SlideShare ist ein Scribd-Unternehmen logo

Distributed Identities with OpenID

Bastian Hofmann
Bastian Hofmann

Talk about distributed identities with OpenID and OpenID Connect for WebTech 2010

Technologie
1 von 48
Downloaden Sie, um offline zu lesen
Bastian Hofmann, VZnet Netzwerke Ltd. Distributed Identities with OpenID Dienstag, 12. Oktober 2010
Agenda •What are Identities? •The history of Identity Providers •Trying it the open way: OpenID •The rise of Social •OpenIDs future Dienstag, 12. Oktober 2010
Identities in real life Dienstag, 12. Oktober 2010
Do you have really only one identity? Lothar Krappmann: - Identity is conveyed by communication - Identity is not fixed but recreated by every communication with your fellows - Expectations of different people result in different identities Dienstag, 12. Oktober 2010
Example: Paul Adams http://www.slideshare.net/padday/the-real-life-social-network-v2 Dienstag, 12. Oktober 2010
Identities in the Web Dienstag, 12. Oktober 2010
Register, Register, Register, ... Dienstag, 12. Oktober 2010
Single Sign on ul_Marga Dienstag, 12. Oktober 2010
Microsoft Passport / Live ID •Windows Live ID •Launched 1999 as .net Passport •Used mainly for Microsoft Services but not much outside •OpenID Provider since 2008 Dienstag, 12. Oktober 2010
OpenID •Open decentralized user authentication http://openid.net/ Dienstag, 12. Oktober 2010
The Client Dienstag, 12. Oktober 2010
Discovery <link rel="openid.server" href="http://www.myopenid.com/ server" /> <link rel="openid2.provider" href="http://www.myopenid.com/ server" /> Delegation <meta http-equiv="X-XRDS-Location" content="http:// bhofmann.myopenid.com/" /> <link rel="openid2.provider" href="http:// www.myopenid.com/server" /> <link rel="openid2.local_id" href="http:// bhofmann.myopenid.com/" /> <link rel="openid.server" href="http://www.myopenid.com/ server" /> <link rel="openid.delegate" href="http:// bhofmann.myopenid.com/" /> Dienstag, 12. Oktober 2010
Connection Flow Dienstag, 12. Oktober 2010
DEMO Dienstag, 12. Oktober 2010
Authentication vs Authorization Who is the user? Is this really user X? VS Is X allowed to do something? Does X have the permission? Client sites want more than just a unique identifier (Social Graph) Dienstag, 12. Oktober 2010
But there are Spec Extensions decafinata Dienstag, 12. Oktober 2010
Simple Registration •Allows to specify certain fields in request that must or should be returned by the Identity Provider openid.sreg.required=openid.sreg.fullname& openid.sreg.optional=openid.sreg.email,openid.sreg.gender openid.sreg.fullname=Bastian&openid.sreg.gender=male Dienstag, 12. Oktober 2010
Attribute Exchange •Two-Way exchange of data possible penid.ns.ax=http://openid.net/srv/ax/1.0 openid.ax.mode=fetch_request openid.ax.type.fname=http://example.com/schema/fullname openid.ax.type.gender=http://example.com/schema/gender openid.ax.type.fav_dog=http://example.com/schema/favourite_dog openid.ax.type.fav_movie=http://example.com/schema/ favourite_movie openid.ax.count.fav_movie=3 openid.ax.required=fname,gender openid.ax.if_available=fav_dog,fav_movie openid.ax.update_url=http://idconsumer.com/update? transaction_id=a6b5c41 Dienstag, 12. Oktober 2010
