SlideShare a Scribd company logo

Implementing OpenID

David Recordon
David Recordon

David Recordon and Brian Ellin's presentation from O'Reilly's 2007 Web 2.0 Expo conference.

TechnologyBusiness
1 of 69
Download to read offline
Implementing David Recordon Brian Ellin drecordon@verisign.com brian@janrain.com Web 2.0 Expo April 15-18, 2007
brief intro...and then into the code
What is OpenID? Single sign-on for the web Simple and light-weight (not going to replace your atm pin) Easy to use and deploy Open development process Decentralized (no single point of failure) Free!
Proves You Control a URI www.davidrecordon.com brianellin.com
the common things we hear
quot;Been there, done thatquot;
quot;Been there, done thatquot; Great for Centralized Centralized the enterprise
...but do you really trust them?
With OpenID, you get to choose who manages your identity. (you can even change your mind later)
quot;This is a geek's toy, nobody will ever have an OpenID!quot;
~90 million OpenIDs (including every AOL user) OpenID 1.1 - Estimated from various services
quot;Nobody will ever use this!quot;
Total Relying Parties (aka places you can use this stuff) IIW L AO y nt s/ ou & st /B ca T SF eb IIW IIW ip M W Sx 2,500 1,875 1,250 625 0 '05 ct ov ec '06 b ar r ay e ly g p ct ov ec '07 b ar h Ap Au n Fe Se Fe 7t Ju O O M M M D D N Ju N r1 p Jan Jan Se Ap OpenID 1.1 - As viewed by MyOpenID.com
quot;So that's great there are so many blogs, but what about something real?quot;
quot;What's the big deal?quot;
OpenID is another important building block.
quot;Why should we add OpenID to our feature list?quot;
Simon Willison - FOWA 02/07
TechCrunch and other blogs link to dozens of new startups each week...readers aren't going to make new accounts for every single one Simon Willison - FOWA 02/07
TechCrunch and other blogs link to dozens of new startups each week...readers aren't going to make new accounts for every single one Creates ability to email a friend saying, quot;I've added you as an author to the blog I setup for our bandquot; Simon Willison - FOWA 02/07
TechCrunch and other blogs link to dozens of new startups each week...readers aren't going to make new accounts for every single one Creates ability to email a friend saying, quot;I've added you as an author to the blog I setup for our bandquot; Site specific hacks...quot;Login with your AOL OpenID and we'll send you updates over AIMquot; Simon Willison - FOWA 02/07
TechCrunch and other blogs link to dozens of new startups each week...readers aren't going to make new accounts for every single one Creates ability to email a friend saying, quot;I've added you as an author to the blog I setup for our bandquot; Site specific hacks...quot;Login with your AOL OpenID and we'll send you updates over AIMquot; If you're not managing passwords, you don't need to build as complex user management systems Simon Willison - FOWA 02/07
How does it work? (protocol and flow)
Basic Terminology OpenID Provider (OP) - Site that makes assertions about an OpenID Relying Party (RP) - Site that wants to verify ownership of an OpenID
O M E Using OpenID D
O M E OpenID Enabling Your Own URL D
O M E Creating an OpenID with your own server D
* *************************************************************************** * * CONFIGURATION * *************************************************************************** * * You must change these values: * auth_username = login name * auth_password = md5(username:realm:password) * * Default username = 'test', password = 'test', realm = 'phpMyID' */ #$profile = array( # 'auth_username' => 'test', # 'auth_password' => '37fa04faebe5249023ed1f6cc867329b' #); /* * Optional - Simple Registration Extension: * * If you would like to add any of the following optional registration * parameters to your login profile, simply uncomment the line, and enter the * correct values. * * Details on the exact allowed values for these paramters can be found at: * http://openid.net/specs/openid-simple-registration-extension-1_0.html */ #$sreg = array ( # 'nickname' => 'Joe', # 'email' => 'joe@example.com', # 'fullname' => 'Joe Example', # 'dob' => '1970-10-31', # 'gender' => 'M', # 'postcode' => '22000', # 'country' => 'US', # 'language' => 'en', # 'timezone' => 'America/New_York' #);
Hash My Password
* *************************************************************************** * * CONFIGURATION * *************************************************************************** * * You must change these values: * auth_username = login name * auth_password = md5(username:realm:password) * * Default username = 'test', password = 'test', realm = 'phpMyID' */ $profile = array( 'auth_username' => 'david', 'auth_password' => 'e0fee9a99fa2fe004bbd70b972a03aa1' ); /* * Optional - Simple Registration Extension: * * If you would like to add any of the following optional registration * parameters to your login profile, simply uncomment the line, and enter the * correct values. * * Details on the exact allowed values for these paramters can be found at: * http://openid.net/specs/openid-simple-registration-extension-1_0.html */ #$sreg = array ( # 'nickname' => 'Joe', # 'email' => 'joe@example.com', # 'fullname' => 'Joe Example', # 'dob' => '1970-10-31', # 'gender' => 'M', # 'postcode' => '22000', # 'country' => 'US', # 'language' => 'en', # 'timezone' => 'America/New_York' #);
