eduserv openid meeting: openid today
DESCRIPTION
TRANSCRIPT
TodayEduserv OpenID Meeting
"taking the world by storm"Tim O'Reilly
"Its definitely time to declare OpenID a winner"
TechCrunch
"this high profile announcement marks the importance of single sign on identity technology to the future of the Internet"
ReadWriteWeb
"OpenID is a protocol made for the public, by the public.
No one owns or controls your login information: You do."
37signals
"...sees great potential for OpenID's use alongside enterprise-ready software
infrastructure"Sun Microsystems
What is OpenID?
• Single sign-on for the web
• Simple and light-weight(not going to replace your bank card pin)
• Easy to use and deploy
• Built upon proven existing technologies(DNS, HTTP, SSL/TLS, Diffie-Hellman)
• Decentralized(you don't have to ask anyone permission to implement it)
• Free!
An OpenID is a URI
• URLs are globally unique and ubiquitous
• OpenID allows proving ownership of an URI
• People already have identity at URLs via blogs, photos, MySpace, FaceBook, etc
• People already describe relationships via URLs (e.g. links to my friends)
OpenID is Decentralized
"What problems does it solve?"
Too many usernames
Too many passwords
Signup is too hard
Directories are hard
Strong auth is complex
The web lacks identity
OpenID is another important building
block.
Identity is not just one thing
...but it is really about trust
With OpenID, you get to choose who you trust.
(and even change your mind later)
DEMOHow Does it Work?
Prove it!
I’m davidrecordon.com
Who are you?
As a Conversation
"openid.server" points to my OpenID Provider
Discovers My Provider
(crypto happens)
DEMOUsing OpenID
OpenID is Really Easy
"This is a geek's toy,
nobody will ever have an OpenID!"
~160 million OpenIDs(including every AOL user)
OpenID 1.1 - Estimated from various services
"Nobody will ever use this!"
0
1,500
3,000
4,500
6,000
Sep '
05 Oct
Nov Dec
Jan '0
6Fe
bMar Apr May
June
July
Aug Sep
Oct
Nov Dec
Jan '0
7Fe
bMar Apr May
June
July
Augus
t
Sep 2
2
(aka places you can login with OpenID)
OpenID 1.1 - As viewed by MyOpenID.com
Total Relying Parties
"So that's great there are so many blogs, but what about something
real?"
http://janrain.com/blog/2007/11/05/openid-in-higher-education/
“Any OpenID in the enterprise?”
Internal SSO for bug trackers and wikis
Offer all employees OpenIDs; open source
Enterprise SSO and identity manager with
LDAP and OpenID
OpenID Provider with plans to ship in enterprise
products this year
Shared OpenID Provider for their businesses and
partnersProject management,
CRM, and billing for small businesses
"What about security?"
“Protocol Security?”
like any protocol...think as you implement
What about phishing?
More kittens!
Kitten Overload!
Simon Willison - FOWA 02/07
Identity theft!:'(
Kitten Overload!
FAKE
Simon Willison - FOWA 02/07
Safe Sign-In Pages
the best solutions may around the browser
Microsoft CardSpace
MyVidoop Plugin(a password manager tied into your OpenID account add-on for Firefox)
Sxipper(a form filler password manager with OpenID integration add-on for Firefox)
Symantec Identity Client(OpenID form-fill, upcoming provider, and claims integration)
(an OpenID convenience and security add-on for Firefox)
works with
VeriSign's OpenID SeatBelt
IE Team has posted a job ad mentioning "OpenID""Does the idea of redefining the role of the Internet browser appeal to you? Do the terms HTTP, RSS, Microformats, and OpenID, excite you? If so, then
this just might be the opportunity for you."
OpenID doesn't dictate an authentication method
OpenID is great for innovation
"How do I deploy OpenID?"
OpenID Specs
• OpenID Authentication 1.1
• OpenID Simple Registration 1.0
• Yadis Discovery Protocol
• OpenID Authentication 2.0 (implementors draft)
• OpenID Attribute Exchange 1.0 (draft)
• OpenID PAPE 1.0 (draft)
• OpenID Data Transport Protocol (draft)
Final Specifications
• OpenID Authentication 1.1
• What most people think of for OpenID
• What I’m mainly talking about today
• Very simple
• OpenID Simple Registration Extension
• Exchange basic profile data
• Keep the user in charge
OpenID Authentication 2.0
• Cleans up the 1.1 specification
• Adds a few useful features
• Robust extensibility
• Enhanced service discovery
• "Directed identity"
• XRI
• About six independent library implementations of final draft
Attribute Exchange
• Flexible framework for exchange rich profile attributes
• Keeps the user in charge
• Allows updating data in a distributed fashion
PAPE
• Communicate details about how the user authenticated
• High-level policies such as “phishing resistant” or “multi-factor”
• Increasingly important with higher value OpenID transactions
Lots Easy of Code
• Libraries in C#, C++, Java, Perl, Python, Ruby, PHP, and ColdFusion
• Can have something working within a weekend
• Need to think a bit about security and usability
“Why OpenID and education?”
