openid - an identity system for the open web

David Orrell, Eduserv Foundationdavid.orrell@eduserv.org.uk

www.eduserv.org.uk/foundation

OpenID:An Identity System for the Open Web

Online Information, December 2008

2ALT-C 2008 Sponsor Session

September 2008

OpenID: What is it?

Identities: Trusted vs trusted.

Activities: Formal vs informal.

Usage scenarios.

3ALT-C 2008 Sponsor Session

September 2008

Uses of online identity

• Control access to ‘known’ users or subscribers.– Depends on claims asserted by trusted party.

• Personalisation– Depends on self-asserted claims by user.

• Common presence across services.– Depends on universal identifier – with consent of user.

4ALT-C 2008 Sponsor Session

September 2008

• Defines globally unique identifiers for users.

• They're URLs...

http://dno.myopenid.com

http://openid.eduserv.org.uk/dno

5ALT-C 2008 Sponsor Session

September 2008

• A mechanism to verify the URL ‘belongs to’ its bearer.

• User chooses provider to hold their profile and check credentials.

• That's it! Almost.

Who are you?

(1)

http://dno.myopenid.com

OpenID (Identity) Provider

(2)

(3)Verification

+ attribute exchange (optional)

9ALT-C 2008 Sponsor Session

September 2008

Who's using it?

Estimated over 250 million identities!

You've probably already got one!

BBC AOL Google Yahoo Flickr

Microsoft MySpace Orange Verisign

10ALT-C 2008 Sponsor Session

September 2008

• Shibboleth– Credentials ‘owned’ by issuing organisation (eg.

University, workplace).

– Exist for duration of study, employment etc.

– Trusted claims.

– Federations with well-defined boundaries.

• OpenID– Credentials ‘owned’ by user.

– Exist for sustained period.

– Untrusted claims.

Learning/research

Email

Mobileaccess

Collaboration

Lifelong-learning/alumni

Shibboleth

Managed Information Cards

Trust Federations

Assessment

Subscription resources

Campus services

Library services

BloggingPersonalisation

OpenID

Personal identities

PersonalInformation Cards

Social Networks

12ALT-C 2008 Sponsor Session

September 2008

OpenID reflects trends of the Open Web.... and those of users and learners.

Open content, collaboration, linked-data, RESTful APIs, social software, microformats.

13ALT-C 2008 Sponsor Session

September 2008

Learners want to use the services they choose, know, and like to use.

– Provides access to best-of-breed services.

Staff want to find the best, and most appropriate services for themselves & students.

– Campuses can't provide diverse enough set of services.

14ALT-C 2008 Sponsor Session

September 2008

Scenario 1:

Universities issue OpenIDs

– Easy to do– Inferred membership of organisation...

http://openid.bath.ac.uk/user– Identifier not portable between organisations

15ALT-C 2008 Sponsor Session

September 2008

Scenario 2:

Association of an existing OpenID with a ‘formal’ University identity

– Also easy to do– Lifelong learning– Collaboration with peers– ‘Hides’ OpenID from service providers

16ALT-C 2008 Sponsor Session

September 2008

Scenario 3:

Hybrid model: OpenID as a pointer to a formal identity

(1)OpenID request

http://dno.myopenid.com

(4) Formal claims

(3)

Shibboleth request

Informal claims +

pointer to ‘formal’ university

identity provider

(2) Service Provider

19ALT-C 2008 Sponsor Session

September 2008

Conclusions

• Gives users choice.

• Fits in with a user-centric, Web 2.0 view of the world.

• Bridge to a more diverse range of services.

• Life-long learning identity association.

• Users can build up personal portfolio of services.

• Institutional, non-institutional mash-ups.

20ALT-C 2008 Sponsor Session

September 2008

Considerations

• It's not a universal solution.– Or is it?

– Good for the techies/Web 2.0 people.

• Not without risks.– Service levels and continuity

– Data-loss – too much dependency on external services.

21ALT-C 2008 Sponsor Session

September 2008

Thank you

david.orrell@eduserv.org.uk