Configure Profile Data $profile = array( 'auth_username' => 'david', 'auth_password' => 'e0fee9a99fa2fe004bbd70b972a03aa1' ); /* * Optional - Simple Registration Extension: * * If you would like to add any of the following optional registration * parameters to your login profile, simply uncomment the line, and enter the * correct values. * * Details on the exact allowed values for these paramters can be found at: * http://openid.net/specs/openid-simple-registration-extension-1_0.html */ $sreg = array ( 'nickname' => 'daveman692', 'email' => 'recordond@gmail.com', 'fullname' => 'David Recordon', 'dob' => '1986-09-04', 'gender' => 'M', 'postcode' => '941458', 'country' => 'US', 'language' => 'en', 'timezone' => 'America/Los_Angeles' );
Upload
Configure Delegation (source of www.davidrecordon.com) <html xmlns=quot;http://www.w3.org/1999/xhtmlquot;> <head> <title>David Recordon</title> <style> div { text-align: center; color: #C0C0C0; } img { border: 0px; } a { color: #C0C0C0; } </style> <link rel=quot;openid.serverquot; href=quot;http://www.davidrecordon.com/myid.phpquot; /> <link rel=quot;openid.delegatequot; href=quot;http://www.davidrecordon.com/myid.phpquot; /> </head>
Done! Time to configure and upload phpMyID: <5 minutes http://siege.org/projects/phpMyID/
OpenID Enabling ExpoCal O M E http://cal.web2expo.com/ Existing users: Sign in and click the the quot;add OpenIDquot; D link at the top right New users: Click quot;loginquot; and sign in with your OpenID, skipping the signup process :)
Tools Used iCalicio by Kellan Elliot-McCrea and Evan Henshaw-Plath Ruby and Rails gem install ruby-openid
ExpoCal User Model Stores login name and hashed password We need to add an optional OpenID column 1 class AddOpenId < ActiveRecord::Migration 2 def self.up 3 add_column :users, :openid, :string 4 add_index :users, [:openid], :name => :users_openid_index 5 end 6 7 def self.down 8 remove_column :users, :openid 9 end 10 end
Using the OpenID Library 1 def consumer 2 store_dir = Pathname.new(RAILS_ROOT).join('db').join('openid-store') 3 store = OpenID::FilesystemStore.new(store_dir) 4 return OpenID::Consumer.new(session, store) 5 end FilesystemStore saved OpenID transaction state OpenID::Consumer handles the protocol details
Add OpenID UI 1 <h2>Or, login with OpenID</h2> 2 <%= start_form_tag(:controller=>'account', :action => 'openid_start') %> 3 <p><label for=quot;openid_identifierquot;>OpenID</label><br/> 4 <%= text_field_tag 'openid_identifier' %></p> 5 <%= submit_tag 'OpenID Login' %> 6 <%= end_form_tag %> <input name=quot;openid_identiferquot; />
Handle Login Form Submit 1 def openid_start 2 openid_request = consumer.begin(params[:openid_identifier]) 3 4 case openid_request.status 5 when OpenID::SUCCESS 6 return_to = url_for(:action => 'openid_finish') 7 trust_root = url_for(:controller => '') 8 server_redirect_url = openid_request.redirect_url(trust_root, return_to) 9 redirect_to(server_redirect_url) 10 11 when OpenID::FAILURE 12 flash[:notice] = quot;Could not find your OpenID server.quot; 13 redirect_back_or_default(:controller => '/account', :action => 'index') 14 15 end 16 end 1. Discover 2.Associate 3. Redirect (we’ll handle the server response at the return_to URL)
Redirect to OpenID Provider
Handle Server Response 1 def openid_finish 2 openid_response = consumer.complete(params) 3 4 case openid_response.status 5 when OpenID::SUCCESS 6 openid = openid_response.identity_url 7 @user = User.find_by_openid(openid) 8 9 unless @user 10 @user = User.create(:openid => openid, :login => openid) 11 end 12 self.current_user = @user 13 flash[:notice] = quot;Welcome #{@user.openid}quot; 14 15 when OpenID::FAILURE 16 flash[:notice] = 'Verification failed.' 17 end 18 19 redirect_back_or_default(:controller => 'talk', :action => 'list') 20 end
Done! Time to implement OpenID in iCalico: 45 minutes http://cal.web2expo.com/
quot;So this all looks great, but what are the downsides?quot;
Kitten Overload! More kittens! Simon Willison - FOWA 02/07
Kitten Overload! FAKE More kittens! Simon Willison - FOWA 02/07
Kitten Overload! Identity theft! FAKE :'( Simon Willison - FOWA 02/07
You could just remove passwords
Client Side Certs
Microsoft CardSpace (UI for certs)
Vidoop (changing the metaphor)
...but passwords are still widely used
VeriSign's OpenID Seatbelt (demoing today)
OpenID is great for innovation! (authentication method is up to the provider and user)
quot;I don't want just one identity...I mean I don't want my boss to know I'm a furry!quot;
Well you don't wear your furry suit to work do you?
So use multiple OpenIDs! (you already do this with email addresses today)
Go code! (and join the conversation at OpenID.net)
Thanks! (and don't forget to grab a CD) David Recordon Brian Ellin drecordon@verisign.com brian@janrain.com

