OpenID Progress EEMA Conference
Upcoming SlideShare
Loading in...5

Like this? Share it with your network


OpenID Progress EEMA Conference

Uploaded on

Presentation about progress of the OpenID protocol and developments in trust frameworks

Presentation about progress of the OpenID protocol and developments in trust frameworks

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to like this
No Downloads


Total Views
On Slideshare
From Embeds
Number of Embeds



Embeds 1 1

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide
  • Don's version (Nov 19)


  • 1. OpenID a katalyst for EU e-id [email_address]
  • 2. As an ID expert we like to present this problem
  • 3. For 25 years nobody really cares!
    • Double digit growth eCommerce
    • PKI Smartcards as a beer coaster
    • Infocard not shipped
    • Self asserted username-passwords is fine
    • Employees bypass security systems to do their real work
  • 4. eID the right tool at the right time?
  • 5. Different use-cases, or just a different market approach towards a consumer accepted e-ID?
  • 6. Additional trends that confirm a need for a different approach
    • Password fatigue
    • Mobile first
    • Socialisation of the web
    • Cloud – Services Integration
  • 7. Registration fatigue ‘ GBA’
  • 8. Consumers create single sign-on
  • 9. A new identity console
  • 10. Your digital identity on the social web 500M+ 175M+
  • 11. Sharing your data under consent between services (oauth)
  • 12. OpenID, one single digital identity for consumers?
    • OpenID is a successful multichannel protocol to enable consumers and merchants to share identities
    • Consumers do not understand OpenID as their single identity
    • Identity providers want to promote their brand and competitive advantage
    • Re-use exiting accounts, like Google, Facebook, Hyves, LinkedIn
    More on OpenID situation 2011 “OpenID Swot ”
  • 13. The Evolution of Open Identity
    • OpenID User must understand and remember URL
    • Each OpenID Provider has different URL syntax
    • This worked “OK” on tech-focused blogs, wikis, discussion groups, etc. but not well with broader audiences and applications
    • Yahoo buttons, Google Friend Connect, Facebook Connect, ID Selector
    • Content Provider Advisory Committee meeting in NYC
    • First UX Summit at Yahoo
    • Major OPs improving workflow
    • User only needs to click on icon for preferred identity account
    • Second UX Summit at Facebook
    • Graphical interface of major Identity Providers, including proprietary solutions from Facebook, MySpace, & Microsoft
    2007 2008-2009 2010
  • 14. 2011 Challenges/Priorities OpenID foundation
    • Challenge: Improve the OpenID “product”
      • Finalize and implement OpenID ABC
      • Outreach to other identity protocols (UX, Attributes, Consent)
    • Challenge: Globalize OpenID Adoption
      • Worldwide OpenID summits will improve specifications and adoption
      • OIDF leaders organize, sponsor and speak at global identity events, OpenID summits
    • Challenge: Build momentum and expand outreach
      • Collaborate with related standards bodies and organizations
      • Extend content curator program
    • Challenge: Keep OpenID free and IPR protected
      • Extend trademark protections globally
  • 15. Working Group
    • Current specification OpenID 2.0 used successfully in different use cases (also enterprise)
    • New Spec in progress “OpenID ABC”
      • Almost certainly not final branding!
      • Spec work occurring in “Artifact Binding” working group
      • Incorporates submissions to former “OpenID Connect” working group
    • Points of departure
      • Mobile phones and other limited platforms
      • “ Facebook Connect” style functionality for easy registration
      • Easier deployment than OpenID 2.0
  • 16. The OpenID ABC product
    • Artifact Binding
    • UserInfo Endpoint
    • Simple RPs
    • Higher LoA
    • Session Management
    • Unregistered Clients
    • OAuth 2 Integration
    • Use of JWTs
    • Single Logout
  • 17. Protocol workgroup participants
    • Key working group participants:
      • Nat Sakimura – Nippon Research Institute – Japan
      • John Bradley – Independent – Chile
