OpenID Intro @ Barcamp Brussels 3

  • 5,389 views
Uploaded on

I gave a talk about OpenID at Barcamp Brussels 3, may 2007

I gave a talk about OpenID at Barcamp Brussels 3, may 2007

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
No Downloads

Views

Total Views
5,389
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
212
Comments
2
Likes
18

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. OpenID Intro “Identity 2.0 - Forget your passwords”
  • 2. ~/ $ who am i • Frank Louwers - frank@openminds.be • Partner in Openminds & Metatale • http://frank.be • Openminds offers high-quality, high- performance Internetsolutions • Openminds launched the first Belgian OpenID identity server
  • 3. Quick Poll?
  • 4. Quick Poll? • Who uses same username / password for every new account?
  • 5. Quick Poll? • Who uses same username / password for every new account? • Who loses usernames / passwords for some sites?
  • 6. Quick Poll? • Who uses same username / password for every new account? • Who loses usernames / passwords for some sites? • Who has a blog?
  • 7. Quick Poll? • Who uses same username / password for every new account? • Who loses usernames / passwords for some sites? • Who has a blog? • Who has OpenID? (Wordpress.com, AOL, Typepad,Yahoo!, ...)
  • 8. Passwords, usernames, and amnesia
  • 9. Morning workflow • Read Mail • Read RSS feeds • Use company Intranet / wiki • Write blogpost • Comment on other blogs / wiki
  • 10. Morning workflow • Read Mail needs login • Read RSS feeds • Use company Intranet / wiki • Write blogpost • Comment on other blogs / wiki
  • 11. Morning workflow • Read Mail needs login • Read RSS feeds needs login • Use company Intranet / wiki • Write blogpost • Comment on other blogs / wiki
  • 12. Morning workflow • Read Mail needs login • Read RSS feeds needs login • Use company Intranet / wiki needs login • Write blogpost • Comment on other blogs / wiki
  • 13. Morning workflow • Read Mail needs login • Read RSS feeds needs login • Use company Intranet / wiki needs login • Write blogpost needs login • Comment on other blogs / wiki
  • 14. Morning workflow • Read Mail needs login • Read RSS feeds needs login • Use company Intranet / wiki needs login • Write blogpost needs login • Comment on other blogs / wiki needs login
  • 15. Even worse ... http://www.monuments.nu/monuments/2007/05/pure_annoyance.html
  • 16. Our best friend ...
  • 17. Not only do we need to remember the password We also need to rember the (random) username!
  • 18. Solutions
  • 19. Lazy solution • Same password everywhere • Not safe • One site compromised, all sites compromised • When your mail-address changes, accounts lost?
  • 20. Solution: Single Sign On • Previous attempts: Microsoft Passport.net • Centralised (not everyone trusts MS) • Expensive to integrate • Not extendable
  • 21. OpenID: KISS • De-centralised • Open Standards based • easy, lightweight protocol • providing Single Sign On • Based on proven standards (dns and urls) • A blog identifies a person
  • 22. De-centralised • You choose one of the many OpenID i- providers (http://openid.openminds.be) • You choose who you trust and why • Even set-up your own OpenID server if you want • It’s the only place where your credentials are stored
  • 23. A life without passwords How does it look like?
  • 24. Login to OpenID sites • Enter your OpenID identifier url as “username” • Site contacts your OpenID Server (based on url) • OpenID Server checks if you are logged in • OpenID Server passes token to site
  • 25. Only the first time I login to an OpenID site that day. Next time, only a confirmation is needed.
  • 26. What data should be transfered to the site?
  • 27. Wikitravel doesn’t have a local account for this OpenID. Suggests me to create one. This happens only the first time. It binds my OpenID (openid.openminds.be/frank) to this new account.
  • 28. Blog url as OpenID • My OpenID: openid.openminds.be/frank • My blog: frank.be • Solution? Simple HTML tags!
  • 29. Add html headers tags No other plugins or code needed on your blog!
  • 30. Who is using it?
  • 31. Who’s in the game?
  • 32. Plugins available for: • Blog software (Wordpress, MT, Mephisto, ...) • Wiki software (MediaWiki, DokuWiki, ...) • Almost all Web frameworks (Drupal, Ruby on Rails, Joomla, Django, ...)
  • 33. Add OpenID to your project • Lower barrier (users don’t need to create an account) eg: http://iusethis.com • Simplifies account setup • Specific hacks • AIM integration • Company Intranets or wiki’s and Company OpenID
  • 34. Problems? • Google isn’t in, and won’t be in soon • Login is slower (browser redirects ...) • Vulnerable to Phishing • risk actually less than with username / password logins • can be fixed with plugins (and FF3)
  • 35. Future versions • Exchange of more attributes • Gravatars? • Address (eg for shipping) • Language / timezone settings • Verified email address or not • Security enhancements
  • 36. Cool sites using OpenID http://iusethis.com
  • 37. Cool sites using OpenID http://jyte.com
  • 38. Cool sites using OpenID http://jyte.com
  • 39. Cool sites using OpenID http://shopify.com
  • 40. Cool sites using OpenID http://heardontv.com
  • 41. Links • http://openid.openminds.be (still beta) • http://myopenid.com • http://openid.net • http://janrain.com/openid • http://openiddirectory.com
  • 42. Q &A • Do you use OpenID? • Do you consider it? • Why (not)? Frank Louwers - frank@openminds.be