1. Distributed SSO
Google TechTalk Zürich - April 2007
2. Quick Poll
Who always use the same PW for every new
account on a new site?
Who has a blog?
Who has an OpenID?
prove you are really who you suppose to be
Username & Password Challenge-response Public-Private Key
what are you allowed to do
ACL (Access Control List) RBAC (Role-based Access Control)
ability to uniquely identify yourself
Your Name AHV-Nr / SSN Fingerprint
ability to control what others know about you
Can you keep a secret? Virtualization Opt-in
how much can I depend on you?
how much information am I going to give?
using the same automatic
credentials to access authentication beyond
multiple services session and service
7. = Authentication Delegation
= Identity Manager
= Open API
8. Use a URL as
I own the domain: keepthebyte.ch
- why not using it as user name?
9. Time for
10. Login Process Overview
Download at http://www.ﬂickr.com/photos/keepthebyte/347821691/
11. ...with trusted site
auto login on the identity provider
12. HTTP Level - Part 1/3
User Agent <> RP
POST: %site%/login with OpenID
RP <> IdP
GET: openid url