openid for starters - barcamp berlin ii
DESCRIPTION
Slides for my "OpenID for starters" session held at Barcamp Berlin in November 2007.TRANSCRIPT
![Page 1: OpenID for starters - Barcamp Berlin II](https://reader033.vdocuments.net/reader033/viewer/2022052823/555143b3b4c905c6268b4ba6/html5/thumbnails/1.jpg)
0700LukasRos.deLukas Rosenstock Digitale Dienste
OpenID for starters
Lukas L. RosenstockOpenID Foundation Europe
BarCamp Berlin II03.11.07
![Page 2: OpenID for starters - Barcamp Berlin II](https://reader033.vdocuments.net/reader033/viewer/2022052823/555143b3b4c905c6268b4ba6/html5/thumbnails/2.jpg)
Outline● About me● About this presentation● Problem and solution● Concept URL-based identity● History of OpenID● User perspective● Technical perspective● Business perspective● Visions for the future● Criticism 0700LukasRos.de
Lukas Rosenstock Digitale Dienste
![Page 3: OpenID for starters - Barcamp Berlin II](https://reader033.vdocuments.net/reader033/viewer/2022052823/555143b3b4c905c6268b4ba6/html5/thumbnails/3.jpg)
About me● Lukas Leander Rosenstock (1984)● Computer science student at Darmstadt University of
Technology● Involved in smaller web projects● Active OpenID-supporter since Sept. 2005● OpenID Foundation Europe Member● Web Montag Frankfurt & Cologne● BarCamp Frankfurt & Cologne
0700LukasRos.deLukas Rosenstock Digitale Dienste
![Page 4: OpenID for starters - Barcamp Berlin II](https://reader033.vdocuments.net/reader033/viewer/2022052823/555143b3b4c905c6268b4ba6/html5/thumbnails/4.jpg)
About this presentation● Complete overview for starters● Introduction into the topic, starts at „0“ (zero)● More questions and discussion after the presentation
or in other sessions at this BarCamp
0700LukasRos.deLukas Rosenstock Digitale Dienste
![Page 5: OpenID for starters - Barcamp Berlin II](https://reader033.vdocuments.net/reader033/viewer/2022052823/555143b3b4c905c6268b4ba6/html5/thumbnails/5.jpg)
Problem and solution (1)● Web 2.0 sites allow interaction● Web 1.0 sites too (e.g. Boards)● Yes, I know, you can't say a site is „1.0“ or „2.0“ ...● Register everywhere? Maybe for one post or
download?● Remember passwords?● Often the same information has to be entered, no
connection between profiles● Effect: websites are still islands / walled gardens
2.0 0700LukasRos.deLukas Rosenstock Digitale Dienste
![Page 6: OpenID for starters - Barcamp Berlin II](https://reader033.vdocuments.net/reader033/viewer/2022052823/555143b3b4c905c6268b4ba6/html5/thumbnails/6.jpg)
Problem and solution (2)● Negative side-effect: Centralization encouraged (e.g..
Gravatar, MySpace, Facebook)● “(de)centralisization-paradox”● Solution: one „username“ for every site?● Single-Sign-On● A framework für interoperability, extensible with profile
exchange, reputation / claims / votings, distributed social networks and applications (while privacy remains)?
