OpenID - What is it, and what does it mean to me?

50 %
50 %
Information about OpenID - What is it, and what does it mean to me?

Published on August 12, 2007

Author: david.orrell

Source: slideshare.net

Description

OpenID is a lightweight, decentralised single sign-on mechanism for the Web, developed primarily to meet the needs of the blogging and Web 2.0 communities, but beginning to be of interest in wider contexts such as elearning. This session introduces the concepts of OpenID and explores some of the implications, from an education perspective.

What is it ... and what does it mean to me? David Orrell [email_address] 9 Aug 2007

What's this about? Learn about what OpenID is. See how web identity systems are changing. Hopefully be convinced that it's a good thing!

Learn about what OpenID is.

See how web identity systems are changing.

Hopefully be convinced that it's a good thing!

What is OpenID? “OpenID is an open, decentralized, free framework for user-centric digital identity.” (from OpenID.net) (...for the Web) (...for Web 2.0)

“OpenID is an open, decentralized, free framework for user-centric digital identity.”

(from OpenID.net)

(...for the Web)

(...for Web 2.0)

What is an OpenID? http://dno.myopenid.com or http://openid.eduserv.org.uk/dno

http://dno.myopenid.com

or

http://openid.eduserv.org.uk/dno

An OpenID is itself a web entity.

An OpenID is itself a web entity.

An OpenID is itself a web entity. It's an identity system using Web technologies.

An OpenID is itself a web entity.

It's an identity system using Web technologies.

An OpenID is itself a web entity. It's an identity system using Web technologies. It's scalable.

An OpenID is itself a web entity.

It's an identity system using Web technologies.

It's scalable.

An OpenID is itself a web entity. It's an identity system using Web technologies. It's scalable. It's elegant and really simple!

An OpenID is itself a web entity.

It's an identity system using Web technologies.

It's scalable.

It's elegant and really simple!

 

 

 

 

 

Open and Decentralised The 3 key qualities...

The 3 key qualities...

(1) No one provider holds key to the OpenID network. A sustainable foundation to the system, with the user in control. Open and Decentralised

(1) No one provider holds key to the OpenID network.

A sustainable foundation to the system, with the user in control.

(2) Pervasively Open Source. Providers don't have to worry about technology and vendor lock-in. Open and Decentralised

(2) Pervasively Open Source.

Providers don't have to worry about technology and vendor lock-in.

(3) Light-weight enough to be 'layered' with other technologies. Open and Decentralised

(3) Light-weight enough to be 'layered' with other technologies.

What's in an OpenID? http:// dno.myopenid.com me my identity provider

http:// dno.myopenid.com

Why users should care...

Why users should care...

A user can choose who holds their identity.

A user can choose who holds their identity.

http://openid.net/wiki/index.php/OpenIDServers lists around 60 providers. Or your employer, college might provide one. Why not run your own?

http://openid.net/wiki/index.php/OpenIDServers

lists around 60 providers.

Or your employer, college might provide one.

Why not run your own?

Users get single sign on between resources. - common username - common password - sign on once (or client certificates: MyOpenID / certifi.ca)

Users get single sign on between resources.

- common username

- common password

- sign on once

(or client certificates: MyOpenID / certifi.ca)

Users get single sign on between resources. - common username - common password - sign on once (or client certificates: MyOpenID / certifi.ca) Their credentials are only stored by their identity provider(s).

Users get single sign on between resources.

- common username

- common password

- sign on once

(or client certificates: MyOpenID / certifi.ca)

Their credentials are only stored by their identity provider(s).

Users can easily register for services. OpenID has a 'simple registration extension'.

Users can easily register for services.

OpenID has a 'simple registration extension'.

 

 

 

 

 

Easy registration for light-weight purposes, like posting comments on blogs.

Easy registration for light-weight purposes, like posting comments on blogs.

Easy registration for light-weight purposes, like posting comments on blogs. Better than persistent cookies.

Easy registration for light-weight purposes, like posting comments on blogs.

Better than persistent cookies.

Easy registration for light-weight purposes, like posting comments on blogs. Better than persistent cookies. Can associate an OpenID with an existing account.

Easy registration for light-weight purposes, like posting comments on blogs.

Better than persistent cookies.

Can associate an OpenID with an existing account.

Users can choose their identity dno.myopenid.com I'm not forced to use 'dno34562' at someconsumer.com and 'dno234' at someotherconumer.com

Users can choose their identity

dno.myopenid.com

I'm not forced to use

'dno34562' at someconsumer.com and 'dno234' at someotherconumer.com

Users can choose their identity dno.myopenid.com I'm not forced to use 'dno34562' at someconsumer.com and 'dno234' at someotherconumer.com Even better if I am my identity provider

Users can choose their identity

dno.myopenid.com

I'm not forced to use

'dno34562' at someconsumer.com and 'dno234' at someotherconumer.com

Even better if I am my identity provider

OK, this sounds great, but...

A URL as an identity? Isn't a URL a counter-intuitive form of identity?

Isn't a URL a counter-intuitive form of identity?

A URL as an identity? Isn't a URL a counter-intuitive form of identity? Perhaps, but think of a blog, or MySpace... a URL is very much an identity.

Isn't a URL a counter-intuitive form of identity?

Perhaps, but think of a blog, or MySpace... a URL is very much an identity.

 

 

A URL can imply more.... http://openid.eduserv.org.uk/dno I am an employee of Eduserv

A URL can imply more....

http://openid.eduserv.org.uk/dno

 

In theory, a URL says much more...

In theory, a URL says much more...

