openid & oauth for the consumer web workshop, part 1 of 3

OpenID & OAuth for the Consumer WebChris MessinaDavid PrimmerEric Sachs

Ping Cloud Identity SummitKeystone, COJuly 20, 2010

Agenda• The Value• The Technology• The Future

• Breakouts

Agenda• The Value• The Technology• The Future

• Breakouts

The Value

What

chris.messina@gmail.com

••••••••••

(Answers that relying parties should care about!)Why support third party auth?

• Who do you want to be, in this context?• Who do you want to hang out with (in this context)?• How can we be instantly relevant and meet your needs

with minimal effort?• What kind of handles and scaffolding can we provide to make it

easier to create social interaction?

22

Why

Plaxo’s 92% Success Story

Spot the problem?

Second Brain

Evil Bad Brain

Plaxo’s 92% success story• specially-crafted email to Gmail users• Gmail users likely to have Google profile & address book• one-click sign up and address book import• also requests name, verified email address

Plaxo’s 92% success story• Better for the user: higher success rate with no password anti-

pattern• Better for the provider: Happy users and no automated data

scraping• Better for the site: Higher conversion rate; more informed social

graph

+ Portable Contacts+

Photo by Teresa Stanton

As of July 1, 2009

10/05 1/0

64/0

67/0

610

/06 1/07

4/07

7/07

10/07 1/0

84/0

87/0

810

/08 1/09

7/09

0

10,000

20,000

30,000

40,000

50,000

Unique OpenID Relying Parties

Data from Janrain

1 Billion+ OpenIDs

Janrain

OpenID Providers on UserVoiceOpenID usage trends (Janrain)

15%8%

10%

33%34%

Google Facebook Yahoo! OtherTwitter

Data from Janrain, May 2010

OpenID Providers on Interscope RecordsOpenID usage trends (Janrain)

12%

12%

6%

10%

52%

8%

Google Facebook Yahoo! OtherTwitter MySpace

Data from Janrain, May 2010

OpenID Providers on sulit.com.phOpenID usage trends (Janrain)

1%

64%

10%

24%

Google Facebook Yahoo! Other

Chart from Janrain, January 2009

Sign in preferences across all propertiesOpenID usage trends (Janrain)

5.8%18.9%

13.0%

23.5%

38.8%

GoogleFacebookYahoo!OtherTwitter

(MySpace, Windows Live, AOL, etc)

Data from Janrain, May 2010

Gigya

Sign in preferences across all Gigya propertiesThird-party authentication usage trends (Gigya)

Source: Gigya, June 2010

Sign in preferences across entertainment sitesThird-party authentication usage trends (Gigya)

Source: Gigya, June 2010

Sign in preferences across news sitesThird-party authentication usage trends (Gigya)

Source: Gigya, June 2010

Sign in preferences across B2B sitesThird-party authentication usage trends (Gigya)

Source: Gigya, June 2010

Echo

Source: Echo, March 2010

What does this tell us?

54

What does this tell us?

• People use different identities for different purposes

54

What does this tell us?

• People use different identities for different purposes• Ultimately choice and competition is a good thing to foster in this

early landscape

54

What does this tell us?

• People use different identities for different purposes• Ultimately choice and competition is a good thing to foster in this

early landscape• Digital identity is in its infancy; it’s too early to pick the winners

54

What does this tell us?

Basecamp Lady Gaga

+

Totals

Janrain

Gigya

Echo OAuth 35%

OpenID 64%

OAuth 62%

OpenID 38%

OAuth 32%

OpenID 48%+

It’s inevitable

conversion, convenience, costs

service

How

NASCAR

Photo by larry wfu

Photo by Vaguely Artistic

XAuth

WebFinger

WebFinger

Discovery for the open webThe Hammer Stack

How WebFinger works

LookupEmailEnter email:

How WebFinger works

Lookupchris.messina@gmail.comEnter email:

How WebFinger works

Lookupchris.messina@gmail.comEnter email:

Discovering a user’s WebFinger profileHow WebFinger works

chris.messina@gmail.com

Discovering a user’s WebFinger profileHow WebFinger works

chris.messina@gmail.com{

domain

Discovering a user’s WebFinger profileHow WebFinger works

chris.messina@gmail.com{

domain

Use host meta to retrieve an LRDD documentHow WebFinger works

$curl http://gmail.com/.well-known/host-meta

Use host meta to retrieve an LRDD documentHow WebFinger works

$curl http://gmail.com/.well-known/host-meta

Use host meta to retrieve an LRDD documentHow WebFinger works

$curl http://gmail.com/.well-known/host-meta

Server returns LRDD documentHow WebFinger works

<?xml version='1.0' encoding='UTF-8'?><XRD xmlns='http://docs.oasis-open.org/ns/xri/xrd-1.0'      xmlns:hm='http://host-meta.net/xrd/1.0'>  <hm:Host xmlns='http://host-meta.net/xrd/1.0'>gmail.com</hm:Host>  <Link rel='lrdd'         template='http://www.google.com/s2/webfinger/?q={uri}'>    <Title>Resource Descriptor</Title>  </Link></XRD>