Attribute Exchange •Two-Way exchange of data possible openid.ns.ax=http://openid.net/srv/ax/1.0 openid.ax.mode=fetch_response openid.ax.type.fname=http://example.com/schema/fullname openid.ax.type.gender=http://example.com/schema/gender openid.ax.type.fav_dog=http://example.com/schema/favourite_dog openid.ax.type.fav_movie=http://example.com/schema/ favourite_movie openid.ax.value.fname=John Smith openid.ax.count.gender=0 openid.ax.value.fav_dog=Spot openid.ax.count.fav_movie=2 openid.ax.value.fav_movie.1=Movie1 openid.ax.value.fav_movie.2=Movie2 openid.ax.update_url=http://idconsumer.com/update? transaction_id=a6b5c41 Dienstag, 12. Oktober 2010
Attribute Exchange •Two-Way exchange of data possible openid.ns.ax=http://openid.net/srv/ax/1.0 openid.ax.mode=store_request openid.ax.type.fname=http://example.com/schema/fullname openid.ax.value.fname=Bob Smith openid.ax.type.fav_movie=http://example.com/schema/ favourite_movie openid.ax.count.fav_movie=2 openid.ax.value.fav_movie.1=Movie1 openid.ax.value.fav_movie.2=Movie2 openid.ns.ax=http://openid.net/srv/ax/1.0 openid.ax.mode=store_response_success Dienstag, 12. Oktober 2010
OpenID + OAuth •Combines OpenID Authentication and OAuth authorization openid.ns.oauth=http://specs.openid.net/extensions/oauth/1.0 &openid.oauth.consumer=123456 openid.ns.oauth=http://specs.openid.net/extensions/oauth/1.0 &openid.oauth.request_token=7890 Dienstag, 12. Oktober 2010
OAuth 1.0a Flow +----------+ +---------------+ | -+----(B)-- Request Token -------->| | | End-user | | Authorization | | at |<---(C)-- User authenticates --->| Server | | Browser | | | | -+----(D)-- Verifier -------------<| | +-|----|---+ +---------------+ | | ^ v (B) (D) | | | | | | ^ v | | +---------+ | | | |>---(A)-- Redirect URL ---------------| | | Web |<---(A)-- Request Token + Secret -----| | | Client |>---(E)-- Request Token, Verifier ----' | | |<---(E)-- Access Token + Secret -------------' +---------+ Every Request: Client Credentials, Nonce, Timestamp, Signature http://oauth.net/ Dienstag, 12. Oktober 2010
Failures of OpenID 2.0 •Complex to implement •No marketing –Do you have an OpenID? –What is it? •URL as identifier => Bad User Experience Dienstag, 12. Oktober 2010
Proprietary strikes back Dienstag, 12. Oktober 2010
Facebook Connect Dienstag, 12. Oktober 2010
Twitter @Anywhere Dienstag, 12. Oktober 2010
And there are much, much more Dienstag, 12. Oktober 2010
Nascar problem Vaguely Artistic Dienstag, 12. Oktober 2010
Phishing Dienstag, 12. Oktober 2010
How to fix it? Moff Dienstag, 12. Oktober 2010
Aggregation: Janrain http://www.janrain.com/ Dienstag, 12. Oktober 2010
OpenID Connect •Goals: –Easier to implement –More simple specification –Better user experience •=> wider adption •Built on top of OAuth 2.0 Dienstag, 12. Oktober 2010
What‘s wrong with OAuth? •Does not work well with non web or JavaScript based clients •The „Invalid Signature“ Problem •Complicated Flow, many requests Dienstag, 12. Oktober 2010
