo buttons, Google Friend Connect, Facebook Connect, ID Selector </li></ul><ul><li>Content Provider Advisory Committee meeting in NYC </li></ul><ul><li>First UX Summit at Yahoo </li></ul><ul><li>Major OPs improving workflow </li></ul><ul><li>User only needs to click on icon for preferred identity account </li></ul><ul><li>Second UX Summit at Facebook </li></ul><ul><li>Graphical interface of major Identity Providers, including proprietary solutions from Facebook, MySpace, & Microsoft </li></ul>2007 2008-2009 2010
    14. 14. 2011 Challenges/Priorities OpenID foundation <ul><li>Challenge: Improve the OpenID “product” </li></ul><ul><ul><li>Finalize and implement OpenID ABC </li></ul></ul><ul><ul><li>Outreach to other identity protocols (UX, Attributes, Consent) </li></ul></ul><ul><li>Challenge: Globalize OpenID Adoption </li></ul><ul><ul><li>Worldwide OpenID summits will improve specifications and adoption </li></ul></ul><ul><ul><li>OIDF leaders organize, sponsor and speak at global identity events, OpenID summits </li></ul></ul><ul><li>Challenge: Build momentum and expand outreach </li></ul><ul><ul><li>Collaborate with related standards bodies and organizations </li></ul></ul><ul><ul><li>Extend content curator program </li></ul></ul><ul><li>Challenge: Keep OpenID free and IPR protected </li></ul><ul><ul><li>Extend trademark protections globally </li></ul></ul>
    15. 15. Working Group <ul><li>Current specification OpenID 2.0 used successfully in different use cases (also enterprise) </li></ul><ul><li>New Spec in progress “OpenID ABC” </li></ul><ul><ul><li>Almost certainly not final branding! </li></ul></ul><ul><ul><li>Spec work occurring in “Artifact Binding” working group </li></ul></ul><ul><ul><li>Incorporates submissions to former “OpenID Connect” working group </li></ul></ul><ul><li>Points of departure </li></ul><ul><ul><li>Mobile phones and other limited platforms </li></ul></ul><ul><ul><li>“ Facebook Connect” style functionality for easy registration </li></ul></ul><ul><ul><li>Easier deployment than OpenID 2.0 </li></ul></ul>
    16. 16. The OpenID ABC product <ul><li>Artifact Binding </li></ul><ul><li>UserInfo Endpoint </li></ul><ul><li>Simple RPs </li></ul><ul><li>Higher LoA </li></ul><ul><li>Session Management </li></ul><ul><li>Unregistered Clients </li></ul><ul><li>OAuth 2 Integration </li></ul><ul><li>Use of JWTs </li></ul><ul><li>Single Logout </li></ul>
    17. 17. Protocol workgroup participants <ul><li>Key working group participants: </li></ul><ul><ul><li>Nat Sakimura – Nippon Research Institute – Japan </li></ul></ul><ul><ul><li>John Bradley – Independent – Chile </li></ul></ul><ul><ul><li>Breno de Medeiros – Google – US </li></ul></ul><ul><ul><li>Paul Tarjan – Facebook – US </li></ul></ul><ul><ul><li>Axel Nennker – Deutsche Telekom – Germany </li></ul></ul><ul><ul><li>Kick Willemse – Independent – Netherlands </li></ul></ul><ul><ul><li>Tony Nadalin – Microsoft – US </li></ul></ul><ul><ul><li>Mike Jones – Microsoft – US </li></ul></ul><ul><li>By no means an exhaustive list! </li></ul><ul><li>OpenID specs developed via an open process </li></ul><ul><li>All free to participate </li></ul>
    18. 18. Discussion & Resources <ul><li>Artifact Binding Working Group Wiki Page </li></ul><ul><ul><li> </li></ul></ul><ul><li>Artifact Binding Mailing List </li></ul><ul><ul><li> </li></ul></ul>
    19. 19. Specification Structure <ul><li>OpenID AB spec contains in two parts </li></ul><ul><ul><li>Core – abstract specification </li></ul></ul><ul><ul><li>Binding – OAuth 2 based binding </li></ul></ul><ul><li>JSON Web Token (JWT) spec with signing </li></ul><ul><ul><li>Next version will add encryption </li></ul></ul><ul><ul><li>Other specs like UMA are looking to adopt it </li></ul></ul><ul><li>Discovery a separate spec </li></ul><ul><li>Will refer to OAuth 2.0 specs once finished </li></ul>
