openid & oauth for the consumer web workshop, part 1 of 3
DESCRIPTION
This is the first 1/3 of a workshop I gave with Eric Sachs and David Primmer of Google at the Cloud Identity Summit. http://www.cloudidentitysummit.com/TRANSCRIPT
OpenID & OAuth for the Consumer WebChris MessinaDavid PrimmerEric Sachs
Ping Cloud Identity SummitKeystone, COJuly 20, 2010
Agenda• The Value• The Technology• The Future
• Breakouts
Agenda• The Value• The Technology• The Future
• Breakouts
The Value
What
••••••••••
(Answers that relying parties should care about!)Why support third party auth?
• Who do you want to be, in this context?• Who do you want to hang out with (in this context)?• How can we be instantly relevant and meet your needs
with minimal effort?• What kind of handles and scaffolding can we provide to make it
easier to create social interaction?
22
Why
Plaxo’s 92% Success Story
Spot the problem?
Second Brain
Evil Bad Brain
Plaxo’s 92% success story• specially-crafted email to Gmail users• Gmail users likely to have Google profile & address book• one-click sign up and address book import• also requests name, verified email address
Plaxo’s 92% success story• Better for the user: higher success rate with no password anti-
pattern• Better for the provider: Happy users and no automated data
scraping• Better for the site: Higher conversion rate; more informed social
graph
+ Portable Contacts+
Photo by Teresa Stanton
As of July 1, 2009
10/05 1/0
64/0
67/0
610
/06 1/07
4/07
7/07
10/07 1/0
84/0
87/0
810
/08 1/09
7/09
0
10,000
20,000
30,000
40,000
50,000
Unique OpenID Relying Parties
Data from Janrain
1 Billion+ OpenIDs
Janrain
OpenID Providers on UserVoiceOpenID usage trends (Janrain)
15%8%
10%
33%34%
Google Facebook Yahoo! OtherTwitter
Data from Janrain, May 2010
OpenID Providers on Interscope RecordsOpenID usage trends (Janrain)
12%
12%
6%
10%
52%
8%
Google Facebook Yahoo! OtherTwitter MySpace
Data from Janrain, May 2010
OpenID Providers on sulit.com.phOpenID usage trends (Janrain)
1%
64%
10%
24%
Google Facebook Yahoo! Other
Chart from Janrain, January 2009
Sign in preferences across all propertiesOpenID usage trends (Janrain)
5.8%18.9%
13.0%
23.5%
38.8%
GoogleFacebookYahoo!OtherTwitter
(MySpace, Windows Live, AOL, etc)
Data from Janrain, May 2010
Gigya
Sign in preferences across all Gigya propertiesThird-party authentication usage trends (Gigya)
Source: Gigya, June 2010
Sign in preferences across entertainment sitesThird-party authentication usage trends (Gigya)
Source: Gigya, June 2010
Sign in preferences across news sitesThird-party authentication usage trends (Gigya)
Source: Gigya, June 2010
Sign in preferences across B2B sitesThird-party authentication usage trends (Gigya)
Source: Gigya, June 2010
Echo
Source: Echo, March 2010
What does this tell us?
54
What does this tell us?
• People use different identities for different purposes
54
What does this tell us?
• People use different identities for different purposes• Ultimately choice and competition is a good thing to foster in this
early landscape
54
What does this tell us?
• People use different identities for different purposes• Ultimately choice and competition is a good thing to foster in this
early landscape• Digital identity is in its infancy; it’s too early to pick the winners
54
What does this tell us?