● Here we go ...0700LukasRos.de
Lukas Rosenstock Digitale Dienste
![Page 7: OpenID for starters - Barcamp Berlin II](https://reader033.vdocuments.net/reader033/viewer/2022052823/555143b3b4c905c6268b4ba6/html5/thumbnails/7.jpg)
Concept URL-based identity● URL, more exact: HTTP-URL, as identifier● Well-known and proved concept● Namespace is easily accessible● Describes a „space“
● (meta-)information can be requested synchronously ● Examples:
● http://daveman692.livejournal.com/● http://0700lukasros.de/● http://openid.aol.com/username
0700LukasRos.deLukas Rosenstock Digitale Dienste
![Page 8: OpenID for starters - Barcamp Berlin II](https://reader033.vdocuments.net/reader033/viewer/2022052823/555143b3b4c905c6268b4ba6/html5/thumbnails/8.jpg)
History of OpenID (1)● Originally YADIS = Yet Another Distributed
Identity System, developed by Brad Fitzpatrick (Danga/SixApart/LiveJournal)
● 17th May 2005: Renamed to OpenID and published
● Implementation on LiveJournal● September 2005: First public OpenID-Servers
videntity.org and MyOpenID.com
0700LukasRos.deLukas Rosenstock Digitale Dienste
![Page 9: OpenID for starters - Barcamp Berlin II](https://reader033.vdocuments.net/reader033/viewer/2022052823/555143b3b4c905c6268b4ba6/html5/thumbnails/9.jpg)
History of OpenID (2)● October 2005: „Yadis“ newly announced as
interoperability platform für OpenID and LID (Light Weight Identity, Netmesh)
● JanRain Inc writes OpenID code librarys for PHP, Perl, Ruby and Python
● 21th March 2006: Yadis Spezifikation 1.0 published, based upon XRI/XRDS/i-names
● 26th July 2006: announcement of the OpenID code bounty program
0700LukasRos.deLukas Rosenstock Digitale Dienste
![Page 10: OpenID for starters - Barcamp Berlin II](https://reader033.vdocuments.net/reader033/viewer/2022052823/555143b3b4c905c6268b4ba6/html5/thumbnails/10.jpg)
History of OpenID (3)● Beginning of 2007: RSA Conference; Microsoft
announces support for OpenID● interoperability with CardSpace / InfoCard
● AOL “inofficially” gives their 63 million members an OpenID
● Question: What are Google and Yahoo doing?● Evaluating internally!
● During 2007: some websites introduce at least partial OpenID support (wordpress.com, Technorati)
● OpenID Foundation & OpenID Foundation Europe
0700LukasRos.deLukas Rosenstock Digitale Dienste
![Page 11: OpenID for starters - Barcamp Berlin II](https://reader033.vdocuments.net/reader033/viewer/2022052823/555143b3b4c905c6268b4ba6/html5/thumbnails/11.jpg)
![Page 12: OpenID for starters - Barcamp Berlin II](https://reader033.vdocuments.net/reader033/viewer/2022052823/555143b3b4c905c6268b4ba6/html5/thumbnails/12.jpg)
User perspective
● Use Case: Login/Signup on a website– User already owns his OpenID
● Example ...
0700LukasRos.deLukas Rosenstock Digitale Dienste
![Page 13: OpenID for starters - Barcamp Berlin II](https://reader033.vdocuments.net/reader033/viewer/2022052823/555143b3b4c905c6268b4ba6/html5/thumbnails/13.jpg)
![Page 14: OpenID for starters - Barcamp Berlin II](https://reader033.vdocuments.net/reader033/viewer/2022052823/555143b3b4c905c6268b4ba6/html5/thumbnails/14.jpg)
![Page 15: OpenID for starters - Barcamp Berlin II](https://reader033.vdocuments.net/reader033/viewer/2022052823/555143b3b4c905c6268b4ba6/html5/thumbnails/15.jpg)
![Page 16: OpenID for starters - Barcamp Berlin II](https://reader033.vdocuments.net/reader033/viewer/2022052823/555143b3b4c905c6268b4ba6/html5/thumbnails/16.jpg)
![Page 17: OpenID for starters - Barcamp Berlin II](https://reader033.vdocuments.net/reader033/viewer/2022052823/555143b3b4c905c6268b4ba6/html5/thumbnails/17.jpg)
![Page 18: OpenID for starters - Barcamp Berlin II](https://reader033.vdocuments.net/reader033/viewer/2022052823/555143b3b4c905c6268b4ba6/html5/thumbnails/18.jpg)