What‘s new in OAuth2? (Draft 10) •Different client profiles •No signatures •No Token Secrets •Cookie-like Bearer Token •Mandatory TSL/SSL •No Request Tokens •Much more flexible regarding extensions http://tools.ietf.org/html/draft-ietf-oauth-v2 Dienstag, 12. Oktober 2010
Web-Server Profile +----------+ Client Identifier +---------------+ | -+----(A)--- & Redirect URI ------>| | | End-user | | Authorization | | at |<---(B)-- User authenticates --->| Server | | Browser | | | | -+----(C)-- Authorization Code ---<| | +-|----|---+ +---------------+ | | ^ v (A) (C) | | | | | | ^ v | | +---------+ | | | |>---(D)-- Client Credentials, --------' | | Web | Authorization Code, | | Client | & Redirect URI | | | | | |<---(E)----- Access Token -------------------' +---------+ (w/ Optional Refresh Token) Dienstag, 12. Oktober 2010
User-Agent Profile +----------+ Client Identifier +----------------+ | |>---(A)-- & Redirection URI --->| | | | | | End <--+ - - - +----(B)-- User authenticates -->| Authorization | User | | | Server | | |<---(C)--- Redirect URI -------<| | | Client | with Access Token | | | in | in Fragment +----------------+ | Browser | | | +----------------+ | |>---(D)--- Redirect URI ------->| | | | without Fragment | Web Server | | | | with Client | | (F) |<---(E)--- Web Page with ------<| Resource | | Access | Script | | | Token | +----------------+ +----------+ Dienstag, 12. Oktober 2010
What happend to signatures? •Ongoing controvers discussion •Bearer Tokens are fine over secure connection •Vulnerable if discovery is introduced •Or TSL/SSL is not possible Dienstag, 12. Oktober 2010
Scopes •Optional parameter for provider specific implementations •For example –Additional return values –Access Control Dienstag, 12. Oktober 2010
OpenID Connect? •Scope: „openid“ •With access token additional values are returned –UserID: URL to Portable Contacts endpoint –Signature –Timestamp http://openidconnect.com/ Dienstag, 12. Oktober 2010
DEMO Dienstag, 12. Oktober 2010
OpenID Connect Discovery •Get Identifier of user •Call /.well-know/host-meta file at the domain of the user‘s provider •Look for a link pointing to the OpenID Connect endpoints in the returned LRDD Dienstag, 12. Oktober 2010
When will it be available at VZ? NOW in BETA http://developer.studivz.net/wiki/index.php/VZ-Login http://github.com/vznet/vz_os_clientlibrary_php Dienstag, 12. Oktober 2010
FOAF+SSL (WebID) http://esw.w3.org/Foaf%2Bssl Dienstag, 12. Oktober 2010
DEMO Dienstag, 12. Oktober 2010
Problems •Bad browser UI •Syncing between different computers? •More than one user on the same computer? Dienstag, 12. Oktober 2010
UX Mockups Mozilla Weave Dienstag, 12. Oktober 2010
Summing it up •We need a single sign on system for the web •OpenID is cool, but has some problems •Proprietary solutions are bad for users, site owners and developers •A new more simple and flexible spec is coming up •Browser vendors are working to solve this problem in the browser Dienstag, 12. Oktober 2010
Thank you http://studivz.net/bastian http://twitter.com/BastianHofmann http://slideshare.net/bashofmann http://github.com/vznet http://developer.studivz.net Dienstag, 12. Oktober 2010

