SlideShare a Scribd company logo
OpenID for starters



 Lukas L. Rosenstock
  OpenID Foundation Europe
   BarCamp Berlin II
       03.11.07




                             0700LukasRos.de
                                Lukas Rosenstock Digitale Dienste
Outline
●   About me
●   About this presentation
●   Problem and solution
●   Concept URL-based identity
●   History of OpenID
●   User perspective
●   Technical perspective
●   Business perspective
●   Visions for the future
●   Criticism                          0700LukasRos.de
                                          Lukas Rosenstock Digitale Dienste
About me
●   Lukas Leander Rosenstock (1984)
●   Computer science student at Darmstadt University of
    Technology
●   Involved in smaller web projects
●   Active OpenID-supporter since Sept. 2005
●   OpenID Foundation Europe Member
●   Web Montag Frankfurt & Cologne
●   BarCamp Frankfurt & Cologne



                                               0700LukasRos.de
                                                  Lukas Rosenstock Digitale Dienste
About this presentation
●   Complete overview for starters
●   Introduction into the topic, starts at „0“ (zero)
●   More questions and discussion after the presentation
    or in other sessions at this BarCamp




                                                  0700LukasRos.de
                                                        Lukas Rosenstock Digitale Dienste
Problem and solution (1)
●   Web 2.0 sites allow interaction
●   Web 1.0 sites too (e.g. Boards)
●   Yes, I know, you can't say a site is „1.0“ or „2.0“ ...
●   Register everywhere? Maybe for one post or
    download?
●   Remember passwords?
●   Often the same information has to be entered, no
    connection between profiles
●   Effect: websites are still islands / walled gardens

                                  2.0            0700LukasRos.de
                                                     Lukas Rosenstock Digitale Dienste
Problem and solution (2)
●   Negative side-effect: Centralization encouraged (e.g..
    Gravatar, MySpace, Facebook)
●   “(de)centralisization-paradox”
●   Solution: one „username“ for every site?
●   Single-Sign-On
●   A framework für interoperability, extensible with profile
    exchange, reputation / claims / votings, distributed
    social networks and applications (while privacy
    remains)?
●   Here we go ...
                                                0700LukasRos.de
                                                   Lukas Rosenstock Digitale Dienste
Concept URL-based identity
●   URL, more exact: HTTP-URL, as identifier
●   Well-known and proved concept
●   Namespace is easily accessible
●   Describes a „space“
    ●   (meta-)information can be requested synchronously
●   Examples:
    ●   http://daveman692.livejournal.com/
    ●   http://0700lukasros.de/
    ●   http://openid.aol.com/username

                                                   0700LukasRos.de
                                                       Lukas Rosenstock Digitale Dienste
History of OpenID (1)
●   Originally YADIS = Yet Another Distributed
    Identity System, developed by Brad Fitzpatrick
    (Danga/SixApart/LiveJournal)
●   17th May 2005: Renamed to OpenID and
    published
●   Implementation on LiveJournal
●   September 2005: First public OpenID-Servers
    videntity.org and MyOpenID.com


                                        0700LukasRos.de
                                           Lukas Rosenstock Digitale Dienste
History of OpenID (2)
●   October 2005: „Yadis“ newly announced as
    interoperability platform für OpenID and LID (Light Weight
    Identity, Netmesh)
●   JanRain Inc writes OpenID code librarys for PHP, Perl,
    Ruby and Python
●   21th March 2006: Yadis Spezifikation 1.0 published,
    based upon XRI/XRDS/i-names
●   26th July 2006: announcement of the OpenID code
    bounty program



                                                 0700LukasRos.de
                                                     Lukas Rosenstock Digitale Dienste
History of OpenID (3)
●   Beginning of 2007: RSA Conference; Microsoft
    announces support for OpenID
     ●   interoperability with CardSpace / InfoCard
●   AOL “inofficially” gives their 63 million members an
    OpenID
●   Question: What are Google and Yahoo doing?
     ●   Evaluating internally!
●   During 2007: some websites introduce at least partial
    OpenID support (wordpress.com, Technorati)
●   OpenID Foundation & OpenID Foundation Europe

                                                      0700LukasRos.de
                                                         Lukas Rosenstock Digitale Dienste
OpenID for starters - Barcamp Berlin II
User perspective

●   Use Case: Login/Signup on a website
    –   User already owns his OpenID
●   Example ...




