openid
DESCRIPTION
OpenID. And the Future of Digital Identity Alicia Bozyk April 1, 2008. Introduction. Identity 1.0. Identity happens in silos Closed and complex. Identity 2.0 is a way for users to have one identity that can be used in multiple places - PowerPoint PPT PresentationTRANSCRIPT
OpenID And the Future of Digital Identity
Alicia Bozyk
April 1, 2008
Introduction
Identity happens in silos
Closed and complex
Identity 1.0
Introduction
Identity 2.0 is a way for users to have one identity that can beused in multiple places on the web.
Must Be: Simple Scalable Flexible
Identity 2.0
Technologies
OpenID
Windows CardSpace
OpenID
OpenID is a decentralized single sign on service.
Managed by the OpenID Foundation
General Principles: simple, modular, free, and further extensible
Provides the verification of a users identity from an identity provider to a relying party
OpenID
What is an OpenID?
URI/XRI identifier that is used to find the OpenID Identity Provider for a user
An example identifier is: http://alicia.myopenid.com
OpenID
<?xml version="1.0" encoding="UTF-8"?> <xrds:XRDS xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0)" xmlns:openid="http://openid.net/xmlns/1.0"> <XRD> <Service priority="50"> <Type>http://openid.net/signon/1.0</Type> <URI>http://www.myopenid.com/server</URI> <openid:Delegate>http://alic.myopenid.com/</openid:Delegate> </Service> <Service priority="10"> <Type>http://openid.net/signon/1.0</Type> <URI>http://www.livejournal.com/openid/server.bml</URI> <openid:Delegate>http://www.livejournal.com/users/joe</openid:Delegate> </Service> <Service priority="20"> <Type>http://lid.netmesh.org/sso/2.0</Type> <URI>http://mylid.net/liddemouser</URI> </Service> <Service> <Type>http://lid.netmesh.org/sso/1.0</Type> </Service> </XRD> </xrds:XRDS>
Yadis Capability Document
OpenID
Authentication
user initiates authentication by supplying and identifier to a relying party
relying party performs discovery and determines the endpoint URL to request authentication from
relying party and identity provider establish a shared secret through the use of the Diffie-Hellman key exchange, and signs all of the following messages with this key
relying party requests authentication for the user
identity provide determines whether the end user is authorized to perform OpenID authentication and wishes to do so the identity provider returns either an assertion that authentication is approved or has failed
relying party verifies the information received from the provider by checking the return URL, verifying the discovered information, checking a nonce, and verifying the signature using the established shared key
OpenID
Strengths: Decentralized and Portable Easily Controlled and Managed by User Lightweight
Weaknesses: Phishing Windows Only
Windows CardSpace
Identity Metasystem Information Cards
Goals: A way to represent identities using claims A means for identity providers, relying parties, and
subjects to negotiate An encapsulating protocol to obtain claims and
requirements A means to bridge technology and organizational
boundaries using claims transformation A consistent user experience across multiple contexts,
technologies, and operators
CardSpace
Strengths: Consistent User Interface Security – uses SAML
Weaknesses: Portability Security – physical Windows Only
Conclusions
OpenID is the next step in managing digital identity
OpenID is better than other solutions since it is decentralized, free, and open standard, and is gaining momentum in the online community
OpenID helps breaks the boundaries between web applications
Questions?