Download - OpenID for starters - Barcamp Berlin II
0700LukasRos.deLukas Rosenstock Digitale Dienste
OpenID for starters
Lukas L. RosenstockOpenID Foundation Europe
BarCamp Berlin II03.11.07
Outline● About me● About this presentation● Problem and solution● Concept URL-based identity● History of OpenID● User perspective● Technical perspective● Business perspective● Visions for the future● Criticism 0700LukasRos.de
Lukas Rosenstock Digitale Dienste
About me● Lukas Leander Rosenstock (1984)● Computer science student at Darmstadt University of
Technology● Involved in smaller web projects● Active OpenID-supporter since Sept. 2005● OpenID Foundation Europe Member● Web Montag Frankfurt & Cologne● BarCamp Frankfurt & Cologne
0700LukasRos.deLukas Rosenstock Digitale Dienste
About this presentation● Complete overview for starters● Introduction into the topic, starts at „0“ (zero)● More questions and discussion after the presentation
or in other sessions at this BarCamp
0700LukasRos.deLukas Rosenstock Digitale Dienste
Problem and solution (1)● Web 2.0 sites allow interaction● Web 1.0 sites too (e.g. Boards)● Yes, I know, you can't say a site is „1.0“ or „2.0“ ...● Register everywhere? Maybe for one post or
download?● Remember passwords?● Often the same information has to be entered, no
connection between profiles● Effect: websites are still islands / walled gardens
2.0 0700LukasRos.deLukas Rosenstock Digitale Dienste
Problem and solution (2)● Negative side-effect: Centralization encouraged (e.g..
Gravatar, MySpace, Facebook)● “(de)centralisization-paradox”● Solution: one „username“ for every site?● Single-Sign-On● A framework für interoperability, extensible with profile
exchange, reputation / claims / votings, distributed social networks and applications (while privacy remains)?
● Here we go ...0700LukasRos.de
Lukas Rosenstock Digitale Dienste
Concept URL-based identity● URL, more exact: HTTP-URL, as identifier● Well-known and proved concept● Namespace is easily accessible● Describes a „space“
● (meta-)information can be requested synchronously ● Examples:
● http://daveman692.livejournal.com/● http://0700lukasros.de/● http://openid.aol.com/username
0700LukasRos.deLukas Rosenstock Digitale Dienste
History of OpenID (1)● Originally YADIS = Yet Another Distributed
Identity System, developed by Brad Fitzpatrick (Danga/SixApart/LiveJournal)
● 17th May 2005: Renamed to OpenID and published
● Implementation on LiveJournal● September 2005: First public OpenID-Servers
videntity.org and MyOpenID.com
0700LukasRos.deLukas Rosenstock Digitale Dienste
History of OpenID (2)● October 2005: „Yadis“ newly announced as
interoperability platform für OpenID and LID (Light Weight Identity, Netmesh)
● JanRain Inc writes OpenID code librarys for PHP, Perl, Ruby and Python
● 21th March 2006: Yadis Spezifikation 1.0 published, based upon XRI/XRDS/i-names
● 26th July 2006: announcement of the OpenID code bounty program
0700LukasRos.deLukas Rosenstock Digitale Dienste
History of OpenID (3)● Beginning of 2007: RSA Conference; Microsoft
announces support for OpenID● interoperability with CardSpace / InfoCard
● AOL “inofficially” gives their 63 million members an OpenID
● Question: What are Google and Yahoo doing?● Evaluating internally!
● During 2007: some websites introduce at least partial OpenID support (wordpress.com, Technorati)
● OpenID Foundation & OpenID Foundation Europe
0700LukasRos.deLukas Rosenstock Digitale Dienste
User perspective
● Use Case: Login/Signup on a website– User already owns his OpenID
● Example ...
0700LukasRos.deLukas Rosenstock Digitale Dienste
Technical perspective
End User/Client
Identity-URL Identity Provider(IdP)
Relying Party(RP)
wants to identifyhimself
owns
points to
confirms identity
0700LukasRos.deLukas Rosenstock Digitale Dienste
End User/Client
Identity-URL Identity Provider(IdP)
Relying Party(RP)
(1) asks for IdP(discovery)
(3) sendsredirectionto IdP
(2) gets ahandleissued(association)[if not yet done]]
0700LukasRos.deLukas Rosenstock Digitale Dienste
0700LukasRos.deLukas Rosenstock Digitale Dienste
End User/Client
Identity Provider(IdP)
Relying Party(RP)
(1) session, cookie, password, clientcertificate, trustsetting (eitherautomatically ofinteractive)
(3) redirection
(2) sendsredirectionto the RPwith signature(SHA1-HMAC)
(4) signature validation
Business perspective● What benefits does OpenID offer?● As relying party (offer OpenID logins):– lower entry barrier for potential customers– more users, more profit :-)
0700LukasRos.deLukas Rosenstock Digitale Dienste
Business perspective● As a provider (offering OpenID URLs):– free bonus feature– more links back to your site
● potentially higher pagerank● Dominate the world with a “microsoft strategy”
(proprietary addons) ...
0700LukasRos.deLukas Rosenstock Digitale Dienste
Visions for the future● URL as platform– RSS, FOAF, Microformats
● Decentral Social Networking– Good-bye to walled gardens– videntity, claimID– Who's next?– An own dedicated session for this ...
0700LukasRos.deLukas Rosenstock Digitale Dienste
Visions for the future● OpenID 2.0 and extensions coming up– added security (& privacy)– profile exchange
0700LukasRos.deLukas Rosenstock Digitale Dienste
Criticism● openid-neindanke.de● IdP as “Big Brother”?– your ISP already is– can be prevented with multiple OpenIDs
● IdP as SPoF– can be prevented with multiple OpenIDs*
● Not secure?– comparable to „password by email reset“
* this does not break the concept of OpenID
0700LukasRos.deLukas Rosenstock Digitale Dienste
That's all, folks ...● Thanks for your attention!● Questions now or in discussion session● A link to slides will be on the BarCamp wiki
0700LukasRos.deLukas Rosenstock Digitale Dienste