OpenID An Executive Briefing David Leip, STSM ibm.com Chief Innovation Dude & Agile Methods Advocate January 2008 This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/3.0/ or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

OpenID is a open decentralized mechanism for SSO (Single Sign-On) What is OpenID?

Users have too many userids (ex. smith, jsmith, johnsmith, john@smith.com, smith@acme-corp.com) Users have too many passwords Don’t trust many sites with my login Users profile is likely distributed across the web. Why OpenID for users?

Users have too many userids (ex. smith, jsmith, johnsmith, john@smith.com, smith@acme-corp.com)

Users have too many passwords

Don’t trust many sites with my login

Users profile is likely distributed across the web.

http://Leip.livejournal.com/ http://openid.aol.com/Leip http://Leip.openid.com/ http://Leip.ca/ What’s an OpenID look like?

http://Leip.livejournal.com/

http://openid.aol.com/Leip

http://Leip.openid.com/

http://Leip.ca/

How Does it Work? Acme.com David Leip 1. David asks to log in to acme.com by giving his OpenID ex: http://leip.myopenid.com/

How Does it Work? Acme.com David Leip myopenid.com 2. Acme.com asks the OpenID provider (myopenid.com) to confirm that this visitor is David (the owner of this OpenID.)

How Does it Work? Acme.com David Leip myopenid.com 3. The OpenID provider (myopenid.com) will likely have some form of exchange with the visitor (or David), typically asking asking for a id/password, or a certificate.

How Does it Work? Acme.com David Leip myopenid.com 4. The OpenID provider confirms that they are satisfied, that the visitor is David.

More and more customers are looking for it Gaining lots of momentum. Thousands of sites AOL, Some Google properties, now Yahoo! OpenID 2.0 includes the ability to carry profile data. Could reduce our vulnerability to identity theft attacks, as we don’t need to store as much. Great mechanism for maintaining employee ACLs in outsourcing situations (Ex. An OpenID from a your company could authenticate a person to a HR benefits site run by a third party.) Why should we care?

More and more customers are looking for it

Gaining lots of momentum.

Thousands of sites

AOL, Some Google properties, now Yahoo!

OpenID 2.0 includes the ability to carry profile data.

Could reduce our vulnerability to identity theft attacks, as we don’t need to store as much.

Great mechanism for maintaining employee ACLs in outsourcing situations (Ex. An OpenID from a your company could authenticate a person to a HR benefits site run by a third party.)

Further Information David Leip http:// www.Leip.ca This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/3.0/ or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

David Leip http:// www.Leip.ca