openid - an identity system for the open web

David Orrell, Eduserv [email protected]

www.eduserv.org.uk/foundation

OpenID:An Identity System for the Open Web

Online Information, December 2008

2ALT-C 2008 Sponsor Session

September 2008

OpenID: What is it?

Identities: Trusted vs trusted.

Activities: Formal vs informal.

Usage scenarios.


September 2008

Uses of online identity

• Control access to ‘known’ users or subscribers.– Depends on claims asserted by trusted party.

• Personalisation– Depends on self-asserted claims by user.

• Common presence across services.– Depends on universal identifier – with consent of user.


September 2008

• Defines globally unique identifiers for users.

• They're URLs...

http://dno.myopenid.com

http://openid.eduserv.org.uk/dno


September 2008

• A mechanism to verify the URL ‘belongs to’ its bearer.

• User chooses provider to hold their profile and check credentials.

• That's it! Almost.

Who are you?

(1)


OpenID (Identity) Provider

(2)

(3)Verification

+ attribute exchange (optional)


September 2008

Who's using it?

Estimated over 250 million identities!

You've probably already got one!

BBC AOL Google Yahoo Flickr

Microsoft MySpace Orange Verisign


September 2008

• Shibboleth– Credentials ‘owned’ by issuing organisation (eg.

University, workplace).

– Exist for duration of study, employment etc.

– Trusted claims.

– Federations with well-defined boundaries.

• OpenID– Credentials ‘owned’ by user.

– Exist for sustained period.

– Untrusted claims.

Learning/research

Email

Mobileaccess

Collaboration

Lifelong-learning/alumni

Shibboleth

Managed Information Cards

Trust Federations

Assessment

Subscription resources

Campus services

Library services

BloggingPersonalisation

OpenID

Personal identities

PersonalInformation Cards

Social Networks


September 2008

OpenID reflects trends of the Open Web.... and those of users and learners.

Open content, collaboration, linked-data, RESTful APIs, social software, microformats.


September 2008

Learners want to use the services they choose, know, and like to use.

– Provides access to best-of-breed services.

Staff want to find the best, and most appropriate services for themselves & students.

– Campuses can't provide diverse enough set of services.


September 2008

Scenario 1:

Universities issue OpenIDs

– Easy to do– Inferred membership of organisation...

http://openid.bath.ac.uk/user– Identifier not portable between organisations


September 2008

Scenario 2:

Association of an existing OpenID with a ‘formal’ University identity

– Also easy to do– Lifelong learning– Collaboration with peers– ‘Hides’ OpenID from service providers


September 2008

Scenario 3:

Hybrid model: OpenID as a pointer to a formal identity

(1)OpenID request


(4) Formal claims

(3)

Shibboleth request

Informal claims +

pointer to ‘formal’ university

identity provider

(2) Service Provider


September 2008

Conclusions

• Gives users choice.

• Fits in with a user-centric, Web 2.0 view of the world.

• Bridge to a more diverse range of services.

• Life-long learning identity association.

• Users can build up personal portfolio of services.

• Institutional, non-institutional mash-ups.


September 2008

Considerations

• It's not a universal solution.– Or is it?

– Good for the techies/Web 2.0 people.

• Not without risks.– Service levels and continuity

– Data-loss – too much dependency on external services.


September 2008

Thank you

[email protected]

openid - an identity system for the open web

Education