Upload
lukas-rosenstock
View
1.208
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Slides for my "OpenID for starters" session held at Barcamp Berlin in November 2007.
Citation preview
0700LukasRos.deLukas Rosenstock Digitale Dienste
OpenID for starters
Lukas L. RosenstockOpenID Foundation Europe
BarCamp Berlin II03.11.07
Outline● About me● About this presentation● Problem and solution● Concept URL-based identity● History of OpenID● User perspective● Technical perspective● Business perspective● Visions for the future● Criticism 0700LukasRos.de
Lukas Rosenstock Digitale Dienste
About me● Lukas Leander Rosenstock (1984)● Computer science student at Darmstadt University of
Technology● Involved in smaller web projects● Active OpenID-supporter since Sept. 2005● OpenID Foundation Europe Member● Web Montag Frankfurt & Cologne● BarCamp Frankfurt & Cologne
0700LukasRos.deLukas Rosenstock Digitale Dienste
About this presentation● Complete overview for starters● Introduction into the topic, starts at „0“ (zero)● More questions and discussion after the presentation
or in other sessions at this BarCamp
0700LukasRos.deLukas Rosenstock Digitale Dienste
Problem and solution (1)● Web 2.0 sites allow interaction● Web 1.0 sites too (e.g. Boards)● Yes, I know, you can't say a site is „1.0“ or „2.0“ ...● Register everywhere? Maybe for one post or
download?● Remember passwords?● Often the same information has to be entered, no
connection between profiles● Effect: websites are still islands / walled gardens
2.0 0700LukasRos.deLukas Rosenstock Digitale Dienste
Problem and solution (2)● Negative side-effect: Centralization encouraged (e.g..
Gravatar, MySpace, Facebook)● “(de)centralisization-paradox”● Solution: one „username“ for every site?● Single-Sign-On● A framework für interoperability, extensible with profile
exchange, reputation / claims / votings, distributed social networks and applications (while privacy remains)?
● Here we go ...0700LukasRos.de
Lukas Rosenstock Digitale Dienste
Concept URL-based identity● URL, more exact: HTTP-URL, as identifier● Well-known and proved concept● Namespace is easily accessible● Describes a „space“
● (meta-)information can be requested synchronously ● Examples:
● http://daveman692.livejournal.com/● http://0700lukasros.de/● http://openid.aol.com/username
0700LukasRos.deLukas Rosenstock Digitale Dienste
History of OpenID (1)● Originally YADIS = Yet Another Distributed
Identity System, developed by Brad Fitzpatrick (Danga/SixApart/LiveJournal)
● 17th May 2005: Renamed to OpenID and published
● Implementation on LiveJournal● September 2005: First public OpenID-Servers
videntity.org and MyOpenID.com
0700LukasRos.deLukas Rosenstock Digitale Dienste
History of OpenID (2)● October 2005: „Yadis“ newly announced as
interoperability platform für OpenID and LID (Light Weight Identity, Netmesh)
● JanRain Inc writes OpenID code librarys for PHP, Perl, Ruby and Python
● 21th March 2006: Yadis Spezifikation 1.0 published, based upon XRI/XRDS/i-names
● 26th July 2006: announcement of the OpenID code bounty program
0700LukasRos.deLukas Rosenstock Digitale Dienste
History of OpenID (3)● Beginning of 2007: RSA Conference; Microsoft
announces support for OpenID● interoperability with CardSpace / InfoCard
● AOL “inofficially” gives their 63 million members an OpenID
● Question: What are Google and Yahoo doing?● Evaluating internally!
● During 2007: some websites introduce at least partial OpenID support (wordpress.com, Technorati)
● OpenID Foundation & OpenID Foundation Europe
0700LukasRos.deLukas Rosenstock Digitale Dienste
User perspective
● Use Case: Login/Signup on a website– User already owns his OpenID
● Example ...
0700LukasRos.deLukas Rosenstock Digitale Dienste
Technical perspective
End User/Client
Identity-URL Identity Provider(IdP)
Relying Party(RP)
wants to identifyhimself
owns
points to
confirms identity
0700LukasRos.deLukas Rosenstock Digitale Dienste
End User/Client
Identity-URL Identity Provider(IdP)
Relying Party(RP)
(1) asks for IdP(discovery)
(3) sendsredirectionto IdP
(2) gets ahandleissued(association)[if not yet done]]
0700LukasRos.deLukas Rosenstock Digitale Dienste
0700LukasRos.deLukas Rosenstock Digitale Dienste
End User/Client
Identity Provider(IdP)
Relying Party(RP)
(1) session, cookie, password, clientcertificate, trustsetting (eitherautomatically ofinteractive)
(3) redirection
(2) sendsredirectionto the RPwith signature(SHA1-HMAC)
(4) signature validation
Business perspective● What benefits does OpenID offer?● As relying party (offer OpenID logins):– lower entry barrier for potential customers– more users, more profit :-)
0700LukasRos.deLukas Rosenstock Digitale Dienste
Business perspective● As a provider (offering OpenID URLs):– free bonus feature– more links back to your site
● potentially higher pagerank● Dominate the world with a “microsoft strategy”
(proprietary addons) ...
0700LukasRos.deLukas Rosenstock Digitale Dienste
Visions for the future● URL as platform– RSS, FOAF, Microformats
● Decentral Social Networking– Good-bye to walled gardens– videntity, claimID– Who's next?– An own dedicated session for this ...
0700LukasRos.deLukas Rosenstock Digitale Dienste
Visions for the future● OpenID 2.0 and extensions coming up– added security (& privacy)– profile exchange
0700LukasRos.deLukas Rosenstock Digitale Dienste
Criticism● openid-neindanke.de● IdP as “Big Brother”?– your ISP already is– can be prevented with multiple OpenIDs
● IdP as SPoF– can be prevented with multiple OpenIDs*
● Not secure?– comparable to „password by email reset“
* this does not break the concept of OpenID
0700LukasRos.deLukas Rosenstock Digitale Dienste
That's all, folks ...● Thanks for your attention!● Questions now or in discussion session● A link to slides will be on the BarCamp wiki
0700LukasRos.deLukas Rosenstock Digitale Dienste