                                          0700LukasRos.de
                                             Lukas Rosenstock Digitale Dienste
OpenID for starters - Barcamp Berlin II
OpenID for starters - Barcamp Berlin II
OpenID for starters - Barcamp Berlin II
OpenID for starters - Barcamp Berlin II
OpenID for starters - Barcamp Berlin II
Technical perspective


                      points to       Identity Provider
 Identity-URL
                                            (IdP)




        owns                           confirms identity




                  wants to identify    Relying Party
End User/Client   himself                  (RP)



                                                  0700LukasRos.de
                                                           Lukas Rosenstock Digitale Dienste
Identity Provider
 Identity-URL
                                                    (IdP)




                  (1) asks             (2) gets a
                  for IdP              handle
                  (discovery)          issued
                                       (association)
                                       [if not yet done]]




                                                 Relying Party
End User/Client
                                                     (RP)
                         (3) sends
                         redirection
                         to IdP


                                                            0700LukasRos.de
                                                                 Lukas Rosenstock Digitale Dienste
Identity Provider
                                                  (IdP)


         (1) session, cookie,
         password, client
         certificate, trust
         setting (either
         automatically of
         interactive)
                    (2) sends
                    redirection
                    to the RP
                    with signature
                    (SHA1-HMAC)

                                            (4) signature validation

                                             Relying Party
End User/Client
                                                 (RP)

                          (3) redirection


                                                        0700LukasRos.de
                                                              Lukas Rosenstock Digitale Dienste
Business perspective
●   What benefits does OpenID offer?
●   As relying party (offer OpenID logins):
    –   lower entry barrier for potential customers
    –   more users, more profit :-)




                                                0700LukasRos.de
                                                      Lukas Rosenstock Digitale Dienste
Business perspective
●   As a provider (offering OpenID URLs):
    –   free bonus feature
    –   more links back to your site
         ●   potentially higher pagerank
●   Dominate the world with a “microsoft strategy”
    (proprietary addons) ...




                                           0700LukasRos.de
                                              Lukas Rosenstock Digitale Dienste
OpenID for starters - Barcamp Berlin II
OpenID for starters - Barcamp Berlin II
Visions for the future
●   URL as platform
    –   RSS, FOAF, Microformats
●   Decentral Social Networking
    –   Good-bye to walled gardens
    –   videntity, claimID
    –   Who's next?
    –   An own dedicated session for this ...



                                                0700LukasRos.de
                                                   Lukas Rosenstock Digitale Dienste
Visions for the future
●   OpenID 2.0 and extensions coming up
    –   added security (& privacy)
    –   profile exchange




                                     0700LukasRos.de
                                          Lukas Rosenstock Digitale Dienste
Criticism
●   openid-neindanke.de
●   IdP as “Big Brother”?
    –   your ISP already is
    –   can be prevented with multiple OpenIDs
●   IdP as SPoF
    –   can be prevented with multiple OpenIDs*
●   Not secure?
    –   comparable to „password by email reset“
                               * this does not break the concept of OpenID


                                                        0700LukasRos.de
                                                             Lukas Rosenstock Digitale Dienste
That's all, folks ...
●   Thanks for your attention!
●   Questions now or in discussion session
●   A link to slides will be on the BarCamp wiki




                                         0700LukasRos.de
                                             Lukas Rosenstock Digitale Dienste

More Related Content

Similar to OpenID for starters - Barcamp Berlin II

OpenID Introduction - IIW2008b
OpenID Introduction - IIW2008bOpenID Introduction - IIW2008b
OpenID Introduction - IIW2008b
David Recordon
 
Decentralized Social Networks - WebVisions 2009
Decentralized Social Networks - WebVisions 2009Decentralized Social Networks - WebVisions 2009
Decentralized Social Networks - WebVisions 2009
David Recordon
 
