Distributed Identity Management

University of Applied Sciences RapperswilApril 14, 2008

Corsin Camichel, ccamiche@hsr.ch

Agenda

• Traditional login process

• What is OpenID

• How OpenID works

• Live Demo

• For Developers

• Your Questions

2

Login Today

• How many accounts do you have?

• GMail, Yahoo Mail, Hotmail ...

• MySpace / FaceBook / StudiVZ ...

• How many different passwords do you use?

3

The Way A Login Works

1.Register for an account (share your data)

2.Verify your email address

3.First login with the new account

4.Server verifies credentials

5.Repeat steps for any other website ...

6.End up with 30 accounts on 30 websites

4

What is OpenID?

• new open standard for logging in

• identified by URI (AHV, finger print)

• http://openid.hsr.ch/ccamiche

• http://cocaman.ch

• Single-Sign-On (SSO)

• only one password used

• over 250 million accounts worldwide5

The OpenID Way

1.You create an OpenID

1.You can use your Flickr account, Google Account or any other provider out there

2.Go to the website

3.Login with your OpenID

4.Define what data you like to share

5.That is it. You have created an account6

How It Works

8

The Process In Detail

• Creative Commons Wiki

9

Data not being shared

• Your Password

• Things you do not want to give the website (see my “personas”)

10

Developers I

• Create an user account based on OpenID data

• Respect the specs

• Becoming part of Firefox 3.0 & Internet Explorer 8

• Big companies start to use OpenID (Yahoo, Google, VeriSign, Microsoft ...)

11

Developers II

• Many ready-to-use implementations for PHP, Java, Ruby ...

• Add-ons for CMS, Wikis and others

• No hassle with the detailed specification

12

Fears

• Phishing

• Man-in-the-middle attacks

• Remember: It is only an Authentication, NOT an Authorization system

13

More Information?!

• http://openid.net

• http://openid.net/developers/specs

• http://myopenid.com

14

Any Questions?

15