Recommended

Implementing OpenID
Implementing OpenIDImplementing OpenID
Implementing OpenID
Uri Levanon
 
Web 2.0 Expo Berlin: OpenID Emerging from Web 2.0
Web 2.0 Expo Berlin: OpenID Emerging from Web 2.0Web 2.0 Expo Berlin: OpenID Emerging from Web 2.0
Web 2.0 Expo Berlin: OpenID Emerging from Web 2.0
David Recordon
 
OpenID Foundation Japan Chapter Announcement
OpenID Foundation Japan Chapter AnnouncementOpenID Foundation Japan Chapter Announcement
OpenID Foundation Japan Chapter Announcement
David Recordon
 
Eduserv OpenID Meeting: OpenID Today
Eduserv OpenID Meeting: OpenID TodayEduserv OpenID Meeting: OpenID Today
Eduserv OpenID Meeting: OpenID Today
David Recordon
 
Fringe eu procurement - sara piller
Fringe eu procurement - sara pillerFringe eu procurement - sara piller
Fringe eu procurement - sara piller
lgconf11
 
Alpha data sheet
Alpha data sheetAlpha data sheet
Alpha data sheet
CFN Services
 
Los Angeles
Los AngelesLos Angeles
Los Angeles
De Turista a Viajante
 
6.09 The Job Search Tool Box Presentation
6.09 The Job Search Tool Box Presentation6.09 The Job Search Tool Box Presentation
6.09 The Job Search Tool Box Presentation
RalphYoung
 

Recommended

Implementing OpenID
Implementing OpenIDImplementing OpenID
Implementing OpenID
Uri Levanon
 
Web 2.0 Expo Berlin: OpenID Emerging from Web 2.0
Web 2.0 Expo Berlin: OpenID Emerging from Web 2.0Web 2.0 Expo Berlin: OpenID Emerging from Web 2.0
Web 2.0 Expo Berlin: OpenID Emerging from Web 2.0
David Recordon
 
OpenID Foundation Japan Chapter Announcement
OpenID Foundation Japan Chapter AnnouncementOpenID Foundation Japan Chapter Announcement
OpenID Foundation Japan Chapter Announcement
David Recordon
 
Eduserv OpenID Meeting: OpenID Today
Eduserv OpenID Meeting: OpenID TodayEduserv OpenID Meeting: OpenID Today
Eduserv OpenID Meeting: OpenID Today
David Recordon
 
Fringe eu procurement - sara piller
Fringe eu procurement - sara pillerFringe eu procurement - sara piller
Fringe eu procurement - sara piller
lgconf11
 
Alpha data sheet
Alpha data sheetAlpha data sheet
Alpha data sheet
CFN Services
 
Los Angeles
Los AngelesLos Angeles
Los Angeles
De Turista a Viajante
 
6.09 The Job Search Tool Box Presentation
6.09 The Job Search Tool Box Presentation6.09 The Job Search Tool Box Presentation
6.09 The Job Search Tool Box Presentation
RalphYoung
 
Ed Burns @ FOWA 08
Ed Burns @ FOWA 08Ed Burns @ FOWA 08
Ed Burns @ FOWA 08
carsonsystems
 
Sales insitute of ireland november 2010
Sales insitute of ireland november 2010Sales insitute of ireland november 2010
Sales insitute of ireland november 2010
Sales Institute Ireland
 
Egkekrimena sxedia comenius 2012
Egkekrimena sxedia comenius 2012Egkekrimena sxedia comenius 2012
Egkekrimena sxedia comenius 2012
sfikasp
 
Stay with chiswick rooms hotel and enjoy london happenings in dec 2012.
Stay with chiswick rooms hotel and enjoy london happenings in dec 2012.Stay with chiswick rooms hotel and enjoy london happenings in dec 2012.
Stay with chiswick rooms hotel and enjoy london happenings in dec 2012.
CHISWICK ROOMS HOTEL
 
Stay with CHISWICK ROOMS HOTEL and enjoy London happenings in dec 2012
Stay with CHISWICK ROOMS HOTEL and enjoy London happenings in dec 2012Stay with CHISWICK ROOMS HOTEL and enjoy London happenings in dec 2012
Stay with CHISWICK ROOMS HOTEL and enjoy London happenings in dec 2012
CHISWICK ROOMS HOTEL
 
Domagoj Margetic
Domagoj MargeticDomagoj Margetic
Domagoj Margetic
Emil Čić
 
Design4 services HCDI Seminar Sangiorgi
Design4 services HCDI Seminar SangiorgiDesign4 services HCDI Seminar Sangiorgi
Design4 services HCDI Seminar Sangiorgi
Marco Ajovalasit
 
Dave Folio
Dave FolioDave Folio
Dave Folio
Dave Lilly
 
6.09 Develop A Plan And Execute
6.09 Develop A Plan And Execute6.09 Develop A Plan And Execute
6.09 Develop A Plan And Execute
RalphYoung
 
Spiral Of Knowledge - 1967
Spiral Of Knowledge - 1967Spiral Of Knowledge - 1967
Spiral Of Knowledge - 1967
HolisticMeta (Self Employed, Part Time)
 