Rethink Your Data Governance - POPI Act Compliance Made Easy with Data Virtua...
Rethink Your Data Governance - POPI Act Compliance Made Easy with Data Virtua...Rethink Your Data Governance - POPI Act Compliance Made Easy with Data Virtua...
Rethink Your Data Governance - POPI Act Compliance Made Easy with Data Virtua...
Denodo
 
Evolving legacy to microservices and ddd
Evolving legacy to microservices and dddEvolving legacy to microservices and ddd
Evolving legacy to microservices and ddd
Marcos Vinícius
 
Cloud Modernization and Data as a Service Option
Cloud Modernization and Data as a Service OptionCloud Modernization and Data as a Service Option
Cloud Modernization and Data as a Service Option
Denodo
 
Open Source Software, Distributed Systems, Database as a Cloud Service
Open Source Software, Distributed Systems, Database as a Cloud ServiceOpen Source Software, Distributed Systems, Database as a Cloud Service
Open Source Software, Distributed Systems, Database as a Cloud Service
SATOSHI TAGOMORI
 
Using Node-RED for building IoT workflows
Using Node-RED for building IoT workflowsUsing Node-RED for building IoT workflows
Using Node-RED for building IoT workflows
Aniruddha Chakrabarti
 
Internet of Things and Big Data
Internet of Things and Big DataInternet of Things and Big Data
Internet of Things and Big Data
Swiss Data Forum Swiss Data Forum
 
LOD2 Webinar Series: Virtuoso 7
LOD2 Webinar Series: Virtuoso 7LOD2 Webinar Series: Virtuoso 7
LOD2 Webinar Series: Virtuoso 7
LOD2 Creating Knowledge out of Interlinked Data
 
I Know What Youll Do Next Summer - The Skills You Will Be Learning 
as a Domi...
I Know What Youll Do Next Summer - The Skills You Will Be Learning 
as a Domi...I Know What Youll Do Next Summer - The Skills You Will Be Learning 
as a Domi...
I Know What Youll Do Next Summer - The Skills You Will Be Learning 
as a Domi...
Grégory Engels
 
Becoming an IBM Connections Developer
Becoming an IBM Connections DeveloperBecoming an IBM Connections Developer
Becoming an IBM Connections Developer
Rob Novak
 
N2N - ERP Integration Services Showcase
N2N - ERP Integration Services ShowcaseN2N - ERP Integration Services Showcase
N2N - ERP Integration Services Showcase
n2nservices
 
Internet of Stranger Things
Internet of Stranger ThingsInternet of Stranger Things
Internet of Stranger Things
Todd Whitehead
 
Cloud Modernization and Data as a Service Option
Cloud Modernization and Data as a Service OptionCloud Modernization and Data as a Service Option
Cloud Modernization and Data as a Service Option
Denodo
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
Torsten Lodderstedt
 
Future of IT
Future of ITFuture of IT
Future of IT
Matt Deacon
 
Web20 An Introduction
Web20 An IntroductionWeb20 An Introduction
Web20 An Introduction
Wojciech Wiza
 
Myth Busters IV: I Access My Data Through APIs–Data Virtualization Can't Do This
Myth Busters IV: I Access My Data Through APIs–Data Virtualization Can't Do ThisMyth Busters IV: I Access My Data Through APIs–Data Virtualization Can't Do This
Myth Busters IV: I Access My Data Through APIs–Data Virtualization Can't Do This
Denodo
 
WebRTC - On Standards, Identity and Telco Strategy
WebRTC - On Standards, Identity and Telco StrategyWebRTC - On Standards, Identity and Telco Strategy
WebRTC - On Standards, Identity and Telco Strategy
Jose de Castro
 
Data Virtualization: From Zero to Hero
Data Virtualization: From Zero to HeroData Virtualization: From Zero to Hero
Data Virtualization: From Zero to Hero
Denodo
 

Similar to OpenID for starters - Barcamp Berlin II (20)

OpenID Introduction - IIW2008b
OpenID Introduction - IIW2008bOpenID Introduction - IIW2008b
OpenID Introduction - IIW2008b
 
Decentralized Social Networks - WebVisions 2009
Decentralized Social Networks - WebVisions 2009Decentralized Social Networks - WebVisions 2009
Decentralized Social Networks - WebVisions 2009
 
Rethink Your Data Governance - POPI Act Compliance Made Easy with Data Virtua...
Rethink Your Data Governance - POPI Act Compliance Made Easy with Data Virtua...Rethink Your Data Governance - POPI Act Compliance Made Easy with Data Virtua...
Rethink Your Data Governance - POPI Act Compliance Made Easy with Data Virtua...
 
