OpenID Tutorials

4,350
-1

Published on

Published in: Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
4,350
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

OpenID Tutorials

  1. 1. OpenID Tutorial. Naofumi HAIDA from Cirius Technologies.
  2. 2. Table of Contents. • Self-Introduction. • What is OpenID? • OpenID 2.0 quick look. • Security Issues. • Other related OpenAPIs.
  3. 3. Self-introduction. • Working @Cirius Technologies, Inc. • Architect @Cirius Lab. • Ruby Programmer. • GeoAPIs, Twitwi Twitter, Twittalk etc... • OpenAPIS & Beyond LT • http://docs.google.com/Presentation? id=dgp485h4_561dwgpsrcd
  4. 4. Questions. • OpenID ? • RP OpenID ? • OpenID 2.0 ? • XRI ?
  5. 5. Authentication ( ) ID Authorization ( ) ID
  6. 6. Backgrounds.
  7. 7. • Internet Identity Workshop Six Apart Brad Fitzpatrick OpenID (2005.10) • Web OpenID (2007.02) • Blogger OpenID (2007.11) • OpenID Authentication 2.0 & OpenID Attribute Exchange 1.0 (2007.12)
  8. 8. • Blogger OpenID IdP (2008.01) • Yahoo OpenID 2.0 IdP (2008.01) • OpenID Foundation Google IBM MS Yahoo! (2008.02) • Six Apart Verisign NRI OpenID Japan Foundation (2008.02)
  9. 9. Many Internet users are “End User” of OpenID Now!
  10. 10. ~ 360 million OpenIDs.
  11. 11. Total Relying Parties Borrowed from David Recordon
  12. 12. There are over 11,000 OpenID enable sites!
  13. 13. What’s for OpenID?
  14. 14. We use more and more sites!
  15. 15. OpenID solves...
  16. 16. Too many passwords!
  17. 17. My Online Profile scattered across many sites!
  18. 18. What is an OpenID??
  19. 19. http://www.hatena.ne.jp/haida/
  20. 20. http://profile.livedoor.com/haida
  21. 21. http://haida.livejurnal.com/
  22. 22. Is an OpenID a URI? It has changed in OpenID ver 2.0.
  23. 23. yahoo.com
  24. 24. coderepos.org
  25. 25. xri://=haida
  26. 26. OpenID: Identity URI Web Authority http://www.slideshare.net/zigorou/ openid-20-quick-note/
  27. 27. These are not OpenID.
  28. 28. Authorization Authentication Delegation Privacy Identity Maneger Trust Control Single-Sign-On Distributed SSO
  29. 29. Login with OpenID.
  30. 30. Input Claimed Identifier @ RP.
  31. 31. Authenticate @ OP.
  32. 32. Merits & Demerits of OpenID.
  33. 33. End User URI
  34. 34. Relying Party - - Sun OpenID Sun Sun
  35. 35. 2. OpenID 2.0 Quick look.
  36. 36. User-Supplied Identifier
  37. 37. URL ID ID
  38. 38. https://me.yahoo.co.jp/a/ X4F0sewBfO6V5S31BLZsyz4BnEx0# fdf84 yahoo.com
  39. 39. XRI
  40. 40. Identity URI XRI
  41. 41. xri://=haida
  42. 42. xri xri ID i-name
  43. 43. = @
  44. 44. xri://@yahoo
  45. 45. ※ XRI xri://=haida 12 $/year xri://@mixi 55 $/year
  46. 46. Terms around OpenID.
  47. 47. identifier http, https URI URI 2.0 URI XRI
  48. 48. OpenID Provider: OP Ver 1.1 IdP OpenID
  49. 49. OP Identifier OP Identifier
  50. 50. Relying Party: RP Consumer OpenID Identifier OP Web Web
  51. 51. Claimed Identifier URI OP
  52. 52. User-Supplied Identifier RP Claimed Identifier OP Identifier
  53. 53. OP-Local Identifier OP Identifier OP Identifier
  54. 54. How does authentication work with OpenID ?
  55. 55. 1. RP Claimed Identifier HTML 2. openid.server link 3. RP 4. OP 5. OP RP 6. RP
  56. 56. How does this work?
  57. 57. Discovery with XRDS.
  58. 58. OP delegate Identifier OpenID 1.1 HTML OpenID 2.0 XRDS XML
  59. 59. Claimed Identifier XRI - XRDS Claimed Identifier URL - HTML x-xrds-location URL - meta http-equiv x-xrds-location URL - Content-type application/xrds+xml XRDS
  60. 60. <?xml version=quot;1.0quot; encoding=quot;UTF-8quot;?> <xrds:XRDS xmlns:xrds=quot;xri://$xrdsquot; xmlns:openid=quot;http://openid.net/xmlns/1.0quot; xmlns=quot;xri://$xrd*($v*2.0)quot;> <XRD> <Service priority=quot;0quot;> <Type>http://specs.openid.net/auth/2.0/server</Type> <URI>http://openid.example.com/auth</URI> </Service> </XRD> </xrds:XRDS>
  61. 61. Service Type
  62. 62. Security Risks.
  63. 63. Phishing.
  64. 64. 1. Malicious Consumer OpenID 2. Identifier URI 3. Malicious Consumer OP OP 4. OP OP ID, Password 5. 6. OP
  65. 65. Firefox OpenID SeatBelt (by VeriSign) -- OpenID -- Malicious Consumer Malicious Consumer OP -- OP
  66. 66. OP nonce trust_root, return_to return_to malicious consumer OP robots.txt OpenID “Identity Page forquot; site:*.myopenid.com” OP
  67. 67. RP for Mobile OP RP for Mobile OpenID ?
  68. 68. orz..
  69. 69. OpenID Security ! http://wiki.openid.net/Security
  70. 70. Reputation Problem OP
  71. 71. OP RP AOL OP http://dev.aol.com/node/578
  72. 72. OP https Attribute Exchange Provider Authentication Policy Extension
  73. 73. OP Reputation OP !
  74. 74. Summary • OpenID • OpenID 2.0 User Friendly! • IdP
  75. 75. Thank you!

×