student authentication
DESCRIPTION
WCET 2008 Conference presentationTRANSCRIPT
What It Is
How It Works
Why You Should
Care
Scott LeslieWCET/BCcampus
November 7, 2007
What is OpenID?
• “De-centralised Single Sign-on for the Web which puts individuals in charge”1
• “OpenID eliminates the need for multiple usernames across different websites”2
1 Powell and Recordon, “OpenID: Decentralised Single Sign-on for the Web,” http://www.ariadne.ac.uk/issue51/powell-recordon/ Last Viewed: Oct 30, 2007.
2 OpenID “What is OpenID” http://openid.net/what/ Last Viewed: Oct 30, 2007
Say what?
Let’s try a demo instead…
• http://blog.dataunbound.com/
• http://www.51weeks.com/events/3/presentations/49
Some of OpenID’s benefits• Users choose and can control their
OpenID provider• De-centralized - no single server
which every OpenID-enabled service or every user must register
• Users authentication credentials are only stored one place
• Usually an easy to remember URL (e.g. edtechpost.myopenid.com)
Additional Benefits
• Uses only standard HTTP(S), does not require any special capabilities of the User-Agent or other client software.
What it is Not
• It does not try to provide trust or distributed authorization solutions
• It will never be a replacement for current on-campus single sign on technologies– But maybe it will be a compliment
http://www.xmlgrrl.com/blog/archives/2007/03/28/the-venn-of-identity/
Ok, but why should I care?
OpenID Providers• 9 million users on LiveJournal.com • AOL - 63 million users got
OpenIDs in one fell swoop• 1 million+ smart card based
OpenIDs issued in Estonia• openid.sun.com – 34,000 Sun
employee issued an OpenID• Microsoft intend to integrate
OpenID into Cardspace
OpenID Consumers
• Libraries which support it in app development frameworks like Ruby on Rails, Zend PHP, Django Python
• 100s of services & apps which support OpenIDs, cf. https://www.myopenid.com/directory and http://openiddirectory.com/
Right, but like I said, why should I care?
Avoid Becoming a Technology Ghetto
http://www.flickr.com/photos/extraketchup/737480991/
Respect Existing Online Identities
http://www.flickr.com/photos/jimfrazier/1187369664/
Give User Choice to Merge Campus Life and Online Life
http://www.flickr.com/photos/re100cyber/1435723666/
Where is it going?• OpenID 2 - differences?
– Addressing ‘phising’ issue– Interop with Identity Selectors like
Cardspace– Attribute Exchange Extension– Works with Yadis– http://openid.net/specs/openid-
authentication-2_0-12.html
• OpenID and SAML• User Centric Identity Interop tests
http://osis.netmesh.org/wiki/I2_Results
How Higher Ed can work with OpenID?• Become an OpenID provider
– cf. https://login.case.edu/id and https://openid.byu.edu/
– cf. http://www.ja-sig.org/wiki/display/CASUM/OpenID
• Ask yourself – are there applications we provide which could use OpenID?– How about when they become alumni?
Further Reading
• Sam Ruby – “OpenID for non-SuperUsers”– http://www.intertwingly.net/blog/
2007/01/03/OpenID-for-non-SuperUsers
• Powell and Recordon - “OpenID: Decentralised Single Sign-on for the Web”–
http://www.ariadne.ac.uk/issue51/powell-recordon/