Evolving legacy to microservices and ddd
Evolving legacy to microservices and dddEvolving legacy to microservices and ddd
Evolving legacy to microservices and ddd
 
Cloud Modernization and Data as a Service Option
Cloud Modernization and Data as a Service OptionCloud Modernization and Data as a Service Option
Cloud Modernization and Data as a Service Option
 
Open Source Software, Distributed Systems, Database as a Cloud Service
Open Source Software, Distributed Systems, Database as a Cloud ServiceOpen Source Software, Distributed Systems, Database as a Cloud Service
Open Source Software, Distributed Systems, Database as a Cloud Service
 
Using Node-RED for building IoT workflows
Using Node-RED for building IoT workflowsUsing Node-RED for building IoT workflows
Using Node-RED for building IoT workflows
 
Internet of Things and Big Data
Internet of Things and Big DataInternet of Things and Big Data
Internet of Things and Big Data
 
LOD2 Webinar Series: Virtuoso 7
LOD2 Webinar Series: Virtuoso 7LOD2 Webinar Series: Virtuoso 7
LOD2 Webinar Series: Virtuoso 7
 
I Know What Youll Do Next Summer - The Skills You Will Be Learning 
as a Domi...
I Know What Youll Do Next Summer - The Skills You Will Be Learning 
as a Domi...I Know What Youll Do Next Summer - The Skills You Will Be Learning 
as a Domi...
I Know What Youll Do Next Summer - The Skills You Will Be Learning 
as a Domi...
 
Becoming an IBM Connections Developer
Becoming an IBM Connections DeveloperBecoming an IBM Connections Developer
Becoming an IBM Connections Developer
 
N2N - ERP Integration Services Showcase
N2N - ERP Integration Services ShowcaseN2N - ERP Integration Services Showcase
N2N - ERP Integration Services Showcase
 
Internet of Stranger Things
Internet of Stranger ThingsInternet of Stranger Things
Internet of Stranger Things
 
Cloud Modernization and Data as a Service Option
Cloud Modernization and Data as a Service OptionCloud Modernization and Data as a Service Option
Cloud Modernization and Data as a Service Option
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
 
Future of IT
Future of ITFuture of IT
Future of IT
 
Web20 An Introduction
Web20 An IntroductionWeb20 An Introduction
Web20 An Introduction
 
Myth Busters IV: I Access My Data Through APIs–Data Virtualization Can't Do This
Myth Busters IV: I Access My Data Through APIs–Data Virtualization Can't Do ThisMyth Busters IV: I Access My Data Through APIs–Data Virtualization Can't Do This
Myth Busters IV: I Access My Data Through APIs–Data Virtualization Can't Do This
 
WebRTC - On Standards, Identity and Telco Strategy
WebRTC - On Standards, Identity and Telco StrategyWebRTC - On Standards, Identity and Telco Strategy
WebRTC - On Standards, Identity and Telco Strategy
 
Data Virtualization: From Zero to Hero
Data Virtualization: From Zero to HeroData Virtualization: From Zero to Hero
Data Virtualization: From Zero to Hero
 

Recently uploaded

EuroPython 2024 - Streamlining Testing in a Large Python Codebase
EuroPython 2024 - Streamlining Testing in a Large Python CodebaseEuroPython 2024 - Streamlining Testing in a Large Python Codebase
EuroPython 2024 - Streamlining Testing in a Large Python Codebase
Jimmy Lai
 
Sonkoloniya documentation - ONEprojukti.pdf
Sonkoloniya documentation - ONEprojukti.pdfSonkoloniya documentation - ONEprojukti.pdf
Sonkoloniya documentation - ONEprojukti.pdf
SubhamMandal40
 