M&amp;A Integration Planning The Integration Of An Acquired Companys Legal De...
M&amp;A Integration Planning The Integration Of An Acquired Companys Legal De...M&amp;A Integration Planning The Integration Of An Acquired Companys Legal De...
M&amp;A Integration Planning The Integration Of An Acquired Companys Legal De...
Frank Fletcher
 
Layout
LayoutLayout
Layout
patsyrowland
 
Transition Sporting Equipment Report(Web)
Transition Sporting Equipment Report(Web)Transition Sporting Equipment Report(Web)
Transition Sporting Equipment Report(Web)
Locus Research
 
Heart Tarsia
Heart TarsiaHeart Tarsia
Heart Tarsia
floatinginjars
 
U r not alone press
U r not alone pressU r not alone press
U r not alone press
urnotalonemovie
 
CloudTunnel Atlanta Ruby Users Group October 2012
CloudTunnel Atlanta Ruby Users Group October 2012CloudTunnel Atlanta Ruby Users Group October 2012
CloudTunnel Atlanta Ruby Users Group October 2012
jmanuzak
 
20120820 conversion of historic newspapers to digital objects [boris yeltsin ...
20120820 conversion of historic newspapers to digital objects [boris yeltsin ...20120820 conversion of historic newspapers to digital objects [boris yeltsin ...
20120820 conversion of historic newspapers to digital objects [boris yeltsin ...
Frederick Zarndt
 
120125 tridti p2_resized
120125 tridti p2_resized120125 tridti p2_resized
120125 tridti p2_resized
Tridti Patarakiatsan
 
Water Related Expertise In Toronto Region July09 Final
Water Related Expertise In Toronto Region July09 FinalWater Related Expertise In Toronto Region July09 Final
Water Related Expertise In Toronto Region July09 Final
Toronto Region Research Alliance
 
Standard Bank Print work
Standard Bank Print workStandard Bank Print work
Standard Bank Print work
TBWA\South Africa
 
OpenID Overview - Seoul July 2007
OpenID Overview - Seoul July 2007OpenID Overview - Seoul July 2007
OpenID Overview - Seoul July 2007
David Recordon
 
rijkhof design package design samples
rijkhof design package design samplesrijkhof design package design samples
rijkhof design package design samples
Rijkhof Design
 

More Related Content

What's hot

Egkekrimena sxedia comenius 2012
Egkekrimena sxedia comenius 2012Egkekrimena sxedia comenius 2012
Egkekrimena sxedia comenius 2012
sfikasp
 
Stay with chiswick rooms hotel and enjoy london happenings in dec 2012.
Stay with chiswick rooms hotel and enjoy london happenings in dec 2012.Stay with chiswick rooms hotel and enjoy london happenings in dec 2012.
Stay with chiswick rooms hotel and enjoy london happenings in dec 2012.
CHISWICK ROOMS HOTEL
 
Stay with CHISWICK ROOMS HOTEL and enjoy London happenings in dec 2012
Stay with CHISWICK ROOMS HOTEL and enjoy London happenings in dec 2012Stay with CHISWICK ROOMS HOTEL and enjoy London happenings in dec 2012
Stay with CHISWICK ROOMS HOTEL and enjoy London happenings in dec 2012
CHISWICK ROOMS HOTEL
 
Transition Sporting Equipment Report(Web)
Transition Sporting Equipment Report(Web)Transition Sporting Equipment Report(Web)
Transition Sporting Equipment Report(Web)
Locus Research
 
CloudTunnel Atlanta Ruby Users Group October 2012
CloudTunnel Atlanta Ruby Users Group October 2012CloudTunnel Atlanta Ruby Users Group October 2012
CloudTunnel Atlanta Ruby Users Group October 2012
jmanuzak
 
20120820 conversion of historic newspapers to digital objects [boris yeltsin ...
20120820 conversion of historic newspapers to digital objects [boris yeltsin ...20120820 conversion of historic newspapers to digital objects [boris yeltsin ...
20120820 conversion of historic newspapers to digital objects [boris yeltsin ...
Frederick Zarndt
 
Water Related Expertise In Toronto Region July09 Final
Water Related Expertise In Toronto Region July09 FinalWater Related Expertise In Toronto Region July09 Final
Water Related Expertise In Toronto Region July09 Final
Toronto Region Research Alliance
 

What's hot (20)

Ed Burns @ FOWA 08
Ed Burns @ FOWA 08Ed Burns @ FOWA 08
Ed Burns @ FOWA 08
 
Sales insitute of ireland november 2010
Sales insitute of ireland november 2010Sales insitute of ireland november 2010
Sales insitute of ireland november 2010
 
Egkekrimena sxedia comenius 2012
Egkekrimena sxedia comenius 2012Egkekrimena sxedia comenius 2012
Egkekrimena sxedia comenius 2012
 
Stay with chiswick rooms hotel and enjoy london happenings in dec 2012.
Stay with chiswick rooms hotel and enjoy london happenings in dec 2012.Stay with chiswick rooms hotel and enjoy london happenings in dec 2012.
Stay with chiswick rooms hotel and enjoy london happenings in dec 2012.
 