Basecamp Lady Gaga
+
Totals
Janrain
Gigya
Echo OAuth 35%
OpenID 64%
OAuth 62%
OpenID 38%
OAuth 32%
OpenID 48%+
It’s inevitable
conversion, convenience, costs
service
How
NASCAR
XAuth
WebFinger
WebFinger
Discovery for the open webThe Hammer Stack
How WebFinger works
LookupEmailEnter email:
Discovering a user’s WebFinger profileHow WebFinger works
Discovering a user’s WebFinger profileHow WebFinger works
domain
Discovering a user’s WebFinger profileHow WebFinger works
domain
Use host meta to retrieve an LRDD documentHow WebFinger works
$curl http://gmail.com/.well-known/host-meta
Use host meta to retrieve an LRDD documentHow WebFinger works
$curl http://gmail.com/.well-known/host-meta
Use host meta to retrieve an LRDD documentHow WebFinger works
$curl http://gmail.com/.well-known/host-meta
Server returns LRDD documentHow WebFinger works
<?xml version='1.0' encoding='UTF-8'?><XRD xmlns='http://docs.oasis-open.org/ns/xri/xrd-1.0' xmlns:hm='http://host-meta.net/xrd/1.0'> <hm:Host xmlns='http://host-meta.net/xrd/1.0'>gmail.com</hm:Host> <Link rel='lrdd' template='http://www.google.com/s2/webfinger/?q={uri}'> <Title>Resource Descriptor</Title> </Link></XRD>
Server returns LRDD documentHow WebFinger works
<?xml version='1.0' encoding='UTF-8'?><XRD xmlns='http://docs.oasis-open.org/ns/xri/xrd-1.0' xmlns:hm='http://host-meta.net/xrd/1.0'> <hm:Host xmlns='http://host-meta.net/xrd/1.0'>gmail.com</hm:Host> <Link rel='lrdd' template='http://www.google.com/s2/webfinger/?q={uri}'> <Title>Resource Descriptor</Title> </Link></XRD>
Plugin acct: into URI TemplateHow WebFinger works
http://www.google.com/s2/webfinger/?q={uri}
Plugin acct: into URI TemplateHow WebFinger works
http://www.google.com/s2/webfinger/?q={uri}
Plugin acct: into URI TemplateHow WebFinger works
http://www.google.com/s2/webfinger/?q={uri}
acct:[email protected]
Plugin acct: into URI TemplateHow WebFinger works
http://www.google.com/s2/webfinger/?q={uri}acct:[email protected]
Plugin acct: into URI TemplateHow WebFinger works
http://www.google.com/s2/webfinger/?q={uri}acct:[email protected]
Retrieve WebFinger documentHow WebFinger works
$curl http://www.google.com/s2/webfinger/?q=acct:[email protected]
Retrieve WebFinger documentHow WebFinger works
$curl http://www.google.com/s2/webfinger/?q=acct:[email protected]
Retrieve WebFinger documentHow WebFinger works
$curl http://www.google.com/s2/webfinger/?q=acct:[email protected]
XRD ProfileHow WebFinger works<?xml version='1.0'?><XRD xmlns='http://docs.oasis-open.org/ns/xri/xrd-1.0'> <Subject>acct:[email protected]</Subject> <Alias>http://www.google.com/profiles/chris.messina</Alias> <Link rel='http://portablecontacts.net/spec/1.0' href='http://www-opensocial.googleusercontent.com/api/people/'/> <Link rel='http://webfinger.net/rel/profile-page' href='http://www.google.com/profiles/chris.messina' type='text/html'/> <Link rel='http://microformats.org/profile/hcard' href='http://www.google.com/profiles/chris.messina' type='text/html'/> <Link rel='http://gmpg.org/xfn/11' href='http://www.google.com/profiles/chris.messina' type='text/html'/> <Link rel='http://specs.openid.net/auth/2.0/provider' href='http://www.google.com/profiles/chris.messina'/> <Link rel='describedby' href='http://www.google.com/profiles/chris.messina' type='text/html'/> <Link rel='describedby' href='http://s2.googleusercontent.com/webfinger/?q=chris.messina%40gmail.com&fmt=foaf' type='application/rdf+xml'/> <Link rel='http://schemas.google.com/g/2010#updates-from' href='http://buzz.googleapis.com/feeds/102034052532213921839/public/posted' type='application/atom+xml'/></XRD>
XRD ProfileHow WebFinger works<?xml version='1.0'?><XRD xmlns='http://docs.oasis-open.org/ns/xri/xrd-1.0'> <Subject>acct:[email protected]</Subject> <Alias>http://www.google.com/profiles/chris.messina</Alias> <Link rel='http://portablecontacts.net/spec/1.0' href='http://www-opensocial.googleusercontent.com/api/people/'/> <Link rel='http://webfinger.net/rel/profile-page' href='http://www.google.com/profiles/chris.messina' type='text/html'/> <Link rel='http://microformats.org/profile/hcard' href='http://www.google.com/profiles/chris.messina' type='text/html'/> <Link rel='http://gmpg.org/xfn/11' href='http://www.google.com/profiles/chris.messina' type='text/html'/> <Link rel='http://specs.openid.net/auth/2.0/provider' href='http://www.google.com/profiles/chris.messina'/> <Link rel='describedby' href='http://www.google.com/profiles/chris.messina' type='text/html'/> <Link rel='describedby' href='http://s2.googleusercontent.com/webfinger/?q=chris.messina%40gmail.com&fmt=foaf' type='application/rdf+xml'/> <Link rel='http://schemas.google.com/g/2010#updates-from' href='http://buzz.googleapis.com/feeds/102034052532213921839/public/posted' type='application/atom+xml'/></XRD>