Empfohlen

JOSE Can You See...
JOSE Can You See...JOSE Can You See...
JOSE Can You See...Brian Campbell
 
Javascript Object Signing & Encryption
Javascript Object Signing & EncryptionJavascript Object Signing & Encryption
Javascript Object Signing & EncryptionAaron Zauner
 
JSON Web Tokens (JWT)
JSON Web Tokens (JWT)JSON Web Tokens (JWT)
JSON Web Tokens (JWT)Vladimir Dzhuvinov
 
An Introduction to the Emerging JSON-Based Identity and Security Protocols (O...
An Introduction to the Emerging JSON-Based Identity and Security Protocols (O...An Introduction to the Emerging JSON-Based Identity and Security Protocols (O...
An Introduction to the Emerging JSON-Based Identity and Security Protocols (O...Brian Campbell
 
I Left My JWT in San JOSE
I Left My JWT in San JOSEI Left My JWT in San JOSE
I Left My JWT in San JOSEBrian Campbell
 
Prairie Dev Con West - 2012-03-14 - Webmatrix, see what the matrix can do fo...
Prairie Dev Con West - 2012-03-14 - Webmatrix, see what the matrix can do fo...Prairie Dev Con West - 2012-03-14 - Webmatrix, see what the matrix can do fo...
Prairie Dev Con West - 2012-03-14 - Webmatrix, see what the matrix can do fo...Frédéric Harper
 
Elasticsearch Workshop
Elasticsearch WorkshopElasticsearch Workshop
Elasticsearch WorkshopFelipe Dornelas
 
Cracking JWT tokens: a tale of magic, Node.js and parallel computing - FullSt...
Cracking JWT tokens: a tale of magic, Node.js and parallel computing - FullSt...Cracking JWT tokens: a tale of magic, Node.js and parallel computing - FullSt...
Cracking JWT tokens: a tale of magic, Node.js and parallel computing - FullSt...Luciano Mammino
 

Empfohlen

JOSE Can You See...
JOSE Can You See...JOSE Can You See...
JOSE Can You See...Brian Campbell
 
Javascript Object Signing & Encryption
Javascript Object Signing & EncryptionJavascript Object Signing & Encryption
Javascript Object Signing & EncryptionAaron Zauner
 
JSON Web Tokens (JWT)
JSON Web Tokens (JWT)JSON Web Tokens (JWT)
JSON Web Tokens (JWT)Vladimir Dzhuvinov
 
An Introduction to the Emerging JSON-Based Identity and Security Protocols (O...
An Introduction to the Emerging JSON-Based Identity and Security Protocols (O...An Introduction to the Emerging JSON-Based Identity and Security Protocols (O...
An Introduction to the Emerging JSON-Based Identity and Security Protocols (O...Brian Campbell
 
I Left My JWT in San JOSE
I Left My JWT in San JOSEI Left My JWT in San JOSE
I Left My JWT in San JOSEBrian Campbell
 
Prairie Dev Con West - 2012-03-14 - Webmatrix, see what the matrix can do fo...
Prairie Dev Con West - 2012-03-14 - Webmatrix, see what the matrix can do fo...Prairie Dev Con West - 2012-03-14 - Webmatrix, see what the matrix can do fo...
Prairie Dev Con West - 2012-03-14 - Webmatrix, see what the matrix can do fo...Frédéric Harper
 
Elasticsearch Workshop
Elasticsearch WorkshopElasticsearch Workshop
Elasticsearch WorkshopFelipe Dornelas
 
Cracking JWT tokens: a tale of magic, Node.js and parallel computing - FullSt...
Cracking JWT tokens: a tale of magic, Node.js and parallel computing - FullSt...Cracking JWT tokens: a tale of magic, Node.js and parallel computing - FullSt...
Cracking JWT tokens: a tale of magic, Node.js and parallel computing - FullSt...Luciano Mammino
 
Passwords suck, but centralized proprietary services are not the answer
Passwords suck, but centralized proprietary services are not the answerPasswords suck, but centralized proprietary services are not the answer
Passwords suck, but centralized proprietary services are not the answerFrancois Marier
 
Introduction to the Emerging JSON-Based Identity and Security Protocols
Introduction to the Emerging JSON-Based Identity and Security ProtocolsIntroduction to the Emerging JSON-Based Identity and Security Protocols
Introduction to the Emerging JSON-Based Identity and Security ProtocolsBrian Campbell
 
Distributed Social Networking
Distributed Social NetworkingDistributed Social Networking
Distributed Social NetworkingBastian Hofmann
 
You're still using passwords on your site?
You're still using passwords on your site?You're still using passwords on your site?
You're still using passwords on your site?Francois Marier
 
Past, Present and Future of Data Processing in Apache Hadoop
Past, Present and Future of Data Processing in Apache HadoopPast, Present and Future of Data Processing in Apache Hadoop
Past, Present and Future of Data Processing in Apache HadoopCodemotion
 
