web 2.0 expo berlin: openid emerging from web 2.0

Download Web 2.0 Expo Berlin: OpenID Emerging from Web 2.0

Post on 28-Jan-2015




3 download

Embed Size (px)


David Recordon and Martin Paljak's talk on OpenID generally and its use in Estonia tied to smartcards.


  • 1. Emerging From Web 2.0Web 2.0 Expo Berlin 2007

2. quot;Its denitely time to declarequot;OpenID is a protocol made OpenID a winnerquot;for the public, by the public.TechCrunch No one owns or controls yourlogin information:You do.quot; 37signals quot;...sees great potential for OpenID's usealongside enterprise-ready software infrastructurequot; Sun Microsystems quot;taking the world by stormquot;quot;this high prole announcement marksTim O'Reilly the importance of single sign on identity technology to the future of the Internetquot;ReadWriteWeb 3. What is OpenID? Single sign-on for the web Simple and light-weight (not going to replace your bank card pin) Easy to use and deploy Built upon proven existing technologies (DNS, HTTP, SSL/TLS, Dife-Hellman) Decentralized (you don't have to ask anyone permission to implement it) Free! 4. An OpenID is a URI URLs are globally unique and ubiquitous OpenID allows proving ownership of an URI People already have identity at URLs via blogs, photos, MySpace, FaceBook, etc People already describe relationships via URLs (e.g. links to my friends) 5. OpenID is Decentralized 6. Benets Reduces the number of usernames and passwords Simplies new account creation Allows for lightweight accounts Simplies internal SSO Enables wide-spread benet of strong authentication Enables decentralized reputation Enables social network portability 7. O M E How Does it Work? D 8. As a ConversationWho are you? Im davidrecordon.comProve it! 9. Discovers My Provider quot;openid.serverquot; points to my OpenID Provider 10. (crypto happens) 11. Getting an OpenIDhttp://openid.net/get/ 12. OpenID is Really Easy 13. quot;This is ageek's toy, nobody will ever have anOpenID!quot; 14. ~160 million OpenIDs(including every AOL user) OpenID 1.1 - Estimated from various services 15. quot;Nobody will ever use this!quot; 16. Total Relying Parties(aka places you can login with OpenID) 6,000 4,500 3,000 1,5000ovbay ly '06ar neov ay ly '05ct ecr g ne p ec '07b ct arrst22 ApApAu Fe SeFeJuJugu O OM MM M D D Ju JuNNp pJan JanAu Se Se OpenID 1.1 - As viewed by MyOpenID.com 17. quot;So that's great there are so many blogs, but what about something real?quot; 18. quot;What about security?quot; 19. Protocol Security? 20. like any protocol...think as you implement 21. the best solutions may around the browser 22. MyVidoop Plugin (a password manager tied into your OpenID account add-on for Firefox) 23. Sxipper (a form ller password manager with OpenID integration add-on for Firefox) 24. Symantec Identity Client (OpenID form-ll, upcoming provider, and claims integration) 25. VeriSign's OpenID SeatBelt (an OpenID convenience and security add-on for Firefox)works with 26. IE Team has posted a job ad mentioning quot;OpenIDquot; quot;Does the idea of redening the role of the Internet browser appeal to you? Do the terms HTTP, RSS, Microformats, and OpenID, excite you? If so, then this just might be the opportunity for you.quot; 27. OpenID is great for innovation 28. So, what about OpenID 2.0? 29. OpenID 2.0 Cleans up the 1.1 specication Adds a few useful features Robust extensibility Enhanced service discovery quot;Directed identityquot; XRI About six independent library implementations of nal draft 30. Any OpenID in the enterprise? 31. Offer all employeesOpenIDs; open sourceEnterprise SSO and identity manager with LDAP and OpenID Internal SSO for bug trackers and wikis OpenID Provider with plans to ship in enterprise products this year Shared OpenID Providerfor their businesses andpartnersProject management, CRM, and billing for small businesses 32. Open.ID.ee 33. I come from E-stonia A small EU country with ~1.3M inhabitants Access to internet considered a civil right Had rst parliament elections over the internet in 2005 80%+ of the population have a digital ID- card 34. ID-card 35. ID-card is a... Photo ID like any other We are interested in