Your SlideShare is downloading. ×
Yj openid tech_night_v6
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Yj openid tech_night_v6

2,400
views

Published on

Published in: Technology, Design

0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,400
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
33
Comments
0
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • RP 確認のために RP Discovery も実施しているけど、 RP の XRDS を確認できなくても警告画面は出していません。
  • Draft なので何とも言えないですが。。
  • Draft なので何とも言えないが
  • Transcript

    • 1. Yahoo! JAPAN OpenID @ OpenID Tech Night Vol.6 2010 年 5 月 28 日(金)
    • 2. 自己紹介
      • 近藤 裕介 (@konfoo)
      • ヤフー株式会社
        • R&D 統括本部 プラットフォーム開発本部
      • 仕事
        • OAuth
        • OpenID
        • ログインまわり ←イマココ
      • OpenID Foundation Japan
        • 翻訳・教育 Working Group
    • 3. Yahoo! JAPAN の OpenID
      • 2008 年 1 月
        • リリース( OpenID 2.0 対応)
      • 2010 年 3 月
        • Attribute Exchange 1.0 対応
        • UI Extension 1.0(draft) 対応
        • iPhone UI 対応
    • 4. OP のサーバ構成
      • サーバ構成
        • open.login.yahooapis.jp x 3
        • open.login.yahoo.co.jp x 3
        • me.yahoo.co.jp x 2
      • 属性情報
        • Y! プロフィールの専用 DB (ソーシャル DB )
    • 5. OpenID Flow input OpenID OP Discovery Association Authentication Request RP Discovery show Login Page input ID/PW Authentication Response OP Discovery Check Authentication OpenID login succeeded! RP OP UA show Let-me-in Page click Let-me-in!
    • 6. Yahoo! JAPAN の XRDS <?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?> <xrds:XRDS xmlns:xrds=&quot;xri://$xrds&quot; xmlns:openid=&quot;http://openid.net/xmlns/1.0&quot; xmlns=&quot;xri://$xrd*($v*2.0)&quot;> <XRD> <Service priority=&quot;0&quot;> <Type>http://specs.openid.net/auth/2.0/server</Type> <Type>http://specs.openid.net/extensions/pape/1.0</Type> <Type> http://openid.net/srv/ax/1.0 </Type> <Type> http://specs.openid.net/extensions/ui/1.0/mode/popup </Type> <URI>https://open.login.yahooapis.jp/openid/op/auth</URI> </Service> </XRD> </xrds:XRDS>
    • 7. Attribute Exchange Flow + AX Parameters AX 用の UI + AX Response input OpenID OP Discovery Association Authentication Request RP Discovery show Login Page input ID/PW Authentication Response OP Discovery Check Authentication OpenID login succeeded! RP OP UA show Let-me-in Page click Let-me-in!
    • 8. Attributes 提供している属性情報 Yahoo! プロフィール (http://profiles.yahoo.co.jp) http://axschema.org/birthDate/birthYear 生年 http://axschema.org/person/gender 性別 http://axschema.org/namePerson/first 名 http://axschema.org/namePerson/last 姓 http://axschema.org/namePerson/friendly 表示名 http://axschema.org/media/image/default 画像
    • 9. AX Request https://open.login.yahooapis.jp/openid/op/auth? openid.assoc_handle=xxxx& openid.ax.mode=fetch_request& openid.ax.required=nickname%2Cgender%2Cfirstname%2Clastname%2Cbirthyear%2Cprofile_img& openid.ax.type.birthyear=http%3A%2F%2Faxschema.org%2FbirthDate%2FbirthYear& openid.ax.type.firstname=http%3A%2F%2Faxschema.org%2FnamePerson%2Ffirst& openid.ax.type.gender=http%3A%2F%2Faxschema.org%2Fperson%2Fgender& openid.ax.type.lastname=http%3A%2F%2Faxschema.org%2FnamePerson%2Flast& openid.ax.type.nickname=http%3A%2F%2Faxschema.org%2FnamePerson%2Ffriendly& openid.ax.type.profile_img=http%3A%2F%2Faxschema.org%2Fmedia%2Fimage%2Fdefault& openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select& openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select& openid.mode=checkid_setup& openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0& openid.ns.ax=http%3A%2F%2Fopenid.net%2Fsrv%2Fax%2F1.0& openid.realm=http%3A%2F%2Frp.example.com%2F& openid.return_to=http%3A%2F%2Frp.example.com%2Freturn_to
    • 10. AX UI