MongoDB + Java - Everything you need to know
MongoDB + Java - Everything you need to know MongoDB + Java - Everything you need to know
MongoDB + Java - Everything you need to know Norberto Leite
 
Using Mongoid with Ruby on Rails
Using Mongoid with Ruby on RailsUsing Mongoid with Ruby on Rails
Using Mongoid with Ruby on RailsNicholas Altobelli
 
BitcoinJS Webtuesday Presentation
BitcoinJS Webtuesday PresentationBitcoinJS Webtuesday Presentation
BitcoinJS Webtuesday Presentationjustmoon
 
ActiveRecord vs Mongoid
ActiveRecord vs MongoidActiveRecord vs Mongoid
ActiveRecord vs MongoidIvan Nemytchenko
 
MongoDB .local Chicago 2019: Using Client Side Encryption in MongoDB 4.2
MongoDB .local Chicago 2019: Using Client Side Encryption in MongoDB 4.2MongoDB .local Chicago 2019: Using Client Side Encryption in MongoDB 4.2
MongoDB .local Chicago 2019: Using Client Side Encryption in MongoDB 4.2MongoDB
 
Introduction towebmatrix
Introduction towebmatrixIntroduction towebmatrix
Introduction towebmatrixPranav Ainavolu
 
Beyond Logging: Using MongoDB to Power a Private Social Network (Oh, and log ...
Beyond Logging: Using MongoDB to Power a Private Social Network (Oh, and log ...Beyond Logging: Using MongoDB to Power a Private Social Network (Oh, and log ...
Beyond Logging: Using MongoDB to Power a Private Social Network (Oh, and log ...justinjenkins
 
Xebia Knowledge Exchange - Owasp Top Ten
Xebia Knowledge Exchange - Owasp Top TenXebia Knowledge Exchange - Owasp Top Ten
Xebia Knowledge Exchange - Owasp Top TenPublicis Sapient Engineering
 
OAuth 2.0 – A standard is coming of age by Uwe Friedrichsen
OAuth 2.0 – A standard is coming of age by Uwe FriedrichsenOAuth 2.0 – A standard is coming of age by Uwe Friedrichsen
OAuth 2.0 – A standard is coming of age by Uwe FriedrichsenCodemotion
 
Can we stop saving docker credentials in plain text now?
Can we stop saving docker credentials in plain text now?Can we stop saving docker credentials in plain text now?
Can we stop saving docker credentials in plain text now?David Yeung
 
Technical Background of VZ-ID
Technical Background of VZ-IDTechnical Background of VZ-ID
Technical Background of VZ-IDBastian Hofmann
 
Opening up the Social Web - Standards that are bridging the Islands
Opening up the Social Web - Standards that are bridging the Islands Opening up the Social Web - Standards that are bridging the Islands
Opening up the Social Web - Standards that are bridging the Islands Bastian Hofmann
 
OpenSocial - Past, Present, Future
OpenSocial - Past, Present, FutureOpenSocial - Past, Present, Future
OpenSocial - Past, Present, FutureBastian Hofmann
 
OpenID and OAuth
OpenID and OAuthOpenID and OAuth
OpenID and OAuthAndrea Chiodoni
 
Opening up the Social Web - Standards that are bridging the Islands
Opening up the Social Web - Standards that are bridging the IslandsOpening up the Social Web - Standards that are bridging the Islands
Opening up the Social Web - Standards that are bridging the IslandsBastian Hofmann
 
Distributed Identities with OpenID
Distributed Identities with OpenIDDistributed Identities with OpenID
Distributed Identities with OpenIDBastian Hofmann
 
Distributed Identities with OpenID
Distributed Identities with OpenIDDistributed Identities with OpenID
Distributed Identities with OpenIDBastian Hofmann
 

Weitere ähnliche Inhalte

Was ist angesagt?

