An Introduction to OpenID

An Introduction

What is OpenID? OpenID is a decentralised Single Sign On system for the web. An Introduction

Why OpenID? Too many user names? Too many passwords? User name already taken? An Introduction

What is an OpenID? An OpenID is simply a URI, e.g. http://mmanders.myopenid.com An Introduction

So what? You can claim ownership of a URI. The ability to prove ownership of a URI can facilitate authentication. An Introduction

How? You don’t authenticate to a site with credentials agreed on with that site. You authenticate with credentials agreed on with your ID Provider. An Introduction

This sounds familiar! It’s Similar to Microsoft Passport. It’s different in that Microsoft doesn’t have ownership – you do! An Introduction

This sounds familiar! It’s an open standard. The standard isn’t owned by any single organisation. You don’t have to seek Microsoft permission to implement it. An Introduction

Who has ownership? You do! You pick an Identity Provider. Or implement the server-side yourself! An Introduction

A brief demonstration An Introduction

How does sign-up fit in? Augments the sign-up process. Doesn’t provide information; authentication only. Still need CAPTCHAs. An Introduction

Where does sign-up fit? Simple Registration Extension provides lightweight exchange of profile information. Beyond the scope of this introduction. An Introduction

How does OpenID work? Link tag on OpenID page. <link rel=“openid.server” href=http://www.myopenid.com/server /> An Introduction

How does OpenID work? Relying party establishes a shared secret with Identity Provider using Diffie-Hellman key exchange. An Introduction

How does OpenID work? HTML at URI is parsed to discover Identity Provider. An Introduction

How does OpenID work? User is redirected to Identity Provider in order to authenticate. An Introduction

How does OpenID work? User is redirected back to relying party and shared secret is used to guard against spoofed requests. An Introduction

Can I use my own URI? Using delegation, you can use your own domain as your OpenID! An Introduction

Can I use my own URI? Put the following link tags in the head section of your domain index page: <link rel=“openid.server” href=“<id_server”> /> <link rel=“openid.delegate” href=“<delegate url>” /> An Introduction

Can I use my own URI? For example, until I implement my own server, I use: <link rel=“openid.server” href=http://www.myopenid.com/server /> <link rel=“openid.delegate” href=http://maxmanders.myopenid.com /> An Introduction

Can I change providers? What if I don’t trust my provider? You can simply delegate authority to a different provider! An Introduction

Further Reading… The Specifications: http://openid.net Wikipedia: http://en.wikipedia.org/wiki/OpenID Implementation Libraries: http://openidenabled.com Jan Rain: http://janrain.com/openid An Introduction

Thank You! Max Manders http://maxmanders.co.uk [email_address] An Introduction

An Introduction to OpenID

by Max Manders on Nov 01, 2007

Accessibility

Categories

Tags

Upload Details

Usage Rights

1 Embed 25

Statistics

An Introduction to OpenID — Presentation Transcript