XRD ProfileHow WebFinger works<?xml version='1.0'?><XRD xmlns='http://docs.oasis-open.org/ns/xri/xrd-1.0'> <Subject>acct:[email protected]</Subject> <Alias>http://www.google.com/profiles/chris.messina</Alias> <Link rel='http://portablecontacts.net/spec/1.0' href='http://www-opensocial.googleusercontent.com/api/people/'/> <Link rel='http://webfinger.net/rel/profile-page' href='http://www.google.com/profiles/chris.messina' type='text/html'/> <Link rel='http://microformats.org/profile/hcard' href='http://www.google.com/profiles/chris.messina' type='text/html'/> <Link rel='http://gmpg.org/xfn/11' href='http://www.google.com/profiles/chris.messina' type='text/html'/> <Link rel='http://specs.openid.net/auth/2.0/provider' href='http://www.google.com/profiles/chris.messina'/> <Link rel='describedby' href='http://www.google.com/profiles/chris.messina' type='text/html'/> <Link rel='describedby' href='http://s2.googleusercontent.com/webfinger/?q=chris.messina%40gmail.com&fmt=foaf' type='application/rdf+xml'/> <Link rel='http://schemas.google.com/g/2010#updates-from' href='http://buzz.googleapis.com/feeds/102034052532213921839/public/posted' type='application/atom+xml'/></XRD>
<?xml version='1.0'?><XRD xmlns='http://docs.oasis-open.org/ns/xri/xrd-1.0'> <Subject>acct:[email protected]</Subject> <Alias>http://www.google.com/profiles/chris.messina</Alias> <Link rel='http://portablecontacts.net/spec/1.0' href='http://www-opensocial.googleusercontent.com/api/people/'/> <Link rel='http://webfinger.net/rel/profile-page' href='http://www.google.com/profiles/chris.messina' type='text/html'/> <Link rel='http://microformats.org/profile/hcard' href='http://www.google.com/profiles/chris.messina' type='text/html'/> <Link rel='http://gmpg.org/xfn/11' href='http://www.google.com/profiles/chris.messina' type='text/html'/> <Link rel='http://specs.openid.net/auth/2.0/provider' href='http://www.google.com/profiles/chris.messina'/> <Link rel='describedby' href='http://www.google.com/profiles/chris.messina' type='text/html'/> <Link rel='describedby' href='http://s2.googleusercontent.com/webfinger/?q=chris.messina%40gmail.com&fmt=foaf' type='application/rdf+xml'/> <Link rel='http://schemas.google.com/g/2010#updates-from' href='http://buzz.googleapis.com/feeds/102034052532213921839/public/posted' type='application/atom+xml'/></XRD>
XRD ProfileHow WebFinger works
<Link rel='http://specs.openid.net/auth/2.0/provider' href='http://www.google.com/profiles/chris.messina'/>
Putting it together
ConnectEmailEnter email: Lookup
Making OpenID easier using an email address
Putting it together
ConnectEmailEnter email:
Making OpenID easier using an email address
Making OpenID easier using an email addressPutting it together
Signed in as: Chris Messina
Making OpenID easier using an email addressPutting it together
Signed in as: Chris Messina
Connect
...according to David RecordonThe anatomy of connect
Source O’Reilly Radar.95
...according to David RecordonThe anatomy of connect
• Profile (identity, accounts, profiles)
Source O’Reilly Radar.95
...according to David RecordonThe anatomy of connect
• Profile (identity, accounts, profiles)• Relationships (followers, friends, contacts)
Source O’Reilly Radar.95
...according to David RecordonThe anatomy of connect
• Profile (identity, accounts, profiles)• Relationships (followers, friends, contacts)• Content (posts, photos, videos, links)
Source O’Reilly Radar.95
...according to David RecordonThe anatomy of connect
• Profile (identity, accounts, profiles)• Relationships (followers, friends, contacts)• Content (posts, photos, videos, links)• Activity (poked, bought, shared, blogged)
Source O’Reilly Radar.95
...according to David RecordonThe anatomy of connect
• Profile (identity, accounts, profiles)• Relationships (followers, friends, contacts)• Content (posts, photos, videos, links)• Activity (poked, bought, shared, blogged)
Source O’Reilly Radar.
• Goal: Discovery of new people and content
95
ConnectConnect
Agenda• The Value• The Technology• The Future
• Breakouts