Passwords suck, but centralized proprietary services are not the answer
Passwords suck, but centralized proprietary services are not the answerPasswords suck, but centralized proprietary services are not the answer
Passwords suck, but centralized proprietary services are not the answerFrancois Marier
 
Introduction to the Emerging JSON-Based Identity and Security Protocols
Introduction to the Emerging JSON-Based Identity and Security ProtocolsIntroduction to the Emerging JSON-Based Identity and Security Protocols
Introduction to the Emerging JSON-Based Identity and Security ProtocolsBrian Campbell
 
Distributed Social Networking
Distributed Social NetworkingDistributed Social Networking
Distributed Social NetworkingBastian Hofmann
 
You're still using passwords on your site?
You're still using passwords on your site?You're still using passwords on your site?
You're still using passwords on your site?Francois Marier
 
Past, Present and Future of Data Processing in Apache Hadoop
Past, Present and Future of Data Processing in Apache HadoopPast, Present and Future of Data Processing in Apache Hadoop
Past, Present and Future of Data Processing in Apache HadoopCodemotion
 
MongoDB + Java - Everything you need to know
MongoDB + Java - Everything you need to know MongoDB + Java - Everything you need to know
MongoDB + Java - Everything you need to know Norberto Leite
 
Using Mongoid with Ruby on Rails
Using Mongoid with Ruby on RailsUsing Mongoid with Ruby on Rails
Using Mongoid with Ruby on RailsNicholas Altobelli
 
BitcoinJS Webtuesday Presentation
BitcoinJS Webtuesday PresentationBitcoinJS Webtuesday Presentation
BitcoinJS Webtuesday Presentationjustmoon
 
MongoDB .local Chicago 2019: Using Client Side Encryption in MongoDB 4.2
MongoDB .local Chicago 2019: Using Client Side Encryption in MongoDB 4.2MongoDB .local Chicago 2019: Using Client Side Encryption in MongoDB 4.2
MongoDB .local Chicago 2019: Using Client Side Encryption in MongoDB 4.2MongoDB
 
Introduction towebmatrix
Introduction towebmatrixIntroduction towebmatrix
Introduction towebmatrixPranav Ainavolu
 
Beyond Logging: Using MongoDB to Power a Private Social Network (Oh, and log ...
Beyond Logging: Using MongoDB to Power a Private Social Network (Oh, and log ...Beyond Logging: Using MongoDB to Power a Private Social Network (Oh, and log ...
Beyond Logging: Using MongoDB to Power a Private Social Network (Oh, and log ...justinjenkins
 
OAuth 2.0 – A standard is coming of age by Uwe Friedrichsen
OAuth 2.0 – A standard is coming of age by Uwe FriedrichsenOAuth 2.0 – A standard is coming of age by Uwe Friedrichsen
OAuth 2.0 – A standard is coming of age by Uwe FriedrichsenCodemotion
 
Can we stop saving docker credentials in plain text now?
Can we stop saving docker credentials in plain text now?Can we stop saving docker credentials in plain text now?
Can we stop saving docker credentials in plain text now?David Yeung
 

Was ist angesagt? (15)

Passwords suck, but centralized proprietary services are not the answer
Passwords suck, but centralized proprietary services are not the answerPasswords suck, but centralized proprietary services are not the answer
Passwords suck, but centralized proprietary services are not the answer
 
Introduction to the Emerging JSON-Based Identity and Security Protocols
Introduction to the Emerging JSON-Based Identity and Security ProtocolsIntroduction to the Emerging JSON-Based Identity and Security Protocols
Introduction to the Emerging JSON-Based Identity and Security Protocols
 
Distributed Social Networking
Distributed Social NetworkingDistributed Social Networking
Distributed Social Networking
 
You're still using passwords on your site?
You're still using passwords on your site?You're still using passwords on your site?
You're still using passwords on your site?
 
