supported in core...

now what?

questions?

answers!

explanation

what is OpenID?

“OpenID is an open,
decentralized, free
framework for user-
centric digital
identity.”

“OpenID is an open,
decentralized, free
framework for user-
centric digital identity.”

what is identity?

who you are

who am I?

“walkah”

James Ransom Walker

yes... “Ransom”

July 10, 1977

29

30

over 19

over 21

over 25

under 65

who you are

how does it work?

Who is involved?
• Users - OpenID Identifier
• Relying Party (RP) - aka “consumer”
• Wants your information
• OpenID Provider (OP) - aka “ID
provider”
• Has your information

User provides identity
(URL) to Relying Party

Relying Party
performs discovery

Re-directs to
OpenID Provider

... with choices

User authenticates

User receives signed
authentication response

Redirected to RP

Relying party
verifies this
response

access granted!

what’s the point?

too many
usernames &
passwords

single sign-on

registration
headaches

real world

photo ID

what is an OpenID
identifier?

not an account

URL

globally unique

identifier

... like your
passport number

isn’t that a bad
idea?

what if someone
steals my identity!?

“OpenID is an open,
decentralized, free
framework for user-
centric digital
identity.”

choice of:
OpenID Provider

get a couple!

multiple personas

choice of:
authentication
method

choice of:
released data

(including not
presenting ID)

user decides

where do i get one?

how do i use it?

is it secure?

you don’t give your
credentials to
anyone but your
OpenID provider

(unlike
drupal.module)

what’s next?

OpenID provider

DRUPAL-4-7--2

5 & 6 soon!

in core?

attribute exchange

key-value pairs

keys are URLs

(also globally
unique)

http://pants.com/pants/status
=> off

not necessarily
from your provider

cached by your
provider

can be digitally
signed by attribute
provider

we can achieve true
digital identity

more questions?