identity 2.0 - openid and user centric identity

Identity 2.0OpenID & User Centric Identity

Martin StrandbygaardOpen Source Days, 4th October 2008

?How Many Have Used OpenID

?How Many Use It Regularly

Who Am I

“Martin Strandbygaard”

martin@strandbygaard.com

martin@strandbygaard.net

martin.strandbygaard@safewhere.net

All Part Of My Identity

Something I Claim

Something I Say

This Is Also Part Of My Identity

What Others Say About Me

(What Others Say = More Trusted)

Identity = Reputation

How Do I Prove It?

= “Martin Strandbygaard”

I control it.I choose when to use it.

Issuer doesn’t know when I do so.

Asymmetric trust = scalability

-

... Proves Your A Database Entry

Doesn’t Say Anything About You

Identity 1.0- Dick Hardt, OSCON 2005

OpenID Gives You A Digital Passport

http://martin.strandbygaard.net

http://strandbygaard.wordpress.com

http://claimid.com/strandbygaard

“Proves You Are You”

“Internet Users Either Distrust Or Snore Over Microsoft Passport Live ID”

- Gartner, 2001

OpenID is a simple, open, and decentralized authentication system

OpenIDLive ID/Google/

Adobe/....

Open ! !

Decentralized ! !

Simple ! !

Free ! !

What’s It Good For?

! “Too Many Usernames and Passwords”

We all know this ...

! “Too Many Usernames and Passwords”

! “Someone else took my username”

“martin” is already taken. What about “martin325”?

! “Too Many Usernames and Passwords”

! “Someone else took my username”

! “Not another registration form”

Text

! “Too Many Usernames and Passwords”

! “Someone else took my username”

! “No more registration form”

! “Identity scattered all over the Internet”

!=

Who has one?

> 500 million

“... bringing the grand total of OpenID enabled users on the Internet to well over 500 million users.”

Bill Washburn, July 2008CEO, OpenID Foundation

Come again?

That’s 7,5% of everyone!

Probably far fewer in Africa ....

And far more in Europe and the US

Where’d They All Come From?

Hype?

~250 million

~100 million

~65 million

~10 million

What About Google and Microsoft??

?

?

How Do I Get One?

Less Than A Minute

! Pick A Provider

OpenID Providers

Less Than A Minute

! Pick A Provider

! Sign Up

Less Than A Minute

! Pick A Provider

! Sign Up

! Use It

How Does It Work?

4. Authenticate

2. Associate

1. Go to site

3. Redirect to

OpenID provider5. Redirect back to site

Can I switch OpenID provider and keep my

OpenID.?

So what’s not so great?

4. Authenticate

2. Associate

1. Go to site

3. Redirect to

OpenID provider5. Redirect back to site

A Malicious Relying Party

Leads To ....

Bad Site

Untrusted site redirects you to the trusted provider.

Who Else Does This?

........

! BrittleOpenID is all eggs in one basket.

“I forgot my password”

! Identity Provider Is Single Point Of Failure

4. Authenticate

2. Associate

1. Go to site

3. Redirect to

OpenID provider5. Redirect back to site

Your Identity Provider Knows Where you take It.

Where Can I Take It?

It’s on the rise

“We expect more than 50.000 OpenID enabled sites by then end of 2008.”

Bill Washburn, July 2008CEO, OpenID Foundation

I Want To Know More

Dick Hardt @ OSCON 2005http://identity20.com/media/OSCON2005/

The implications of

Simon WillisonGoogle Tech Talk, 25th June 2007

Simon Willison @ Google Tech Talkhttp://www.youtube.com/watch?v=DslTkwON1Bk

Any Questions?