Past, Present and Future of Data Processing in Apache Hadoop
Past, Present and Future of Data Processing in Apache HadoopPast, Present and Future of Data Processing in Apache Hadoop
Past, Present and Future of Data Processing in Apache Hadoop
 
MongoDB + Java - Everything you need to know
MongoDB + Java - Everything you need to know MongoDB + Java - Everything you need to know
MongoDB + Java - Everything you need to know
 
Using Mongoid with Ruby on Rails
Using Mongoid with Ruby on RailsUsing Mongoid with Ruby on Rails
Using Mongoid with Ruby on Rails
 
BitcoinJS Webtuesday Presentation
BitcoinJS Webtuesday PresentationBitcoinJS Webtuesday Presentation
BitcoinJS Webtuesday Presentation
 
ActiveRecord vs Mongoid
ActiveRecord vs MongoidActiveRecord vs Mongoid
ActiveRecord vs Mongoid
 
MongoDB .local Chicago 2019: Using Client Side Encryption in MongoDB 4.2
MongoDB .local Chicago 2019: Using Client Side Encryption in MongoDB 4.2MongoDB .local Chicago 2019: Using Client Side Encryption in MongoDB 4.2
MongoDB .local Chicago 2019: Using Client Side Encryption in MongoDB 4.2
 
Introduction towebmatrix
Introduction towebmatrixIntroduction towebmatrix
Introduction towebmatrix
 
Beyond Logging: Using MongoDB to Power a Private Social Network (Oh, and log ...
Beyond Logging: Using MongoDB to Power a Private Social Network (Oh, and log ...Beyond Logging: Using MongoDB to Power a Private Social Network (Oh, and log ...
Beyond Logging: Using MongoDB to Power a Private Social Network (Oh, and log ...
 
Xebia Knowledge Exchange - Owasp Top Ten
Xebia Knowledge Exchange - Owasp Top TenXebia Knowledge Exchange - Owasp Top Ten
Xebia Knowledge Exchange - Owasp Top Ten
 
OAuth 2.0 – A standard is coming of age by Uwe Friedrichsen
OAuth 2.0 – A standard is coming of age by Uwe FriedrichsenOAuth 2.0 – A standard is coming of age by Uwe Friedrichsen
OAuth 2.0 – A standard is coming of age by Uwe Friedrichsen
 
Can we stop saving docker credentials in plain text now?
Can we stop saving docker credentials in plain text now?Can we stop saving docker credentials in plain text now?
Can we stop saving docker credentials in plain text now?
 

Ähnlich wie Distributed Identities with OpenID

Technical Background of VZ-ID
Technical Background of VZ-IDTechnical Background of VZ-ID
Technical Background of VZ-IDBastian Hofmann
 
Opening up the Social Web - Standards that are bridging the Islands
Opening up the Social Web - Standards that are bridging the Islands Opening up the Social Web - Standards that are bridging the Islands
Opening up the Social Web - Standards that are bridging the Islands Bastian Hofmann
 
OpenSocial - Past, Present, Future
OpenSocial - Past, Present, FutureOpenSocial - Past, Present, Future
OpenSocial - Past, Present, FutureBastian Hofmann
 
Opening up the Social Web - Standards that are bridging the Islands
Opening up the Social Web - Standards that are bridging the IslandsOpening up the Social Web - Standards that are bridging the Islands
Opening up the Social Web - Standards that are bridging the IslandsBastian Hofmann
 
Distributed Identities with OpenID
Distributed Identities with OpenIDDistributed Identities with OpenID
Distributed Identities with OpenIDBastian Hofmann
 
Distributed Identities with OpenID
Distributed Identities with OpenIDDistributed Identities with OpenID
Distributed Identities with OpenIDBastian Hofmann
 
OmniAuth: From the Ground Up
OmniAuth: From the Ground UpOmniAuth: From the Ground Up
OmniAuth: From the Ground UpMichael Bleigh
 
