Distributed SSO

                         Cédric Hüsler
                                    CTO local.ch

              Go...
Quick Poll

Who always use the same PW for every new
         account on a new site?


             Who has a blog?


    ...
BA
                                                                      BA
                                              ...
BA
                                                                    BA
                                                ...
BA
                                           BA
                                             SII
                        ...
BA
                                             BA
                                               SII
                    ...
= Authentication Delegation
= Identity Manager
= Open API
≠ Authentication
≠ Trust
Use a URL as
  user name!
I own the domain: keepthebyte.ch

    - why not using it as user name?
Time for
 demo!

http://jyte.com/
Login Process Overview




                  Download at http://www.flickr.com/photos/keepthebyte/347821691/
...with trusted site




       auto login on the identity provider
HTTP Level - Part 1/3
User Agent <> RP
 GET: %site%/login.html
 POST: %site%/login with OpenID

RP <> IdP
 GET: openid url
OpenID Authentication
OpenID Authentication
OpenID Authentication
OpenID Authentication
OpenID Authentication
OpenID Authentication
OpenID Authentication
OpenID Authentication
OpenID Authentication
OpenID Authentication
OpenID Authentication
Upcoming SlideShare
Loading in...5
×

OpenID Authentication

9,155

Published on

Slides from the Google TechTalk (Zurich, Switzerland) in April 2007. A technical overview of OpenID.

Originally posted: http://www.keepthebyte.ch/2007/04/google-tech-talk-on-openid.html

Published in: Technology, Design
1 Comment
22 Likes
Statistics
Notes
No Downloads
Views
Total Views
9,155
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
483
Comments
1
Likes
22
Embeds 0
No embeds

No notes for slide

OpenID Authentication

  1. 1. Distributed SSO Cédric Hüsler CTO local.ch Google TechTalk Zürich - April 2007
  2. 2. Quick Poll Who always use the same PW for every new account on a new site? Who has a blog? Who has an OpenID?
  3. 3. BA BA SII SC CS prove you are really who you suppose to be S Authentication Username & Password Challenge-response Public-Private Key vs. what are you allowed to do Authorization ACL (Access Control List) RBAC (Role-based Access Control)
  4. 4. BA BA SIIC S CS ability to uniquely identify yourself S Identity Your Name AHV-Nr / SSN Fingerprint vs. ability to control what others know about you Privacy Can you keep a secret? Virtualization Opt-in
  5. 5. BA BA SII SC CS how much can I depend on you? S trust vs. control how much information am I going to give?
  6. 6. BA BA SII SC CS S SSO Single-Sign-On   using the same automatic credentials to access authentication beyond multiple services session and service
  7. 7. = Authentication Delegation = Identity Manager = Open API ≠ Authentication ≠ Trust
  8. 8. Use a URL as user name! I own the domain: keepthebyte.ch - why not using it as user name?
  9. 9. Time for demo! http://jyte.com/
  10. 10. Login Process Overview Download at http://www.flickr.com/photos/keepthebyte/347821691/
  11. 11. ...with trusted site auto login on the identity provider
  12. 12. HTTP Level - Part 1/3 User Agent <> RP GET: %site%/login.html POST: %site%/login with OpenID RP <> IdP GET: openid url
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×