In theory, a URL says much more... An OpenID is much richer than a username in what it can say (or imply) about a user.

In theory, a URL says much more...

An OpenID is much richer than a username in what it can say (or imply) about a user.

In theory, a URL says much more... An OpenID is much richer than a username in what it can say (or imply) about a user. Can delegate your identity from any URL: eg. your blog.

In theory, a URL says much more...

An OpenID is much richer than a username in what it can say (or imply) about a user.

Can delegate your identity from any URL: eg. your blog.

 

 

An OpenID is globally unique so could form the basis of decentralised social networks. Add support for microformats... xfn, hCard, MicroID? Check out... http://microformats.org http://microid.org http://simonwillison.net

 

 

What about privacy? Identity vs Privacy

Identity vs Privacy

What about privacy? OpenID does not solve problems around privacy. Again, keep in mind the context here: Web 2.0, social networks and the blogosphere.

OpenID does not solve problems around privacy.

Again, keep in mind the context here: Web 2.0, social networks and the blogosphere.

Phishing A 'bad' consumer can easily perform a phishing attack. OpenID does not necessarily make things better or worse!

A 'bad' consumer can easily perform a phishing attack.

OpenID does not necessarily make things better or worse!

 

Set you identity provider as your homepage or a bookmark and sign in first.

Verisign PIP SeatBelt Firefox extension Firefox 3 to have 'OpenID support'

 

 

 

 

 

Trust! 2 schools of thought.... (though not necessarily mutually exclusive)

2 schools of thought....

(though not necessarily mutually exclusive)

(1) OpenID is what is it because it doesn't do trust.

OpenID is what is it because it doesn't do trust.

(1) OpenID is what is it because it doesn't do trust. Consumers and identity providers need no prior agreements.

OpenID is what is it because it doesn't do trust.

Consumers and identity providers need no prior agreements.

(1) OpenID is what is it because it doesn't do trust. Consumers and identity providers need no prior agreements. Ad-hoc trust can still be achieved.

OpenID is what is it because it doesn't do trust.

Consumers and identity providers need no prior agreements.

Ad-hoc trust can still be achieved.

“This is not a trust system. Trust requires identity first.” (from OpenID.net)

“This is not a trust system. Trust requires identity first.”

(from OpenID.net)

(2) OpenID is simple and is there to be built on. Adding trust is a natural extension.

OpenID is simple and is there to be built on. Adding trust is a natural extension.

(2) OpenID is simple and is there to be built on. Adding trust is a natural extension. Consumers can white-list 'good' identity providers.

OpenID is simple and is there to be built on. Adding trust is a natural extension.

Consumers can white-list 'good' identity providers.

Relations with SAML/Shibboleth Don't they address the same thing!

Don't they address the same thing!

Relations with SAML/Shibboleth Don't they address the same thing! Can co-exist.

Don't they address the same thing!

Can co-exist.

Relations with SAML/Shibboleth Don't they address the same thing! Can co-exist. OpenID comes from a different angle, for different applications and for non-specific user-bases.

Don't they address the same thing!

Can co-exist.

OpenID comes from a different angle, for different applications and for non-specific user-bases.

Open Standards and Patents Patents => not so Open?

Patents => not so Open?

Open Standards and Patents Patents => not so Open? Sun, Verisign and JanRain have all issued patent-covenants: patents will not be enforced against implementations of OpenID.

Patents => not so Open?

Sun, Verisign and JanRain have all issued patent-covenants: patents will not be enforced against implementations of OpenID.

So, who's using it? All AOL users have an OpenID (even if they don't know it). 63 million users. All 33 000 Sun employees.

 

digg.com announced support. General theme is that there are more providers than consumers.

http://openid.net (Specifications) http://www.openiddirectory.com/ (Directory of resources) http://www.openidenabled.com/ (OpenID implementations) [email_address]

Add a comment

Related presentations

Related pages

[OpenID] What does "identity" MEAN?

[OpenID] What does "identity" MEAN? ... the concept of someone trying to sell me the idea of identity. I don't mean lacking the ability to distinguish ...
Read more

What is OpenID? | OpenID

OpenID is rapidly gaining adoption on the web, with over one billion OpenID enabled user accounts and over 50,000 websites accepting OpenID for logins.
Read more

What is OpenID? - LiveJournal

Remember me. Log in . Forgot password? ... What does this mean? ... A site using OpenID doesn't need your password, ...
Read more

http - Fragment URL in Openid - what does it mean? - Stack ...

... //me.yahoo.com/a/9dodtB5.udVP6zRSRfAxIzPO6XXVdbqlS4jp#85bb1 What I think is odd is the fragment after th ... Fragment URL in Openid - what does it mean?
Read more

Get an OpenID® | OpenID

You may already have an OpenID. If you use any of the following services, you already have your own OpenID. Below are instructions on how to sign.
Read more

OpenID Explained

Your OpenID does unify information about you, but it only unifies information that you've already made public. And, you get to choose, using OpenID, ...
Read more

Comment with OpenID - Blogger Help - Google Support

What does that mean for your blog? It's a way to authe. Sign in. Search. Clear search. Close search. My Account; Search; ... Comment with OpenID.
Read more

OpenID - Wikipedia

OpenID is an open standard and decentralized authentication protocol. ... The Identity Provider does, however, get a log of your OpenID logins; ...
Read more

What does this `#((?<=\\?)|&)openid\\.[^&]+#` regexp mean?

... &)openid.[^&]+#', '', $_SERVER['REQUEST_URI']), '?'); what does it mean ... openid ... does it mean? and if it (seems for me) just ...
Read more