identity 2.0 - openid and user centric identity
TRANSCRIPT
Identity 2.0OpenID & User Centric Identity
Martin StrandbygaardOpen Source Days, 4th October 2008
?How Many Have Used OpenID
?How Many Use It Regularly
Who Am I
“Martin Strandbygaard”
All Part Of My Identity
Something I Claim
Something I Say
This Is Also Part Of My Identity
What Others Say About Me
(What Others Say = More Trusted)
Identity = Reputation
How Do I Prove It?
= “Martin Strandbygaard”
I control it.I choose when to use it.
Issuer doesn’t know when I do so.
Asymmetric trust = scalability
-
... Proves Your A Database Entry
Doesn’t Say Anything About You
Identity 1.0- Dick Hardt, OSCON 2005
OpenID Gives You A Digital Passport
http://martin.strandbygaard.net
http://strandbygaard.wordpress.com
http://claimid.com/strandbygaard
“Proves You Are You”
“Internet Users Either Distrust Or Snore Over Microsoft Passport Live ID”
- Gartner, 2001
OpenID is a simple, open, and decentralized authentication system
OpenIDLive ID/Google/
Adobe/....
Open ! !
Decentralized ! !
Simple ! !
Free ! !
What’s It Good For?
! “Too Many Usernames and Passwords”
We all know this ...
! “Too Many Usernames and Passwords”
! “Someone else took my username”
“martin” is already taken. What about “martin325”?
! “Too Many Usernames and Passwords”
! “Someone else took my username”
! “Not another registration form”
Text
! “Too Many Usernames and Passwords”
! “Someone else took my username”
! “No more registration form”
! “Identity scattered all over the Internet”
!=
Who has one?
> 500 million
“... bringing the grand total of OpenID enabled users on the Internet to well over 500 million users.”
Bill Washburn, July 2008CEO, OpenID Foundation
Come again?
That’s 7,5% of everyone!
Probably far fewer in Africa ....
And far more in Europe and the US
Where’d They All Come From?
Hype?
~250 million
~100 million
~65 million
~10 million
What About Google and Microsoft??
?
?
How Do I Get One?
Less Than A Minute
! Pick A Provider
OpenID Providers
Less Than A Minute
! Pick A Provider
! Sign Up
Less Than A Minute
! Pick A Provider
! Sign Up
! Use It
How Does It Work?
4. Authenticate
2. Associate
1. Go to site
3. Redirect to
OpenID provider5. Redirect back to site
Can I switch OpenID provider and keep my
OpenID.?
So what’s not so great?
4. Authenticate
2. Associate
1. Go to site
3. Redirect to
OpenID provider5. Redirect back to site
A Malicious Relying Party
Leads To ....
Bad Site
Untrusted site redirects you to the trusted provider.
Who Else Does This?
........
! BrittleOpenID is all eggs in one basket.
“I forgot my password”
! Identity Provider Is Single Point Of Failure
4. Authenticate
2. Associate
1. Go to site
3. Redirect to
OpenID provider5. Redirect back to site
Your Identity Provider Knows Where you take It.
Where Can I Take It?
It’s on the rise
“We expect more than 50.000 OpenID enabled sites by then end of 2008.”
Bill Washburn, July 2008CEO, OpenID Foundation
I Want To Know More
Dick Hardt @ OSCON 2005http://identity20.com/media/OSCON2005/
The implications of
Simon WillisonGoogle Tech Talk, 25th June 2007
Simon Willison @ Google Tech Talkhttp://www.youtube.com/watch?v=DslTkwON1Bk
Any Questions?