Stay with CHISWICK ROOMS HOTEL and enjoy London happenings in dec 2012
Stay with CHISWICK ROOMS HOTEL and enjoy London happenings in dec 2012Stay with CHISWICK ROOMS HOTEL and enjoy London happenings in dec 2012
Stay with CHISWICK ROOMS HOTEL and enjoy London happenings in dec 2012
 
Domagoj Margetic
Domagoj MargeticDomagoj Margetic
Domagoj Margetic
 
Design4 services HCDI Seminar Sangiorgi
Design4 services HCDI Seminar SangiorgiDesign4 services HCDI Seminar Sangiorgi
Design4 services HCDI Seminar Sangiorgi
 
Dave Folio
Dave FolioDave Folio
Dave Folio
 
6.09 Develop A Plan And Execute
6.09 Develop A Plan And Execute6.09 Develop A Plan And Execute
6.09 Develop A Plan And Execute
 
Spiral Of Knowledge - 1967
Spiral Of Knowledge - 1967Spiral Of Knowledge - 1967
Spiral Of Knowledge - 1967
 
M&amp;A Integration Planning The Integration Of An Acquired Companys Legal De...
M&amp;A Integration Planning The Integration Of An Acquired Companys Legal De...M&amp;A Integration Planning The Integration Of An Acquired Companys Legal De...
M&amp;A Integration Planning The Integration Of An Acquired Companys Legal De...
 
Layout
LayoutLayout
Layout
 
Transition Sporting Equipment Report(Web)
Transition Sporting Equipment Report(Web)Transition Sporting Equipment Report(Web)
Transition Sporting Equipment Report(Web)
 
Heart Tarsia
Heart TarsiaHeart Tarsia
Heart Tarsia
 
U r not alone press
U r not alone pressU r not alone press
U r not alone press
 
CloudTunnel Atlanta Ruby Users Group October 2012
CloudTunnel Atlanta Ruby Users Group October 2012CloudTunnel Atlanta Ruby Users Group October 2012
CloudTunnel Atlanta Ruby Users Group October 2012
 
20120820 conversion of historic newspapers to digital objects [boris yeltsin ...
20120820 conversion of historic newspapers to digital objects [boris yeltsin ...20120820 conversion of historic newspapers to digital objects [boris yeltsin ...
20120820 conversion of historic newspapers to digital objects [boris yeltsin ...
 
120125 tridti p2_resized
120125 tridti p2_resized120125 tridti p2_resized
120125 tridti p2_resized
 
Water Related Expertise In Toronto Region July09 Final
Water Related Expertise In Toronto Region July09 FinalWater Related Expertise In Toronto Region July09 Final
Water Related Expertise In Toronto Region July09 Final
 
Standard Bank Print work
Standard Bank Print workStandard Bank Print work
Standard Bank Print work
 

Similar to Implementing OpenID

Semester 1 Part 34
Semester 1 Part 34Semester 1 Part 34
Semester 1 Part 34
Chester Lech
 
Q1 2009 Earning Report of Heidrick & Struggles Inc.
Q1 2009 Earning Report of Heidrick & Struggles Inc.Q1 2009 Earning Report of Heidrick & Struggles Inc.
Q1 2009 Earning Report of Heidrick & Struggles Inc.
earningreport earningreport
 
Unit1 Screw Thread
Unit1 Screw ThreadUnit1 Screw Thread
Unit1 Screw Thread
guestb9b7f4
 
Unit1 Screw Thread
Unit1 Screw ThreadUnit1 Screw Thread
Unit1 Screw Thread
mokhtar
 
Unit2 Gear
Unit2 GearUnit2 Gear
Unit2 Gear
mokhtar
 
Unit5 Power Press Machine
Unit5 Power Press MachineUnit5 Power Press Machine
Unit5 Power Press Machine
guestb9b7f4
 
Unit5 Power Press Machine
Unit5 Power Press MachineUnit5 Power Press Machine
Unit5 Power Press Machine
mokhtar
 
Unit7 Shielded Gas Arc Welding
Unit7 Shielded Gas Arc WeldingUnit7 Shielded Gas Arc Welding
Unit7 Shielded Gas Arc Welding
mokhtar
 
Unit7 Shielded Gas Arc Welding
Unit7 Shielded Gas Arc WeldingUnit7 Shielded Gas Arc Welding
Unit7 Shielded Gas Arc Welding
guestb9b7f4
 
2011美國創新事業規劃研修團分享
2011美國創新事業規劃研修團分享2011美國創新事業規劃研修團分享
2011美國創新事業規劃研修團分享
基欽 劉
 

Similar to Implementing OpenID (20)

OpenID Overview - Seoul July 2007
OpenID Overview - Seoul July 2007OpenID Overview - Seoul July 2007
OpenID Overview - Seoul July 2007
 
rijkhof design package design samples
rijkhof design package design samplesrijkhof design package design samples
rijkhof design package design samples
 
Semester 1 Part 34
Semester 1 Part 34Semester 1 Part 34
Semester 1 Part 34
 
Practicing English
Practicing EnglishPracticing English
Practicing English
 
Aps104 m
Aps104 mAps104 m
Aps104 m
 
Q1 2009 Earning Report of Heidrick & Struggles Inc.
Q1 2009 Earning Report of Heidrick & Struggles Inc.Q1 2009 Earning Report of Heidrick & Struggles Inc.
Q1 2009 Earning Report of Heidrick & Struggles Inc.
 
