Openid - Simon Willison - Media in Transition


Published on

OpenId is the game changer for social networks, allowing for portability of the social graph and preferences

Published in: Technology, Design
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Openid - Simon Willison - Media in Transition

  1. 1. URL based identity with OpenID Simon Willison, Media in Transition, 6th September 2007
  2. 2. The web authentication problem What username did I use again? What password did I use again?
  3. 3. The Web needs Single Sign On
  4. 4. ?
  5. 5. SSO with a single controlling authority betrays the principles of the Web
  6. 6. OpenID is decentralised • An open standard, developed in public • No controlling authority • No need to ask permission before implementing it
  7. 7. An OpenID is a URL • • •
  8. 8. Here’s how it works
  9. 9. The sign-up problem
  10. 10. OpenID’s Simple Registration extension can help users provide name, e-mail, D.O.B...
  11. 11. The web profile problem
  12. 12. • Each of these pages has a URL • If the services supported it, each of these URLs can be an OpenID • This lets me assert ownership of my profile • I can use OpenID to tie profiles together across multiple sites
  13. 13. The social network problem • Every site wants to know about my social network • Re-friending everyone on every site I visit is tedious, and a major barrier to adoption • The Facebook platform lets me reuse the Facebook social graph - but I have to abide by their rules
  14. 14. OpenID provides the globally unique identifier needed to create a portable social graph
  15. 15. OpenID adoption
  16. 16. 0 875 1,750 2,625 3,500 Se p '05 O ct N ov D ec Jan '06 Fe b M ar Ap r M ay Ju ne Ju ly Au g Se p O ct N ov D ec Jan '07 Fe b Total Relying Parties M ar Ap r M ay Ju ne
  17. 17. What’s in it for you? • Reduces the overhead for signing up for an account on your service - great for attracting early adopters • The ability to “prove” ownership of your account is an excellent complement to your service’s Web Service API • You can learn about a user’s profiles elsewhere on the Web
  18. 18. Some FAQs • Does this mean I no longer have a database of user accounts? • How do I know that an OpenID is a real person, and not an evil spammer? • Isn’t it a bad idea to outsource the security of my users to a third party? • What are the privacy implications of this?
  19. 19.