openid presentation - a quick introduction
DESCRIPTION
My short presentation on OpenID on April 14th, 2008 at the University of Applied Sciences in RapperswilTRANSCRIPT
Distributed Identity Management
University of Applied Sciences RapperswilApril 14, 2008
Corsin Camichel, [email protected]
Agenda
• Traditional login process
• What is OpenID
• How OpenID works
• Live Demo
• For Developers
• Your Questions
2
Login Today
• How many accounts do you have?
• GMail, Yahoo Mail, Hotmail ...
• MySpace / FaceBook / StudiVZ ...
• How many different passwords do you use?
3
The Way A Login Works
1.Register for an account (share your data)
2.Verify your email address
3.First login with the new account
4.Server verifies credentials
5.Repeat steps for any other website ...
6.End up with 30 accounts on 30 websites
4
What is OpenID?
• new open standard for logging in
• identified by URI (AHV, finger print)
• http://openid.hsr.ch/ccamiche
• http://cocaman.ch
• Single-Sign-On (SSO)
• only one password used
• over 250 million accounts worldwide5
The OpenID Way
1.You create an OpenID
1.You can use your Flickr account, Google Account or any other provider out there
2.Go to the website
3.Login with your OpenID
4.Define what data you like to share
5.That is it. You have created an account6
How It Works
8
Data not being shared
• Your Password
• Things you do not want to give the website (see my “personas”)
10
Developers I
• Create an user account based on OpenID data
• Respect the specs
• Becoming part of Firefox 3.0 & Internet Explorer 8
• Big companies start to use OpenID (Yahoo, Google, VeriSign, Microsoft ...)
11
Developers II
• Many ready-to-use implementations for PHP, Java, Ruby ...
• Add-ons for CMS, Wikis and others
• No hassle with the detailed specification
12
Fears
• Phishing
• Man-in-the-middle attacks
• Remember: It is only an Authentication, NOT an Authorization system
13
More Information?!
• http://openid.net
• http://openid.net/developers/specs
• http://myopenid.com
14
Any Questions?
15