    • 11. AX Response openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0& openid.mode=id_res& openid.return_to=http%3A%2F%2Frp.example.com%2Fpopup_return_to& openid.claimed_id=https%3A%2F%2Fme.yahoo.co.jp%2Fa%2Fxxxxx& openid.identity=https%3A%2F%2Fme.yahoo.co.jp%2Fa%2Fxxxxx& openid.assoc_handle=xxxxx& openid.realm=http%3A%2F%2Frp.example.com%2Fpopup_return_to%2F& openid.ns.ax=http%3A%2F%2Fopenid.net%2Fsrv%2Fax%2F1.0& openid.ax.mode=fetch_response& openid.ax.value.nickname=konfoo& openid.ax.value.gender=M& openid.ax.value.firstname=%E3%82%86%E3%81%86%E3%81%99%E3%81%91& openid.ax.value.lastname=%E3%81%93%E3%82%93%E3%81%A9%E3%81%86& openid.ax.value.image=https%3A%2F%2Fproxy.f4.ymdb.yahoofs.jp%2Fmingle%2F44bfb0eazf57fa5ff%2Fprofile%2F __tn_%2Ffa32.png%3Fmgw_m_LBemHb.LOL& openid.response_nonce=2010-05-26T12%3A18%3A10ZbfKqKuLqi5UkBthqAVLL.Kkr_pt6R.Gtmg--& openid.signed=assoc_handle%2Cclaimed_id%2Cidentity%2Cmode%2Cns%2Cop_endpoint%2Cresponse _nonce%2Creturn_to%2Csigned%2C ax.value.nickname%2Cax.type.nickname%2Cax.value.gender%2Cax .type.gender%2Cax.value.firstname%2Cax.type.firstname%2Cax.value.lastname%2Cax.type.lastname%2C ax.value.image%2Cax.type.image%2Cns.ax%2Cax.mode%2Cpape.auth_level.nist&openid.op_endpoint=h ttps%3A%2F%2Fopen.login.yahooapis.jp%2Fopenid%2Fop%2Fauth&openid.ax.type.nickname=http%3A %2F%2Faxschema.org%2FnamePerson%2Ffriendly&openid.ax.type.gender=http%3A%2F%2Faxschema .org%2Fperson%2Fgender&openid.ax.type.firstname=http%3A%2F%2Faxschema.org%2FnamePerson% 2Ffirst&openid.ax.type.lastname=http%3A%2F%2Faxschema.org%2FnamePerson%2Flast&openid.ax.typ e.image=http%3A%2F%2Faxschema.org%2Fmedia%2Fimage%2Fdefault &openid.ns.pape=http%3A%2F %2Fspecs.openid.net%2Fextensions%2Fpape%2F1.0&openid.pape.auth_level.nist=0& openid.sig=xxxxxx
    • 12. AX Spec について
      • Assertion の URL が長すぎる!
        • 2000 over で POST に要切替
      • Fetch Request のパラメータ
        • ‘ openid.ax.required ’ と ’ openid.ax.if_avalibale ’
      • Store Request は必要?
        • どこも実装していない
        • OAuth+ プロフィール更新 API で代替可能
    • 13. UI Extension(popup) + UI Parameters show popup UI open popup window (RP) close popup window and continue the rest process in main window(RP) input OpenID OP Discovery Association Authentication Request RP Discovery show Login Page input ID/PW Authentication Response OP Discovery Check Authentication OpenID login succeeded! RP OP UA show Let-me-in Page click Let-me-in!
    • 14. UI Extension(popup) Request https://open.login.yahooapis.jp/openid/op/auth? openid.assoc_handle=xxxx& openid.ax.mode=fetch_request& openid.ax.required=nickname%2Cgender%2Cfirstname%2Clastname%2Cbirthyear%2Cprofile_img& openid.ax.type.birthyear=http%3A%2F%2Faxschema.org%2FbirthDate%2FbirthYear& openid.ax.type.firstname=http%3A%2F%2Faxschema.org%2FnamePerson%2Ffirst& openid.ax.type.gender=http%3A%2F%2Faxschema.org%2Fperson%2Fgender& openid.ax.type.lastname=http%3A%2F%2Faxschema.org%2FnamePerson%2Flast& openid.ax.type.nickname=http%3A%2F%2Faxschema.org%2FnamePerson%2Ffriendly& openid.ax.type.profile_img=http%3A%2F%2Faxschema.org%2Fmedia%2Fimage%2Fdefault& openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select& openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select& openid.mode=checkid_setup& openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0& openid.ns.ax=http%3A%2F%2Fopenid.net%2Fsrv%2Fax%2F1.0& openid.ns.ui= http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fui%2F1.0 & openid.realm=http%3A%2F%2Frp.example.com%2F& openid.return_to=http%3A%2F%2Frp.example.com%2Fpopup_return_to& openid.ui.mode= popup
    • 15. popup UI
    • 16. UI Extension Spec について
      • ポップアップウィンドウ単体で表示( MUST )
        • ブラウザの設定によってはポップアップ禁止 or 別タブ
      • サイズは 450 x 500 px ( SHOULD )
        • 日本語のフォントサイズだと難しい
        • 大きくしても微妙
      • ポップアップ制御の実装
        • RP 側はちょっとめんどくさい
    • 17. OP が popup 対応するにあたって
      • popup 画面からの導線に注意
        • popup の popup
        • リンクを辿ると元のページに戻れない
      • 汎用的な UI が望ましい
        • Yahoo.com / Facebook / myspace は同意画面がデフォルトで小さいサイズ
        • PC / popup / smart phone
    • 18. Yahoo! JAPAN の OpenID で AX/Popup 使ってみてください