Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Eduserv OpenID Meeting: OpenID Today


Published on

Published in: Technology

Eduserv OpenID Meeting: OpenID Today

  1. 1. Today Eduserv OpenID Meeting
  2. 2. quot;Its definitely time to declare quot;OpenID is a protocol made OpenID a winnerquot; for the public, by the public. TechCrunch No one owns or controls your login information:You do.quot; 37signals quot;...sees great potential for OpenID's use alongside enterprise-ready software infrastructurequot; Sun Microsystems quot;taking the world by stormquot; quot;this high profile announcement marks Tim O'Reilly the importance of single sign on identity technology to the future of the Internetquot; ReadWriteWeb
  3. 3. What is OpenID? • Single sign-on for the web • Simple and light-weight (not going to replace your bank card pin) • Easy to use and deploy • Built upon proven existing technologies (DNS, HTTP, SSL/TLS, Diffie-Hellman) • Decentralized (you don't have to ask anyone permission to implement it) • Free!
  4. 4. An OpenID is a URI • URLs are globally unique and ubiquitous • OpenID allows proving ownership of an URI • People already have identity at URLs via blogs, photos, MySpace, FaceBook, etc • People already describe relationships via URLs (e.g. links to my friends)
  5. 5. OpenID is Decentralized
  6. 6. quot;What problems does it solve?quot;
  7. 7. Too many usernames
  8. 8. Too many passwords
  9. 9. Signup is too hard
  10. 10. Directories are hard
  11. 11. Strong auth is complex
  12. 12. The web lacks identity
  13. 13. OpenID is another important building block.
  14. 14. Identity is not just one thing
  15. 15. ...but it is really about trust
  16. 16. With OpenID, you get to choose who you trust. (and even change your mind later)
  17. 17. O M E How Does it Work? D
  18. 18. As a Conversation Who are you? I’m Prove it!
  19. 19. Discovers My Provider quot;openid.serverquot; points to my OpenID Provider
  20. 20. (crypto happens)
  21. 21. O M E Using OpenID D
  22. 22. Getting an OpenID
  23. 23. OpenID is Really Easy
  24. 24. quot;This is a geek's toy, nobody will ever have an OpenID!quot;
  25. 25. ~160 million OpenIDs (including every AOL user) OpenID 1.1 - Estimated from various services
  26. 26. quot;Nobody will ever use this!quot;
  27. 27. Total Relying Parties (aka places you can login with OpenID) 6,000 4,500 3,000 1,500 0 ov b ay ly '06 ar ne ov ay ly '05 ct ec r g ne p ec '07 b ct ar r st 22 Ap Ap Au Fe Se Fe Ju Ju gu O O M M M M D D Ju Ju N N p p Jan Jan Au Se Se OpenID 1.1 - As viewed by
  28. 28. quot;So that's great there are so many blogs, but what about something real?quot;
  29. 29.
  30. 30. “Any OpenID in the enterprise?”
  31. 31. Offer all employees OpenIDs; open source Enterprise SSO and identity manager with LDAP and OpenID Internal SSO for bug trackers and wikis OpenID Provider with plans to ship in enterprise products this year Shared OpenID Provider for their businesses and partners Project management, CRM, and billing for small businesses
  32. 32. quot;What about security?quot;
  33. 33. “Protocol Security?”
  34. 34. like any protocol...think as you implement
  35. 35. What about phishing?
  36. 36. Kitten Overload! More kittens! Simon Willison - FOWA 02/07
  37. 37. Kitten Overload! Identity theft! FAKE :'( Simon Willison - FOWA 02/07
  38. 38. Safe Sign-In Pages
  39. 39. Estonian ID-card
  40. 40. the best solutions may around the browser
  41. 41. Microsoft CardSpace
  42. 42. MyVidoop Plugin (a password manager tied into your OpenID account add-on for Firefox)
  43. 43. Sxipper (a form filler password manager with OpenID integration add-on for Firefox)
  44. 44. Symantec Identity Client (OpenID form-fill, upcoming provider, and claims integration)
  45. 45. VeriSign's OpenID SeatBelt (an OpenID convenience and security add-on for Firefox) works with
  46. 46. IE Team has posted a job ad mentioning quot;OpenIDquot; quot;Does the idea of redefining the role of the Internet browser appeal to you? Do the terms HTTP, RSS, Microformats, and OpenID, excite you? If so, then this just might be the opportunity for you.quot;
  47. 47. OpenID doesn't dictate an authentication method
  48. 48. OpenID is great for innovation
  49. 49. quot;How do I deploy OpenID?quot;
  50. 50. OpenID Specs • OpenID Authentication 1.1 • OpenID Simple Registration 1.0 • Yadis Discovery Protocol • OpenID Authentication 2.0 (implementors draft) • OpenID Attribute Exchange 1.0 (draft) • OpenID PAPE 1.0 (draft) • OpenID Data Transport Protocol (draft)
  51. 51. Final Specifications • OpenID Authentication 1.1 • What most people think of for OpenID • What I’m mainly talking about today • Very simple • OpenID Simple Registration Extension • Exchange basic profile data • Keep the user in charge
  52. 52. OpenID Authentication 2.0 • Cleans up the 1.1 specification • Adds a few useful features • Robust extensibility • Enhanced service discovery • quot;Directed identityquot; • XRI • About six independent library implementations of final draft
  53. 53. Attribute Exchange • Flexible framework for exchange rich profile attributes • Keeps the user in charge • Allows updating data in a distributed fashion
  54. 54. PAPE • Communicate details about how the user authenticated • High-level policies such as “phishing resistant” or “multi-factor” • Increasingly important with higher value OpenID transactions
  55. 55. Lots Easy of Code • Libraries in C#, C++, Java, Perl, Python, Ruby, PHP, and ColdFusion • Can have something working within a weekend • Need to think a bit about security and usability
  56. 56. “Why OpenID and education?”
  57. 57. Thanks! Questions? David Recordon