      • Breno de Medeiros – Google – US
      • Paul Tarjan – Facebook – US
      • Axel Nennker – Deutsche Telekom – Germany
      • Kick Willemse – Independent – Netherlands
      • Tony Nadalin – Microsoft – US
      • Mike Jones – Microsoft – US
    • By no means an exhaustive list!
    • OpenID specs developed via an open process
    • All free to participate
  • 18. Discussion & Resources
    • Artifact Binding Working Group Wiki Page
    • Artifact Binding Mailing List
  • 19. Specification Structure
    • OpenID AB spec contains in two parts
      • Core – abstract specification
      • Binding – OAuth 2 based binding
    • JSON Web Token (JWT) spec with signing
      • Next version will add encryption
      • Other specs like UMA are looking to adopt it
    • Discovery a separate spec
    • Will refer to OAuth 2.0 specs once finished
  • 20. Spec Progress
    • Current status
      • Core – 70% done
      • Bindings – 75% done (pending OAuth 2.0 completion)
      • Discovery – 80% (working from SWD)
      • JWT – 90% done for tokens and signature
        • Encryption remains to be specified
      • OAuth 2.0 – 95%
    • Target: Complete drafts by Internet Identity Workshop (IIW) in May, Final IIW in November 2011
  • 21. Visit our summits for updates and discussions January 18 Completed OpenID Policy Summit hosted and sponsored by OIX in Washington DC March 8 Completed OpenID Retail Summit hosted by PayPal in San Jose May 2 12-5 PM OpenID Security Summit co-hosted by Symantec/Google in Mountain View May 10 8-12 AM  OpenID Technology Summit at EIC co-sponsored by Google and Microsoft in Munich TBD TBD OpenID Asia/Pacific Technology Summit hosted by NRI in Tokyo July 19 8-12 AM  OpenID Enterprise Summit hosted by Ping Identity in Keystone, Colorado Oct 10 TBD OpenID Technology Summit at RSA Conference co-hosted by Microsoft and Google in London November 12-5 PM OpenID Social Media Summit November hosted by FaceBook in Palo Alto
  • 22. So what about trust levels?
    • OpenID is not a trustscheme
    • Do you really need a trust level or may self assertion, pre-registration or IDP whitelisting work for you?
    • Local trust schemes, country specific
    • US-Gov Profile OpenID ICAM profile
    • Stork E-ID and ISO/IEC 29115
    • International movement towards trustschemes that make it possible to re-use existing identities, both private and public
  • 23. The trust framework paradox?
    • Identity = A collection of multiple attributes or claims about a person or system
      • Name
      • E-mail
      • Date of Birth
      • Profession
      • Address
    • Why do we want to define Levels of Assurance (LOA) on a single Identity Level and not attribute level?
  • 24. Mapping attribute schemes is an important condition for LOA’s
    • A datamodel for personal data SEMIC (EU)
    • Attribute Exchange, Sreg in OpenID
    • Open Social – Portable Contacts
    • Social network specific
    • Country specific
  • 25. Trust scheme on attribute level
    • A first scheme for e-mail by Google within OIX
      • OpenID Summit certification list/ Google RP
    • Possible methods of verification
      • Self asserted
      • Proof of Possesion
      • Authentic Register
      • Certificate of origin
  • 26. Interested in helping shape the future of internet identity?
    • OIDF Company/Organizational Membership
    • Share experience and concenrs with important identity players like Google, Paypal, Microsoft, FaceBook, Ping, Deutsche Telekom
    • Inclusion in OpenID Foundation press releases and industry events
    • Corporate logo displayed on the OpenID Foundation website and materials
    • OpenID Summits fees waived for all employees
    • Propose and lead OpenID technical and marketing work groups
    • Vote on ratification of OpenID specifications and recommendations
    • OIDF Individual Membership
    • Vote on OpenID workgroups, specifications, and community board members
    • Use the OpenID Foundation Member logo and signature on your blog, email, website, apps
    • Influence the technical development of OpenID technology and adoption
    • Free pass to all OpenID Summits and discounts to conferences on internet identity
      • Students and Professional Courtesy options available on request.