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
bhumivarma35300
 
Three New Criminal Laws in India 1 July 2024
Three New Criminal Laws in India 1 July 2024Three New Criminal Laws in India 1 July 2024
Three New Criminal Laws in India 1 July 2024
aakash malhotra
 
Uncharted Together- Navigating AI's New Frontiers in Libraries
Uncharted Together- Navigating AI's New Frontiers in LibrariesUncharted Together- Navigating AI's New Frontiers in Libraries
Uncharted Together- Navigating AI's New Frontiers in Libraries
Brian Pichman
 
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
Priyanka Aash
 
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptxDublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Kunal Gupta
 
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdfAcumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
BrainSell Technologies
 
What's new in android: jetpack compose 2024
What's new in android: jetpack compose 2024What's new in android: jetpack compose 2024
What's new in android: jetpack compose 2024
Toru Wonyoung Choi
 
Integrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecaseIntegrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecase
shyamraj55
 
Introduction-to-the-IAM-Platform-Implementation-Plan.pptx
Introduction-to-the-IAM-Platform-Implementation-Plan.pptxIntroduction-to-the-IAM-Platform-Implementation-Plan.pptx
Introduction-to-the-IAM-Platform-Implementation-Plan.pptx
313mohammedarshad
 
Vulnerability Management: A Comprehensive Overview
Vulnerability Management: A Comprehensive OverviewVulnerability Management: A Comprehensive Overview
Vulnerability Management: A Comprehensive Overview
Steven Carlson
 
Acumatica vs. Sage Intacct _Construction_July (1).pptx
Acumatica vs. Sage Intacct _Construction_July (1).pptxAcumatica vs. Sage Intacct _Construction_July (1).pptx
Acumatica vs. Sage Intacct _Construction_July (1).pptx
BrainSell Technologies
 
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
Priyanka Aash
 
Feature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptxFeature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptx
ssuser1915fe1
 
Google I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged SlidesGoogle I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged Slides
Google Developer Group - Harare
 
IPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite SolutionIPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite Solution
IPLOOK Networks
 
(CISOPlatform Summit & SACON 2024) Gen AI & Deepfake In Overall Security.pdf
(CISOPlatform Summit & SACON 2024) Gen AI & Deepfake In Overall Security.pdf(CISOPlatform Summit & SACON 2024) Gen AI & Deepfake In Overall Security.pdf
(CISOPlatform Summit & SACON 2024) Gen AI & Deepfake In Overall Security.pdf
Priyanka Aash
 
The importance of Quality Assurance for ICT Standardization
The importance of Quality Assurance for ICT StandardizationThe importance of Quality Assurance for ICT Standardization
The importance of Quality Assurance for ICT Standardization
Axel Rennoch
 
Best Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdfBest Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdf
Tatiana Al-Chueyr
 

Recently uploaded (20)

EuroPython 2024 - Streamlining Testing in a Large Python Codebase
EuroPython 2024 - Streamlining Testing in a Large Python CodebaseEuroPython 2024 - Streamlining Testing in a Large Python Codebase
EuroPython 2024 - Streamlining Testing in a Large Python Codebase
 
Sonkoloniya documentation - ONEprojukti.pdf
Sonkoloniya documentation - ONEprojukti.pdfSonkoloniya documentation - ONEprojukti.pdf
Sonkoloniya documentation - ONEprojukti.pdf
 
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
 
Three New Criminal Laws in India 1 July 2024
Three New Criminal Laws in India 1 July 2024Three New Criminal Laws in India 1 July 2024
Three New Criminal Laws in India 1 July 2024
 
Uncharted Together- Navigating AI's New Frontiers in Libraries
Uncharted Together- Navigating AI's New Frontiers in LibrariesUncharted Together- Navigating AI's New Frontiers in Libraries
Uncharted Together- Navigating AI's New Frontiers in Libraries
 
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
 
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptxDublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
 
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdfAcumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
 