Budget2009
Budget2009Budget2009
Budget2009
 
Unit1 Screw Thread
Unit1 Screw ThreadUnit1 Screw Thread
Unit1 Screw Thread
 
Unit1 Screw Thread
Unit1 Screw ThreadUnit1 Screw Thread
Unit1 Screw Thread
 
Xero Advertisment - NZ Accountants Journal November 2007
Xero Advertisment - NZ Accountants Journal November 2007Xero Advertisment - NZ Accountants Journal November 2007
Xero Advertisment - NZ Accountants Journal November 2007
 
Unit2 Gear
Unit2 GearUnit2 Gear
Unit2 Gear
 
Unit2 Gear
Unit2 GearUnit2 Gear
Unit2 Gear
 
Program - Frontiers of Interaction 2010
Program - Frontiers of Interaction 2010Program - Frontiers of Interaction 2010
Program - Frontiers of Interaction 2010
 
Unit5 Power Press Machine
Unit5 Power Press MachineUnit5 Power Press Machine
Unit5 Power Press Machine
 
Unit5 Power Press Machine
Unit5 Power Press MachineUnit5 Power Press Machine
Unit5 Power Press Machine
 
Unit7 Shielded Gas Arc Welding
Unit7 Shielded Gas Arc WeldingUnit7 Shielded Gas Arc Welding
Unit7 Shielded Gas Arc Welding
 
Unit7 Shielded Gas Arc Welding
Unit7 Shielded Gas Arc WeldingUnit7 Shielded Gas Arc Welding
Unit7 Shielded Gas Arc Welding
 
Ecm projects : where to start from ?
Ecm projects : where to start from ?Ecm projects : where to start from ?
Ecm projects : where to start from ?
 
Nov Dec Newsletter
Nov Dec NewsletterNov Dec Newsletter
Nov Dec Newsletter
 
2011美國創新事業規劃研修團分享
2011美國創新事業規劃研修團分享2011美國創新事業規劃研修團分享
2011美國創新事業規劃研修團分享
 

More from David Recordon

Learning from Apache to create Open Specifications
Learning from Apache to create Open SpecificationsLearning from Apache to create Open Specifications
Learning from Apache to create Open Specifications
David Recordon
 
Supporting The Open Web - OSCON 2008
Supporting The Open Web - OSCON 2008Supporting The Open Web - OSCON 2008
Supporting The Open Web - OSCON 2008
David Recordon
 

More from David Recordon (13)

Decentralized Social Networks - WebVisions 2009
Decentralized Social Networks - WebVisions 2009Decentralized Social Networks - WebVisions 2009
Decentralized Social Networks - WebVisions 2009
 
A Social Web Intro at the Internet Identity Workshop
A Social Web Intro at the Internet Identity WorkshopA Social Web Intro at the Internet Identity Workshop
A Social Web Intro at the Internet Identity Workshop
 
Anatomy Of "Connect"
Anatomy Of "Connect"Anatomy Of "Connect"
Anatomy Of "Connect"
 
OpenID Introduction - IIW2008b
OpenID Introduction - IIW2008bOpenID Introduction - IIW2008b
OpenID Introduction - IIW2008b
 
Learning from Apache to create Open Specifications
Learning from Apache to create Open SpecificationsLearning from Apache to create Open Specifications
Learning from Apache to create Open Specifications
 
"Blowing Up" Social Networks by Going Open
"Blowing Up" Social Networks by Going Open"Blowing Up" Social Networks by Going Open
"Blowing Up" Social Networks by Going Open
 
Supporting The Open Web - OSCON 2008
Supporting The Open Web - OSCON 2008Supporting The Open Web - OSCON 2008
Supporting The Open Web - OSCON 2008
 
Building Open Platforms
Building Open PlatformsBuilding Open Platforms
Building Open Platforms
 
Open Platforms in Web 2.0
Open Platforms in Web 2.0Open Platforms in Web 2.0
Open Platforms in Web 2.0
 
Web 2.0 Expo Berlin: Open Platforms and the Social Graph
Web 2.0 Expo Berlin: Open Platforms and the Social GraphWeb 2.0 Expo Berlin: Open Platforms and the Social Graph
Web 2.0 Expo Berlin: Open Platforms and the Social Graph
 
ScubaBots - Ignite Sf
ScubaBots - Ignite SfScubaBots - Ignite Sf
ScubaBots - Ignite Sf
 
Digital ID World 2007 - Understanding Openid
Digital ID World 2007 - Understanding OpenidDigital ID World 2007 - Understanding Openid
Digital ID World 2007 - Understanding Openid
 
OpenID Bootcamp Tutorial
OpenID Bootcamp TutorialOpenID Bootcamp Tutorial
OpenID Bootcamp Tutorial
 

Recently uploaded

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 

Recently uploaded (20)