Server returns LRDD documentHow WebFinger works

<?xml version='1.0' encoding='UTF-8'?><XRD xmlns='http://docs.oasis-open.org/ns/xri/xrd-1.0'      xmlns:hm='http://host-meta.net/xrd/1.0'>  <hm:Host xmlns='http://host-meta.net/xrd/1.0'>gmail.com</hm:Host>  <Link rel='lrdd'         template='http://www.google.com/s2/webfinger/?q={uri}'>    <Title>Resource Descriptor</Title>  </Link></XRD>

Plugin acct: into URI TemplateHow WebFinger works

http://www.google.com/s2/webfinger/?q={uri}

Plugin acct: into URI TemplateHow WebFinger works

http://www.google.com/s2/webfinger/?q={uri}

chris.messina@gmail.com

Plugin acct: into URI TemplateHow WebFinger works

http://www.google.com/s2/webfinger/?q={uri}

acct:chris.messina@gmail.com

Plugin acct: into URI TemplateHow WebFinger works

http://www.google.com/s2/webfinger/?q={uri}acct:chris.messina@gmail.com

Plugin acct: into URI TemplateHow WebFinger works

http://www.google.com/s2/webfinger/?q={uri}acct:chris.messina@gmail.com

Retrieve WebFinger documentHow WebFinger works

$curl http://www.google.com/s2/webfinger/?q=acct:chris.messina@gmail.com

Retrieve WebFinger documentHow WebFinger works

$curl http://www.google.com/s2/webfinger/?q=acct:chris.messina@gmail.com

Retrieve WebFinger documentHow WebFinger works

$curl http://www.google.com/s2/webfinger/?q=acct:chris.messina@gmail.com

XRD ProfileHow WebFinger works<?xml version='1.0'?><XRD xmlns='http://docs.oasis-open.org/ns/xri/xrd-1.0'> <Subject>acct:chris.messina@gmail.com</Subject> <Alias>http://www.google.com/profiles/chris.messina</Alias> <Link rel='http://portablecontacts.net/spec/1.0' href='http://www-opensocial.googleusercontent.com/api/people/'/> <Link rel='http://webfinger.net/rel/profile-page' href='http://www.google.com/profiles/chris.messina' type='text/html'/> <Link rel='http://microformats.org/profile/hcard' href='http://www.google.com/profiles/chris.messina' type='text/html'/> <Link rel='http://gmpg.org/xfn/11' href='http://www.google.com/profiles/chris.messina' type='text/html'/> <Link rel='http://specs.openid.net/auth/2.0/provider' href='http://www.google.com/profiles/chris.messina'/> <Link rel='describedby' href='http://www.google.com/profiles/chris.messina' type='text/html'/> <Link rel='describedby' href='http://s2.googleusercontent.com/webfinger/?q=chris.messina%40gmail.com&amp;fmt=foaf' type='application/rdf+xml'/> <Link rel='http://schemas.google.com/g/2010#updates-from' href='http://buzz.googleapis.com/feeds/102034052532213921839/public/posted' type='application/atom+xml'/></XRD>

XRD ProfileHow WebFinger works<?xml version='1.0'?><XRD xmlns='http://docs.oasis-open.org/ns/xri/xrd-1.0'> <Subject>acct:chris.messina@gmail.com</Subject> <Alias>http://www.google.com/profiles/chris.messina</Alias> <Link rel='http://portablecontacts.net/spec/1.0' href='http://www-opensocial.googleusercontent.com/api/people/'/> <Link rel='http://webfinger.net/rel/profile-page' href='http://www.google.com/profiles/chris.messina' type='text/html'/> <Link rel='http://microformats.org/profile/hcard' href='http://www.google.com/profiles/chris.messina' type='text/html'/> <Link rel='http://gmpg.org/xfn/11' href='http://www.google.com/profiles/chris.messina' type='text/html'/> <Link rel='http://specs.openid.net/auth/2.0/provider' href='http://www.google.com/profiles/chris.messina'/> <Link rel='describedby' href='http://www.google.com/profiles/chris.messina' type='text/html'/> <Link rel='describedby' href='http://s2.googleusercontent.com/webfinger/?q=chris.messina%40gmail.com&amp;fmt=foaf' type='application/rdf+xml'/> <Link rel='http://schemas.google.com/g/2010#updates-from' href='http://buzz.googleapis.com/feeds/102034052532213921839/public/posted' type='application/atom+xml'/></XRD>