What's new in android: jetpack compose 2024
What's new in android: jetpack compose 2024What's new in android: jetpack compose 2024
What's new in android: jetpack compose 2024
 
Integrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecaseIntegrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecase
 
Introduction-to-the-IAM-Platform-Implementation-Plan.pptx
Introduction-to-the-IAM-Platform-Implementation-Plan.pptxIntroduction-to-the-IAM-Platform-Implementation-Plan.pptx
Introduction-to-the-IAM-Platform-Implementation-Plan.pptx
 
Vulnerability Management: A Comprehensive Overview
Vulnerability Management: A Comprehensive OverviewVulnerability Management: A Comprehensive Overview
Vulnerability Management: A Comprehensive Overview
 
Acumatica vs. Sage Intacct _Construction_July (1).pptx
Acumatica vs. Sage Intacct _Construction_July (1).pptxAcumatica vs. Sage Intacct _Construction_July (1).pptx
Acumatica vs. Sage Intacct _Construction_July (1).pptx
 
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
 
Feature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptxFeature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptx
 
Google I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged SlidesGoogle I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged Slides
 
IPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite SolutionIPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite Solution
 
(CISOPlatform Summit & SACON 2024) Gen AI & Deepfake In Overall Security.pdf
(CISOPlatform Summit & SACON 2024) Gen AI & Deepfake In Overall Security.pdf(CISOPlatform Summit & SACON 2024) Gen AI & Deepfake In Overall Security.pdf
(CISOPlatform Summit & SACON 2024) Gen AI & Deepfake In Overall Security.pdf
 
The importance of Quality Assurance for ICT Standardization
The importance of Quality Assurance for ICT StandardizationThe importance of Quality Assurance for ICT Standardization
The importance of Quality Assurance for ICT Standardization
 
Best Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdfBest Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdf
 

