More Related Content Similar to OpenID Tutorials (20) OpenID Tutorials2. Table of Contents.
• Self-Introduction.
• What is OpenID?
• OpenID 2.0 quick look.
• Security Issues.
• Other related OpenAPIs. 3. Self-introduction.
• Working @Cirius Technologies, Inc.
• Architect @Cirius Lab.
• Ruby Programmer.
• GeoAPIs, Twitwi Twitter, Twittalk etc...
• OpenAPIS & Beyond LT
• http://docs.google.com/Presentation?
id=dgp485h4_561dwgpsrcd 7. • Internet Identity Workshop Six Apart Brad
Fitzpatrick OpenID (2005.10)
• Web OpenID
(2007.02)
• Blogger OpenID
(2007.11)
• OpenID Authentication 2.0 & OpenID Attribute Exchange
1.0 (2007.12) 8. • Blogger OpenID IdP (2008.01)
• Yahoo OpenID 2.0 IdP (2008.01)
• OpenID Foundation Google IBM MS Yahoo!
(2008.02)
• Six Apart Verisign NRI OpenID Japan Foundation
(2008.02) 29. Authorization Authentication Delegation
Privacy Identity Maneger
Trust Control
Single-Sign-On Distributed SSO 48. ※ XRI
xri://=haida 12 $/year
xri://@mixi 55 $/year 60. 1. RP Claimed Identifier HTML
2. openid.server link
3. RP
4. OP
5. OP RP
6. RP 65. OP delegate Identifier
OpenID 1.1
HTML
OpenID 2.0
XRDS XML 66. Claimed Identifier XRI
- XRDS
Claimed Identifier URL
- HTML x-xrds-location
URL
- meta http-equiv x-xrds-location
URL
- Content-type application/xrds+xml
XRDS 67. <?xml version=quot;1.0quot; encoding=quot;UTF-8quot;?>
<xrds:XRDS
xmlns:xrds=quot;xri://$xrdsquot;
xmlns:openid=quot;http://openid.net/xmlns/1.0quot;
xmlns=quot;xri://$xrd*($v*2.0)quot;>
<XRD>
<Service priority=quot;0quot;>
<Type>http://specs.openid.net/auth/2.0/server</Type>
<URI>http://openid.example.com/auth</URI>
</Service>
</XRD>
</xrds:XRDS> 72. 1. Malicious Consumer OpenID
2. Identifier URI
3. Malicious Consumer OP
OP
4. OP OP ID, Password
5.
6. OP 73. Firefox OpenID SeatBelt (by VeriSign)
-- OpenID
-- Malicious Consumer
Malicious Consumer OP
-- OP 74. OP nonce
trust_root, return_to
return_to malicious consumer
OP robots.txt OpenID
“Identity Page forquot; site:*.myopenid.com”
OP 79. OP RP
AOL OP
http://dev.aol.com/node/578