Identity 2.0 - OpenID And User Centric Identity

2,275 views

Published on

Published in: Technology, News & Politics
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,275
On SlideShare
0
From Embeds
0
Number of Embeds
328
Actions
Shares
0
Downloads
64
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide

Identity 2.0 - OpenID And User Centric Identity

  1. 1. Identity 2.0 OpenID & User Centric Identity Martin Strandbygaard Open Source Days, 4th October 2008
  2. 2. ? How Many Have Used OpenID
  3. 3. ? How Many Use It Regularly
  4. 4. Who Am I
  5. 5. “Martin Strandbygaard”
  6. 6. martin@strandbygaard.com martin@strandbygaard.net martin.strandbygaard@safewhere.net
  7. 7. All Part Of My Identity
  8. 8. Something I Say Something I Claim
  9. 9. This Is Also Part Of My Identity
  10. 10. What Others Say About Me
  11. 11. (What Others Say = More Trusted)
  12. 12. Identity = Reputation
  13. 13. How Do I Prove It?
  14. 14. = “Martin Strandbygaard”
  15. 15. I control it. I choose when to use it. Issuer doesn’t know when I do so.
  16. 16. Asymmetric trust = scalability
  17. 17. -
  18. 18. ... Proves Your A Database Entry
  19. 19. Doesn’t Say Anything About You
  20. 20. Identity 1.0 - Dick Hardt, OSCON 2005
  21. 21. OpenID Gives You A Digital Passport
  22. 22. http://martin.strandbygaard.net http://strandbygaard.wordpress.com http://claimid.com/strandbygaard
  23. 23. “Proves You Are You”
  24. 24. “Internet Users Either Distrust Or Snore Over Microsoft Passport Live ID” - Gartner, 2001
  25. 25. OpenID is a simple, open, and decentralized authentication system
  26. 26. Live ID/Google/ OpenID Adobe/.... Open ! ! Decentralized ! ! Simple ! ! Free ! !
  27. 27. What’s It Good For?
  28. 28. ! “Too Many Usernames and Passwords”
  29. 29. We all know this ...
  30. 30. ! “Too Many Usernames and Passwords” ! “Someone else took my username”
  31. 31. “martin” is already taken. What about “martin325”?
  32. 32. ! “Too Many Usernames and Passwords” ! “Someone else took my username” ! “Not another registration form”
  33. 33. Text
  34. 34. ! “Too Many Usernames and Passwords” ! “Someone else took my username” ! “No more registration form” ! “Identity scattered all over the Internet”
  35. 35. !=
  36. 36. Who has one?
  37. 37. > 500 million “... bringing the grand total of OpenID enabled users on the Internet to well over 500 million users.” Bill Washburn, July 2008 CEO, OpenID Foundation
  38. 38. Come again?
  39. 39. That’s 7,5% of everyone!
  40. 40. Probably far fewer in Africa ....
  41. 41. And far more in Europe and the US
  42. 42. Where’d They All Come From? ~250 million ~100 million ~65 million ~10 million
  43. 43. ? What About Google and Microsoft?
  44. 44. ?
  45. 45. ?
  46. 46. How Do I Get One?
  47. 47. Less Than A Minute ! Pick A Provider
  48. 48. OpenID Providers
  49. 49. Less Than A Minute ! Pick A Provider ! Sign Up
  50. 50. Less Than A Minute ! Pick A Provider ! Sign Up ! Use It
  51. 51. How Does It Work?
  52. 52. 1. Go to site 3. Redirect to 5. Redirect back to site 2. Associate OpenID provider 4. Authenticate
  53. 53. ? Can I switch OpenID provider and keep my OpenID.
  54. 54. So what’s not so great?
  55. 55. 1. Go to site 3. Redirect to 5. Redirect back to site 2. Associate OpenID provider 4. Authenticate A Malicious Relying Party
  56. 56. Bad Site Leads To ....
  57. 57. Untrusted site redirects you to the trusted provider.
  58. 58. Who Else Does This?
  59. 59. ........
  60. 60. ! Brittle OpenID is all eggs in one basket.
  61. 61. “I forgot my password”
  62. 62. ! Identity Provider Is Single Point Of Failure
  63. 63. 1. Go to site 3. Redirect to 5. Redirect back to site 2. Associate OpenID provider 4. Authenticate Your Identity Provider Knows Where you take It.
  64. 64. Where Can I Take It?
  65. 65. It’s on the rise
  66. 66. “We expect more than 50.000 OpenID enabled sites by then end of 2008.” Bill Washburn, July 2008 CEO, OpenID Foundation
  67. 67. I Want To Know More Dick Hardt @ OSCON 2005 http://identity20.com/media/OSCON2005/ The implications of Simon Willison @ Google Tech Talk Simon Willison http://www.youtube.com/watch?v=DslTkwON1Bk Google Tech Talk, 25th June 2007
  68. 68. Any Questions?

×