OpenID for starters - Barcamp Berlin II

  • 1. OpenID for starters Lukas L. Rosenstock OpenID Foundation Europe BarCamp Berlin II 03.11.07 0700LukasRos.de Lukas Rosenstock Digitale Dienste
  • 2. Outline ● About me ● About this presentation ● Problem and solution ● Concept URL-based identity ● History of OpenID ● User perspective ● Technical perspective ● Business perspective ● Visions for the future ● Criticism 0700LukasRos.de Lukas Rosenstock Digitale Dienste
  • 3. About me ● Lukas Leander Rosenstock (1984) ● Computer science student at Darmstadt University of Technology ● Involved in smaller web projects ● Active OpenID-supporter since Sept. 2005 ● OpenID Foundation Europe Member ● Web Montag Frankfurt & Cologne ● BarCamp Frankfurt & Cologne 0700LukasRos.de Lukas Rosenstock Digitale Dienste
  • 4. About this presentation ● Complete overview for starters ● Introduction into the topic, starts at „0“ (zero) ● More questions and discussion after the presentation or in other sessions at this BarCamp 0700LukasRos.de Lukas Rosenstock Digitale Dienste
  • 5. Problem and solution (1) ● Web 2.0 sites allow interaction ● Web 1.0 sites too (e.g. Boards) ● Yes, I know, you can't say a site is „1.0“ or „2.0“ ... ● Register everywhere? Maybe for one post or download? ● Remember passwords? ● Often the same information has to be entered, no connection between profiles ● Effect: websites are still islands / walled gardens 2.0 0700LukasRos.de Lukas Rosenstock Digitale Dienste
  • 6. Problem and solution (2) ● Negative side-effect: Centralization encouraged (e.g.. Gravatar, MySpace, Facebook) ● “(de)centralisization-paradox” ● Solution: one „username“ for every site? ● Single-Sign-On ● A framework für interoperability, extensible with profile exchange, reputation / claims / votings, distributed social networks and applications (while privacy remains)? ● Here we go ... 0700LukasRos.de Lukas Rosenstock Digitale Dienste
  • 7. Concept URL-based identity ● URL, more exact: HTTP-URL, as identifier ● Well-known and proved concept ● Namespace is easily accessible ● Describes a „space“ ● (meta-)information can be requested synchronously ● Examples: ● http://daveman692.livejournal.com/ ● http://0700lukasros.de/ ● http://openid.aol.com/username 0700LukasRos.de Lukas Rosenstock Digitale Dienste
  • 8. History of OpenID (1) ● Originally YADIS = Yet Another Distributed Identity System, developed by Brad Fitzpatrick (Danga/SixApart/LiveJournal) ● 17th May 2005: Renamed to OpenID and published ● Implementation on LiveJournal ● September 2005: First public OpenID-Servers videntity.org and MyOpenID.com 0700LukasRos.de Lukas Rosenstock Digitale Dienste
  • 9. History of OpenID (2) ● October 2005: „Yadis“ newly announced as interoperability platform für OpenID and LID (Light Weight Identity, Netmesh) ● JanRain Inc writes OpenID code librarys for PHP, Perl, Ruby and Python ● 21th March 2006: Yadis Spezifikation 1.0 published, based upon XRI/XRDS/i-names ● 26th July 2006: announcement of the OpenID code bounty program 0700LukasRos.de Lukas Rosenstock Digitale Dienste
  • 10. History of OpenID (3) ● Beginning of 2007: RSA Conference; Microsoft announces support for OpenID ● interoperability with CardSpace / InfoCard ● AOL “inofficially” gives their 63 million members an OpenID ● Question: What are Google and Yahoo doing? ● Evaluating internally! ● During 2007: some websites introduce at least partial OpenID support (wordpress.com, Technorati) ● OpenID Foundation & OpenID Foundation Europe 0700LukasRos.de Lukas Rosenstock Digitale Dienste
  • 12. User perspective ● Use Case: Login/Signup on a website – User already owns his OpenID ● Example ... 0700LukasRos.de Lukas Rosenstock Digitale Dienste
  • 18. Technical perspective points to Identity Provider Identity-URL (IdP) owns confirms identity wants to identify Relying Party End User/Client himself (RP) 0700LukasRos.de Lukas Rosenstock Digitale Dienste
  • 19. Identity Provider Identity-URL (IdP) (1) asks (2) gets a for IdP handle (discovery) issued (association) [if not yet done]] Relying Party End User/Client (RP) (3) sends redirection to IdP 0700LukasRos.de Lukas Rosenstock Digitale Dienste
  • 20. Identity Provider (IdP) (1) session, cookie, password, client certificate, trust setting (either automatically of interactive) (2) sends redirection to the RP with signature (SHA1-HMAC) (4) signature validation Relying Party End User/Client (RP) (3) redirection 0700LukasRos.de Lukas Rosenstock Digitale Dienste
  • 21. Business perspective ● What benefits does OpenID offer? ● As relying party (offer OpenID logins): – lower entry barrier for potential customers – more users, more profit :-) 0700LukasRos.de Lukas Rosenstock Digitale Dienste
  • 22. Business perspective ● As a provider (offering OpenID URLs): – free bonus feature – more links back to your site ● potentially higher pagerank ● Dominate the world with a “microsoft strategy” (proprietary addons) ... 0700LukasRos.de Lukas Rosenstock Digitale Dienste
  • 25. Visions for the future ● URL as platform – RSS, FOAF, Microformats ● Decentral Social Networking – Good-bye to walled gardens – videntity, claimID – Who's next? – An own dedicated session for this ... 0700LukasRos.de Lukas Rosenstock Digitale Dienste
  • 26. Visions for the future ● OpenID 2.0 and extensions coming up – added security (& privacy) – profile exchange 0700LukasRos.de Lukas Rosenstock Digitale Dienste
  • 27. Criticism ● openid-neindanke.de ● IdP as “Big Brother”? – your ISP already is – can be prevented with multiple OpenIDs ● IdP as SPoF – can be prevented with multiple OpenIDs* ● Not secure? – comparable to „password by email reset“ * this does not break the concept of OpenID 0700LukasRos.de Lukas Rosenstock Digitale Dienste
  • 28. That's all, folks ... ● Thanks for your attention! ● Questions now or in discussion session ● A link to slides will be on the BarCamp wiki 0700LukasRos.de Lukas Rosenstock Digitale Dienste