Technical perspective
End User/Client
Identity-URL Identity Provider(IdP)
Relying Party(RP)
wants to identifyhimself
owns
points to
confirms identity
0700LukasRos.deLukas Rosenstock Digitale Dienste
![Page 19: OpenID for starters - Barcamp Berlin II](https://reader033.vdocuments.net/reader033/viewer/2022052823/555143b3b4c905c6268b4ba6/html5/thumbnails/19.jpg)
End User/Client
Identity-URL Identity Provider(IdP)
Relying Party(RP)
(1) asks for IdP(discovery)
(3) sendsredirectionto IdP
(2) gets ahandleissued(association)[if not yet done]]
0700LukasRos.deLukas Rosenstock Digitale Dienste
![Page 20: OpenID for starters - Barcamp Berlin II](https://reader033.vdocuments.net/reader033/viewer/2022052823/555143b3b4c905c6268b4ba6/html5/thumbnails/20.jpg)
0700LukasRos.deLukas Rosenstock Digitale Dienste
End User/Client
Identity Provider(IdP)
Relying Party(RP)
(1) session, cookie, password, clientcertificate, trustsetting (eitherautomatically ofinteractive)
(3) redirection
(2) sendsredirectionto the RPwith signature(SHA1-HMAC)
(4) signature validation
![Page 21: OpenID for starters - Barcamp Berlin II](https://reader033.vdocuments.net/reader033/viewer/2022052823/555143b3b4c905c6268b4ba6/html5/thumbnails/21.jpg)
Business perspective● What benefits does OpenID offer?● As relying party (offer OpenID logins):– lower entry barrier for potential customers– more users, more profit :-)
0700LukasRos.deLukas Rosenstock Digitale Dienste
![Page 22: OpenID for starters - Barcamp Berlin II](https://reader033.vdocuments.net/reader033/viewer/2022052823/555143b3b4c905c6268b4ba6/html5/thumbnails/22.jpg)
Business perspective● As a provider (offering OpenID URLs):– free bonus feature– more links back to your site
● potentially higher pagerank● Dominate the world with a “microsoft strategy”
(proprietary addons) ...
0700LukasRos.deLukas Rosenstock Digitale Dienste
![Page 23: OpenID for starters - Barcamp Berlin II](https://reader033.vdocuments.net/reader033/viewer/2022052823/555143b3b4c905c6268b4ba6/html5/thumbnails/23.jpg)
![Page 24: OpenID for starters - Barcamp Berlin II](https://reader033.vdocuments.net/reader033/viewer/2022052823/555143b3b4c905c6268b4ba6/html5/thumbnails/24.jpg)
![Page 25: OpenID for starters - Barcamp Berlin II](https://reader033.vdocuments.net/reader033/viewer/2022052823/555143b3b4c905c6268b4ba6/html5/thumbnails/25.jpg)
Visions for the future● URL as platform– RSS, FOAF, Microformats
● Decentral Social Networking– Good-bye to walled gardens– videntity, claimID– Who's next?– An own dedicated session for this ...
0700LukasRos.deLukas Rosenstock Digitale Dienste
![Page 26: OpenID for starters - Barcamp Berlin II](https://reader033.vdocuments.net/reader033/viewer/2022052823/555143b3b4c905c6268b4ba6/html5/thumbnails/26.jpg)
Visions for the future● OpenID 2.0 and extensions coming up– added security (& privacy)– profile exchange
0700LukasRos.deLukas Rosenstock Digitale Dienste
![Page 27: OpenID for starters - Barcamp Berlin II](https://reader033.vdocuments.net/reader033/viewer/2022052823/555143b3b4c905c6268b4ba6/html5/thumbnails/27.jpg)
Criticism● openid-neindanke.de● IdP as “Big Brother”?– your ISP already is– can be prevented with multiple OpenIDs
● IdP as SPoF– can be prevented with multiple OpenIDs*
● Not secure?– comparable to „password by email reset“
* this does not break the concept of OpenID
0700LukasRos.deLukas Rosenstock Digitale Dienste
![Page 28: OpenID for starters - Barcamp Berlin II](https://reader033.vdocuments.net/reader033/viewer/2022052823/555143b3b4c905c6268b4ba6/html5/thumbnails/28.jpg)
That's all, folks ...● Thanks for your attention!● Questions now or in discussion session● A link to slides will be on the BarCamp wiki
0700LukasRos.deLukas Rosenstock Digitale Dienste