XRD ProfileHow WebFinger works<?xml version='1.0'?><XRD xmlns='http://docs.oasis-open.org/ns/xri/xrd-1.0'> <Subject>acct:chris.messina@gmail.com</Subject> <Alias>http://www.google.com/profiles/chris.messina</Alias> <Link rel='http://portablecontacts.net/spec/1.0' href='http://www-opensocial.googleusercontent.com/api/people/'/> <Link rel='http://webfinger.net/rel/profile-page' href='http://www.google.com/profiles/chris.messina' type='text/html'/> <Link rel='http://microformats.org/profile/hcard' href='http://www.google.com/profiles/chris.messina' type='text/html'/> <Link rel='http://gmpg.org/xfn/11' href='http://www.google.com/profiles/chris.messina' type='text/html'/> <Link rel='http://specs.openid.net/auth/2.0/provider' href='http://www.google.com/profiles/chris.messina'/> <Link rel='describedby' href='http://www.google.com/profiles/chris.messina' type='text/html'/> <Link rel='describedby' href='http://s2.googleusercontent.com/webfinger/?q=chris.messina%40gmail.com&amp;fmt=foaf' type='application/rdf+xml'/> <Link rel='http://schemas.google.com/g/2010#updates-from' href='http://buzz.googleapis.com/feeds/102034052532213921839/public/posted' type='application/atom+xml'/></XRD>

<?xml version='1.0'?><XRD xmlns='http://docs.oasis-open.org/ns/xri/xrd-1.0'> <Subject>acct:chris.messina@gmail.com</Subject> <Alias>http://www.google.com/profiles/chris.messina</Alias> <Link rel='http://portablecontacts.net/spec/1.0' href='http://www-opensocial.googleusercontent.com/api/people/'/> <Link rel='http://webfinger.net/rel/profile-page' href='http://www.google.com/profiles/chris.messina' type='text/html'/> <Link rel='http://microformats.org/profile/hcard' href='http://www.google.com/profiles/chris.messina' type='text/html'/> <Link rel='http://gmpg.org/xfn/11' href='http://www.google.com/profiles/chris.messina' type='text/html'/> <Link rel='http://specs.openid.net/auth/2.0/provider' href='http://www.google.com/profiles/chris.messina'/> <Link rel='describedby' href='http://www.google.com/profiles/chris.messina' type='text/html'/> <Link rel='describedby' href='http://s2.googleusercontent.com/webfinger/?q=chris.messina%40gmail.com&amp;fmt=foaf' type='application/rdf+xml'/> <Link rel='http://schemas.google.com/g/2010#updates-from' href='http://buzz.googleapis.com/feeds/102034052532213921839/public/posted' type='application/atom+xml'/></XRD>

XRD ProfileHow WebFinger works

<Link rel='http://specs.openid.net/auth/2.0/provider' href='http://www.google.com/profiles/chris.messina'/>

Putting it together

ConnectEmailEnter email: Lookup

Making OpenID easier using an email address

Putting it together

ConnectEmailEnter email:

Making OpenID easier using an email address

Putting it together

Connectchris.messina@gmail.comEnter email:

Making OpenID easier using an email address

Putting it together

Connectchris.messina@gmail.comEnter email:

Making OpenID easier using an email address

Making OpenID easier using an email addressPutting it together

Signed in as: Chris Messina

Making OpenID easier using an email addressPutting it together

Signed in as: Chris Messina

Connect

...according to David RecordonThe anatomy of connect

Source O’Reilly Radar.95

...according to David RecordonThe anatomy of connect

• Profile (identity, accounts, profiles)

Source O’Reilly Radar.95

...according to David RecordonThe anatomy of connect

• Profile (identity, accounts, profiles)• Relationships (followers, friends, contacts)

Source O’Reilly Radar.95

...according to David RecordonThe anatomy of connect

• Profile (identity, accounts, profiles)• Relationships (followers, friends, contacts)• Content (posts, photos, videos, links)

Source O’Reilly Radar.95

...according to David RecordonThe anatomy of connect

• Profile (identity, accounts, profiles)• Relationships (followers, friends, contacts)• Content (posts, photos, videos, links)• Activity (poked, bought, shared, blogged)

Source O’Reilly Radar.95

...according to David RecordonThe anatomy of connect

• Profile (identity, accounts, profiles)• Relationships (followers, friends, contacts)• Content (posts, photos, videos, links)• Activity (poked, bought, shared, blogged)

Source O’Reilly Radar.

• Goal: Discovery of new people and content

95

ConnectConnect

Agenda• The Value• The Technology• The Future

• Breakouts