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 

Implementing OpenID

  • 1. Implementing David Recordon Brian Ellin drecordon@verisign.com brian@janrain.com Web 2.0 Expo April 15-18, 2007
  • 2. brief intro...and then into the code
  • 3. What is OpenID? Single sign-on for the web Simple and light-weight (not going to replace your atm pin) Easy to use and deploy Open development process Decentralized (no single point of failure) Free!
  • 4. Proves You Control a URI www.davidrecordon.com brianellin.com
  • 7. quot;Been there, done thatquot; Great for Centralized Centralized the enterprise
  • 8. ...but do you really trust them?
  • 9.
  • 10. With OpenID, you get to choose who manages your identity. (you can even change your mind later)
  • 11. quot;This is a geek's toy, nobody will ever have an OpenID!quot;
  • 12. ~90 million OpenIDs (including every AOL user) OpenID 1.1 - Estimated from various services
  • 13. quot;Nobody will ever use this!quot;
  • 14. Total Relying Parties (aka places you can use this stuff) IIW L AO y nt s/ ou & st /B ca T SF eb IIW IIW ip M W Sx 2,500 1,875 1,250 625 0 '05 ct ov ec '06 b ar r ay e ly g p ct ov ec '07 b ar h Ap Au n Fe Se Fe 7t Ju O O M M M D D N Ju N r1 p Jan Jan Se Ap OpenID 1.1 - As viewed by MyOpenID.com
  • 15. quot;So that's great there are so many blogs, but what about something real?quot;
  • 16.
  • 17.
  • 18.
  • 19.
  • 20. quot;What's the big deal?quot;
  • 21. OpenID is another important building block.
  • 22. quot;Why should we add OpenID to our feature list?quot;
  • 23. Simon Willison - FOWA 02/07
  • 24. TechCrunch and other blogs link to dozens of new startups each week...readers aren't going to make new accounts for every single one Simon Willison - FOWA 02/07
  • 25. TechCrunch and other blogs link to dozens of new startups each week...readers aren't going to make new accounts for every single one Creates ability to email a friend saying, quot;I've added you as an author to the blog I setup for our bandquot; Simon Willison - FOWA 02/07
  • 26. TechCrunch and other blogs link to dozens of new startups each week...readers aren't going to make new accounts for every single one Creates ability to email a friend saying, quot;I've added you as an author to the blog I setup for our bandquot; Site specific hacks...quot;Login with your AOL OpenID and we'll send you updates over AIMquot; Simon Willison - FOWA 02/07
  • 27. TechCrunch and other blogs link to dozens of new startups each week...readers aren't going to make new accounts for every single one Creates ability to email a friend saying, quot;I've added you as an author to the blog I setup for our bandquot; Site specific hacks...quot;Login with your AOL OpenID and we'll send you updates over AIMquot; If you're not managing passwords, you don't need to build as complex user management systems Simon Willison - FOWA 02/07
  • 28. How does it work? (protocol and flow)
  • 29. Basic Terminology OpenID Provider (OP) - Site that makes assertions about an OpenID Relying Party (RP) - Site that wants to verify ownership of an OpenID
  • 30. O M E Using OpenID D
  • 31. O M E OpenID Enabling Your Own URL D
  • 32. O M E Creating an OpenID with your own server D
  • 33.
  • 34. * *************************************************************************** * * CONFIGURATION * *************************************************************************** * * You must change these values: * auth_username = login name * auth_password = md5(username:realm:password) * * Default username = 'test', password = 'test', realm = 'phpMyID' */ #$profile = array( # 'auth_username' => 'test', # 'auth_password' => '37fa04faebe5249023ed1f6cc867329b' #); /* * Optional - Simple Registration Extension: * * If you would like to add any of the following optional registration * parameters to your login profile, simply uncomment the line, and enter the * correct values. * * Details on the exact allowed values for these paramters can be found at: * http://openid.net/specs/openid-simple-registration-extension-1_0.html */ #$sreg = array ( # 'nickname' => 'Joe', # 'email' => 'joe@example.com', # 'fullname' => 'Joe Example', # 'dob' => '1970-10-31', # 'gender' => 'M', # 'postcode' => '22000', # 'country' => 'US', # 'language' => 'en', # 'timezone' => 'America/New_York' #);
  • 36. * *************************************************************************** * * CONFIGURATION * *************************************************************************** * * You must change these values: * auth_username = login name * auth_password = md5(username:realm:password) * * Default username = 'test', password = 'test', realm = 'phpMyID' */ $profile = array( 'auth_username' => 'david', 'auth_password' => 'e0fee9a99fa2fe004bbd70b972a03aa1' ); /* * Optional - Simple Registration Extension: * * If you would like to add any of the following optional registration * parameters to your login profile, simply uncomment the line, and enter the * correct values. * * Details on the exact allowed values for these paramters can be found at: * http://openid.net/specs/openid-simple-registration-extension-1_0.html */ #$sreg = array ( # 'nickname' => 'Joe', # 'email' => 'joe@example.com', # 'fullname' => 'Joe Example', # 'dob' => '1970-10-31', # 'gender' => 'M', # 'postcode' => '22000', # 'country' => 'US', # 'language' => 'en', # 'timezone' => 'America/New_York' #);