    20. 20. Spec Progress <ul><li>Current status </li></ul><ul><ul><li>Core – 70% done </li></ul></ul><ul><ul><li>Bindings – 75% done (pending OAuth 2.0 completion) </li></ul></ul><ul><ul><li>Discovery – 80% (working from SWD) </li></ul></ul><ul><ul><li>JWT – 90% done for tokens and signature </li></ul></ul><ul><ul><ul><li>Encryption remains to be specified </li></ul></ul></ul><ul><ul><li>OAuth 2.0 – 95% </li></ul></ul><ul><li>Target: Complete drafts by Internet Identity Workshop (IIW) in May, Final IIW in November 2011 </li></ul>
    21. 21. Visit our summits for updates and discussions January 18 Completed OpenID Policy Summit hosted and sponsored by OIX in Washington DC March 8 Completed OpenID Retail Summit hosted by PayPal in San Jose May 2 12-5 PM OpenID Security Summit co-hosted by Symantec/Google in Mountain View May 10 8-12 AM  OpenID Technology Summit at EIC co-sponsored by Google and Microsoft in Munich TBD TBD OpenID Asia/Pacific Technology Summit hosted by NRI in Tokyo July 19 8-12 AM  OpenID Enterprise Summit hosted by Ping Identity in Keystone, Colorado Oct 10 TBD OpenID Technology Summit at RSA Conference co-hosted by Microsoft and Google in London November 12-5 PM OpenID Social Media Summit November hosted by FaceBook in Palo Alto
    22. 22. So what about trust levels? <ul><li>OpenID is not a trustscheme </li></ul><ul><li>Do you really need a trust level or may self assertion, pre-registration or IDP whitelisting work for you? </li></ul><ul><li>Local trust schemes, country specific </li></ul><ul><li>US-Gov Profile OpenID ICAM profile </li></ul><ul><li>Stork E-ID and ISO/IEC 29115 </li></ul><ul><li>International movement towards trustschemes that make it possible to re-use existing identities, both private and public </li></ul>
    23. 23. The trust framework paradox? <ul><li>Identity = A collection of multiple attributes or claims about a person or system </li></ul><ul><ul><li>Name </li></ul></ul><ul><ul><li>E-mail </li></ul></ul><ul><ul><li>Date of Birth </li></ul></ul><ul><ul><li>Profession </li></ul></ul><ul><ul><li>Address </li></ul></ul><ul><li>Why do we want to define Levels of Assurance (LOA) on a single Identity Level and not attribute level? </li></ul>
    24. 24. Mapping attribute schemes is an important condition for LOA’s <ul><li>A datamodel for personal data SEMIC (EU) </li></ul><ul><li>Attribute Exchange, Sreg in OpenID </li></ul><ul><li>Open Social – Portable Contacts </li></ul><ul><li>Social network specific </li></ul><ul><li>Country specific </li></ul>
    25. 25. Trust scheme on attribute level <ul><li>A first scheme for e-mail by Google within OIX </li></ul><ul><ul><li>OpenID Summit certification list/ Google RP </li></ul></ul><ul><li>Possible methods of verification </li></ul><ul><ul><li>Self asserted </li></ul></ul><ul><ul><li>Proof of Possesion </li></ul></ul><ul><ul><li>Authentic Register </li></ul></ul><ul><ul><li>Certificate of origin </li></ul></ul>
    26. 26. Interested in helping shape the future of internet identity? <ul><li>OIDF Company/Organizational Membership </li></ul><ul><li>Share experience and concenrs with important identity players like Google, Paypal, Microsoft, FaceBook, Ping, Deutsche Telekom </li></ul><ul><li>Inclusion in OpenID Foundation press releases and industry events </li></ul><ul><li>Corporate logo displayed on the OpenID Foundation website and materials </li></ul><ul><li>OpenID Summits fees waived for all employees </li></ul><ul><li>Propose and lead OpenID technical and marketing work groups </li></ul><ul><li>Vote on ratification of OpenID specifications and recommendations </li></ul><ul><li>OIDF Individual Membership </li></ul><ul><li>Vote on OpenID workgroups, specifications, and community board members </li></ul><ul><li>Use the OpenID Foundation Member logo and signature on your blog, email, website, apps </li></ul><ul><li>Influence the technical development of OpenID technology and adoption </li></ul><ul><li>Free pass to all OpenID Summits and discounts to conferences on internet identity </li></ul><ul><ul><li>Students and Professional Courtesy options available on request. </li></ul></ul>
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.