Published on November 8, 2007
Today Eduserv OpenID Meeting
quot;Its deﬁnitely time to declare quot;OpenID is a protocol made OpenID a winnerquot; for the public, by the public. TechCrunch No one owns or controls your login information:You do.quot; 37signals quot;...sees great potential for OpenID's use alongside enterprise-ready software infrastructurequot; Sun Microsystems quot;taking the world by stormquot; quot;this high proﬁle announcement marks Tim O'Reilly the importance of single sign on identity technology to the future of the Internetquot; ReadWriteWeb
What is OpenID? • Single sign-on for the web • Simple and light-weight (not going to replace your bank card pin) • Easy to use and deploy • Built upon proven existing technologies (DNS, HTTP, SSL/TLS, Difﬁe-Hellman) • Decentralized (you don't have to ask anyone permission to implement it) • Free!
An OpenID is a URI • URLs are globally unique and ubiquitous • OpenID allows proving ownership of an URI • People already have identity at URLs via blogs, photos, MySpace, FaceBook, etc • People already describe relationships via URLs (e.g. links to my friends)
OpenID is Decentralized
quot;What problems does it solve?quot;
Too many usernames
Too many passwords
Signup is too hard
Directories are hard
Strong auth is complex
The web lacks identity
OpenID is another important building block.
Identity is not just one thing
...but it is really about trust
With OpenID, you get to choose who you trust. (and even change your mind later)
O M E How Does it Work? D
As a Conversation Who are you? I’m davidrecordon.com Prove it!
Discovers My Provider quot;openid.serverquot; points to my OpenID Provider
O M E Using OpenID D
Getting an OpenID http://openid.net/get/
OpenID is Really Easy
quot;This is a geek's toy, nobody will ever have an OpenID!quot;
~160 million OpenIDs (including every AOL user) OpenID 1.1 - Estimated from various services
quot;Nobody will ever use this!quot;
Total Relying Parties (aka places you can login with OpenID) 6,000 4,500 3,000 1,500 0 ov b ay ly '06 ar ne ov ay ly '05 ct ec r g ne p ec '07 b ct ar r st 22 Ap Ap Au Fe Se Fe Ju Ju gu O O M M M M D D Ju Ju N N p p Jan Jan Au Se Se OpenID 1.1 - As viewed by MyOpenID.com
quot;So that's great there are so many blogs, but what about something real?quot;
“Any OpenID in the enterprise?”
Offer all employees OpenIDs; open source Enterprise SSO and identity manager with LDAP and OpenID Internal SSO for bug trackers and wikis OpenID Provider with plans to ship in enterprise products this year Shared OpenID Provider for their businesses and partners Project management, CRM, and billing for small businesses
quot;What about security?quot;
like any protocol...think as you implement
What about phishing?
Kitten Overload! More kittens! Simon Willison - FOWA 02/07
Kitten Overload! Identity theft! FAKE :'( Simon Willison - FOWA 02/07
Safe Sign-In Pages
Estonian ID-card http://open.id.ee/
the best solutions may around the browser
MyVidoop Plugin (a password manager tied into your OpenID account add-on for Firefox)
Sxipper (a form ﬁller password manager with OpenID integration add-on for Firefox)
Symantec Identity Client (OpenID form-ﬁll, upcoming provider, and claims integration)
VeriSign's OpenID SeatBelt (an OpenID convenience and security add-on for Firefox) works with
IE Team has posted a job ad mentioning quot;OpenIDquot; quot;Does the idea of redeﬁning the role of the Internet browser appeal to you? Do the terms HTTP, RSS, Microformats, and OpenID, excite you? If so, then this just might be the opportunity for you.quot;
OpenID doesn't dictate an authentication method
OpenID is great for innovation
quot;How do I deploy OpenID?quot;
OpenID Specs • OpenID Authentication 1.1 • OpenID Simple Registration 1.0 • Yadis Discovery Protocol • OpenID Authentication 2.0 (implementors draft) • OpenID Attribute Exchange 1.0 (draft) • OpenID PAPE 1.0 (draft) • OpenID Data Transport Protocol (draft)
Final Speciﬁcations • OpenID Authentication 1.1 • What most people think of for OpenID • What I’m mainly talking about today • Very simple • OpenID Simple Registration Extension • Exchange basic proﬁle data • Keep the user in charge
OpenID Authentication 2.0 • Cleans up the 1.1 speciﬁcation • Adds a few useful features • Robust extensibility • Enhanced service discovery • quot;Directed identityquot; • XRI • About six independent library implementations of ﬁnal draft
Attribute Exchange • Flexible framework for exchange rich proﬁle attributes • Keeps the user in charge • Allows updating data in a distributed fashion
PAPE • Communicate details about how the user authenticated • High-level policies such as “phishing resistant” or “multi-factor” • Increasingly important with higher value OpenID transactions
Lots Easy of Code • Libraries in C#, C++, Java, Perl, Python, Ruby, PHP, and ColdFusion • Can have something working within a weekend • Need to think a bit about security and usability
“Why OpenID and education?”
Thanks! Questions? http://openid.net/ David Recordon davidrecordon.com firstname.lastname@example.org
OpenID is a safe, faster and easier way to log in to web sites. ... The inaugural meeting of the iGov Working Group took place on Wednesday, ...
Eduserv, Bath, United Kingdom ... Max Wide and Matt Prosser for this engaging round-table meeting. ... You can find out today at the Eduserv blog why Matt ...
OpenID von Karina Mies, ekaabo GmbH, am 3. Mai 2010 beim 4. Webmontag.talk in Manhheim. OpenID von Karina Mies, ekaabo GmbH, am 3. Mai 2010 beim 4.
Calendar of OpenID Foundation Meetings; Member Sign-in; Current Working Groups . ... Delegation requires nothing more than an OpenID Provider and some ...
OpenID Foundation Meeting: what is OpenID ... the BBC hosted a meeting of the OpenID Foundation ... As of 'today', OpenID is best left to ...
Definition OpenIDDefinition FacebookConnectVerbreitung OpenID Verbreitung FacebookConnect Vorteile / Nachteile OpenIDVorteile / Nachteile FacebookConnect ...
(1 reply) A long standing concern of the OpenID board and focus of this years' Adoption Committee has been keeping www.openid.net current and informative.
OpenID ; 13. 1/2 • JanRain.com OpenID • OpenID OPX • OpenID RP RPX ... Eduserv OpenID Meeting: OpenID Today.