Electronic ID: The chip contains your name, age, gender and social security number Two PIN codes: one for authentication and one for signing documents 36. Authentication Is about proving who you are. Available to any service that wants to use it Online banking Filing your taxes Various other services 37. quot;How does this happen?quot; 38. Entering your PIN code is your consent to send personal data to theservice 39. Yes/No decision 40. quot;So what is the problem?quot; 41. Users do not always want this. Users want control of theirpersonal data. 42. What is Identity? Wikipedia: the sameness of two things Things are users Users are website visitors Who are you? 43. Are you the same you that signed up with us? 44. ID-card contains government veriedidentity 45. Same Can be Different Bank: Martin Paljak, the account owner Forum: user who registered as catluvr99 Blog: author of the comment http://open.id.ee/martin.paljak is Martin Paljak 46. Is the OpenID you present the same as wehave in our database? 47. Websites really need to match identiers, notcollect your personal data. 48. Solution: OpenID id.ee => open.id.ee OpenID service that uses ID-cards for authentication Gives users more control over their private data Is NOT a government enforced/controlled service 49. Simplicity One privacy policy to check One trust decision to make One purpose for the OpenID service Encapsulate and protect users private data 50. No need to sign up, itJustWorks 51. ... if you have the needed hardware and software ... 52. quot;So if everybody implementsOpenID, are we all happy?quot; 53. quot;What about website developers?quot; 54. ID-card Sucks! Implementing support is difcult Technically challenging (SSL certicates and such) Users dont like ID-cards anyway as they are often afraid of privacy issues Most sites dont need so high security So... why bother? 55. I Forgot! Mobile-ID: same stuff inside your GSM SIM card Same technology inside ... ... but totally different to implement ... ... AGAIN!!! 56. What is Mobile-ID? Smaller ID-card No hardware needed - your phone is your card reader No need to install software to use it online - websites have it 57. beep-beep! 58. If youre going to write new code, why notOpenID code? 59. Benets of OpenID Only one interface to implement And lots of expertise available globally If website uses open.id.ee service exclusively, it has instant access to both ID-cards and Mobile-ID authentication ... with privacy features included @ no cost 60. So ... Users get more control over their private data and OpenID provides it Websites have a simple and easy way to integrate newest authentication technologies with OpenID 61. Finally a win-win solution? 62. Almost there ... 63. Anonymity Users want anonymity At least partial Remaining anonymous is a privilege Spam, death threats etc must be punishable 64. The story Riots in Tallinn that leaded to cyber-attacks Petition letter to force a politician resign collected almost 100k names and e-mails Including George Bush, Rex the dog and !@#$ you Result: nothing. 65. OpenID 2.0 New feature: identity selection You get to choose the OpenID sent to the website Choose between open.id.ee/martin.paljak ... 66. or http://open.id.ee/5a0eaba4bb1fb68a39ddec57c15dbff1543d6f461b2203f74 67. Anonymous OpenID No (zero) personal data in the URL One anonymous URL per user per website The account problem mitigated Still a guarantee that the user behind the OpenID is a real person 68. Extra Features Identity theft virtually impossible re-claiming is painless Some registration data is always true If user chooses to send it Why do they need it? 69. Why do I Care? Im a user too! We export the ID technology of Estonia Online privacy issues are being discussed Veried anonymity contributes to e-democracy 70. Why you should care! Implement OpenID - get access to our technology Other EU countries deploying ID-cards Similar problems Similar solutions OpenID is designed for interoperability ID-cards are in theory 71. Thanks!Questions? http://openid.net/ https://open.id.ee/about/englishDavid Recordon Martin Paljak davidrecordon.comhttp://ideelabor.ee david@sixapart.com martin@ideelabor.ee