  • 37. Configure Profile Data $profile = array( 'auth_username' => 'david', 'auth_password' => 'e0fee9a99fa2fe004bbd70b972a03aa1' ); /* * Optional - Simple Registration Extension: * * If you would like to add any of the following optional registration * parameters to your login profile, simply uncomment the line, and enter the * correct values. * * Details on the exact allowed values for these paramters can be found at: * http://openid.net/specs/openid-simple-registration-extension-1_0.html */ $sreg = array ( 'nickname' => 'daveman692', 'email' => 'recordond@gmail.com', 'fullname' => 'David Recordon', 'dob' => '1986-09-04', 'gender' => 'M', 'postcode' => '941458', 'country' => 'US', 'language' => 'en', 'timezone' => 'America/Los_Angeles' );
  • 39. Configure Delegation (source of www.davidrecordon.com) <html xmlns=quot;http://www.w3.org/1999/xhtmlquot;> <head> <title>David Recordon</title> <style> div { text-align: center; color: #C0C0C0; } img { border: 0px; } a { color: #C0C0C0; } </style> <link rel=quot;openid.serverquot; href=quot;http://www.davidrecordon.com/myid.phpquot; /> <link rel=quot;openid.delegatequot; href=quot;http://www.davidrecordon.com/myid.phpquot; /> </head>
  • 40. Done! Time to configure and upload phpMyID: <5 minutes http://siege.org/projects/phpMyID/
  • 41. OpenID Enabling ExpoCal O M E http://cal.web2expo.com/ Existing users: Sign in and click the the quot;add OpenIDquot; D link at the top right New users: Click quot;loginquot; and sign in with your OpenID, skipping the signup process :)
  • 42. Tools Used iCalicio by Kellan Elliot-McCrea and Evan Henshaw-Plath Ruby and Rails gem install ruby-openid
  • 43. ExpoCal User Model Stores login name and hashed password We need to add an optional OpenID column 1 class AddOpenId < ActiveRecord::Migration 2 def self.up 3 add_column :users, :openid, :string 4 add_index :users, [:openid], :name => :users_openid_index 5 end 6 7 def self.down 8 remove_column :users, :openid 9 end 10 end
  • 44. Using the OpenID Library 1 def consumer 2 store_dir = Pathname.new(RAILS_ROOT).join('db').join('openid-store') 3 store = OpenID::FilesystemStore.new(store_dir) 4 return OpenID::Consumer.new(session, store) 5 end FilesystemStore saved OpenID transaction state OpenID::Consumer handles the protocol details
  • 45. Add OpenID UI 1 <h2>Or, login with OpenID</h2> 2 <%= start_form_tag(:controller=>'account', :action => 'openid_start') %> 3 <p><label for=quot;openid_identifierquot;>OpenID</label><br/> 4 <%= text_field_tag 'openid_identifier' %></p> 5 <%= submit_tag 'OpenID Login' %> 6 <%= end_form_tag %> <input name=quot;openid_identiferquot; />
  • 46. Handle Login Form Submit 1 def openid_start 2 openid_request = consumer.begin(params[:openid_identifier]) 3 4 case openid_request.status 5 when OpenID::SUCCESS 6 return_to = url_for(:action => 'openid_finish') 7 trust_root = url_for(:controller => '') 8 server_redirect_url = openid_request.redirect_url(trust_root, return_to) 9 redirect_to(server_redirect_url) 10 11 when OpenID::FAILURE 12 flash[:notice] = quot;Could not find your OpenID server.quot; 13 redirect_back_or_default(:controller => '/account', :action => 'index') 14 15 end 16 end 1. Discover 2.Associate 3. Redirect (we’ll handle the server response at the return_to URL)
  • 48. Handle Server Response 1 def openid_finish 2 openid_response = consumer.complete(params) 3 4 case openid_response.status 5 when OpenID::SUCCESS 6 openid = openid_response.identity_url 7 @user = User.find_by_openid(openid) 8 9 unless @user 10 @user = User.create(:openid => openid, :login => openid) 11 end 12 self.current_user = @user 13 flash[:notice] = quot;Welcome #{@user.openid}quot; 14 15 when OpenID::FAILURE 16 flash[:notice] = 'Verification failed.' 17 end 18 19 redirect_back_or_default(:controller => 'talk', :action => 'list') 20 end
  • 49. Done! Time to implement OpenID in iCalico: 45 minutes http://cal.web2expo.com/
  • 50. quot;So this all looks great, but what are the downsides?quot;
  • 51. Kitten Overload! More kittens! Simon Willison - FOWA 02/07
  • 52. Kitten Overload! FAKE More kittens! Simon Willison - FOWA 02/07
  • 53. Kitten Overload! Identity theft! FAKE :'( Simon Willison - FOWA 02/07
  • 54. You could just remove passwords
  • 56. Microsoft CardSpace (UI for certs)
  • 58. ...but passwords are still widely used
  • 59. VeriSign's OpenID Seatbelt (demoing today)
  • 60.
  • 61.
  • 62.
  • 63.
  • 64. OpenID is great for innovation! (authentication method is up to the provider and user)
  • 65. quot;I don't want just one identity...I mean I don't want my boss to know I'm a furry!quot;
  • 66. Well you don't wear your furry suit to work do you?
  • 67. So use multiple OpenIDs! (you already do this with email addresses today)
  • 68. Go code! (and join the conversation at OpenID.net)
  • 69. Thanks! (and don't forget to grab a CD) David Recordon Brian Ellin drecordon@verisign.com brian@janrain.com