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"Andreas Falk
 
Consuming Data From Many Platforms: The Benefits of OData - St. Louis Day of ...
Consuming Data From Many Platforms: The Benefits of OData - St. Louis Day of ...Consuming Data From Many Platforms: The Benefits of OData - St. Louis Day of ...
Consuming Data From Many Platforms: The Benefits of OData - St. Louis Day of ...Eric D. Boyd
 
Introduction to HTML5
Introduction to HTML5Introduction to HTML5
Introduction to HTML5Adrian Olaru
 
So what's a web app? introduction to the chrome web store
So what's a web app? introduction to the chrome web storeSo what's a web app? introduction to the chrome web store
So what's a web app? introduction to the chrome web storeEric Bidelman
 
JClouds at San Francisco Java User Group
JClouds at San Francisco Java User GroupJClouds at San Francisco Java User Group
JClouds at San Francisco Java User GroupMarakana Inc.
 
Secure Authorization for your Printer: The OAuth Device Flow (DevSum 2018)
Secure Authorization for your Printer: The OAuth Device Flow (DevSum 2018)Secure Authorization for your Printer: The OAuth Device Flow (DevSum 2018)
Secure Authorization for your Printer: The OAuth Device Flow (DevSum 2018)Scott Brady
 
Building Viral Social Experiences
Building Viral Social ExperiencesBuilding Viral Social Experiences
Building Viral Social ExperiencesJonathan LeBlanc
 
I Know What Youll Do Next Summer - The Skills You Will Be Learning 
as a Domi...
I Know What Youll Do Next Summer - The Skills You Will Be Learning 
as a Domi...I Know What Youll Do Next Summer - The Skills You Will Be Learning 
as a Domi...
I Know What Youll Do Next Summer - The Skills You Will Be Learning 
as a Domi...Grégory Engels
 

Ähnlich wie Distributed Identities with OpenID (20)

Technical Background of VZ-ID
Technical Background of VZ-IDTechnical Background of VZ-ID
Technical Background of VZ-ID
 
Opening up the Social Web - Standards that are bridging the Islands
Opening up the Social Web - Standards that are bridging the Islands Opening up the Social Web - Standards that are bridging the Islands
Opening up the Social Web - Standards that are bridging the Islands
 
OpenSocial - Past, Present, Future
OpenSocial - Past, Present, FutureOpenSocial - Past, Present, Future
OpenSocial - Past, Present, Future
 
OpenID and OAuth
OpenID and OAuthOpenID and OAuth
OpenID and OAuth
 
Opening up the Social Web - Standards that are bridging the Islands
Opening up the Social Web - Standards that are bridging the IslandsOpening up the Social Web - Standards that are bridging the Islands
Opening up the Social Web - Standards that are bridging the Islands
 
Distributed Identities with OpenID
Distributed Identities with OpenIDDistributed Identities with OpenID
Distributed Identities with OpenID
 
Distributed Identities with OpenID
Distributed Identities with OpenIDDistributed Identities with OpenID
Distributed Identities with OpenID
 
OmniAuth: From the Ground Up
OmniAuth: From the Ground UpOmniAuth: From the Ground Up
OmniAuth: From the Ground Up
 
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
 
Consuming Data From Many Platforms: The Benefits of OData - St. Louis Day of ...
Consuming Data From Many Platforms: The Benefits of OData - St. Louis Day of ...Consuming Data From Many Platforms: The Benefits of OData - St. Louis Day of ...
Consuming Data From Many Platforms: The Benefits of OData - St. Louis Day of ...
 
Introduction to HTML5
Introduction to HTML5Introduction to HTML5
Introduction to HTML5
 
So what's a web app? introduction to the chrome web store
So what's a web app? introduction to the chrome web storeSo what's a web app? introduction to the chrome web store
So what's a web app? introduction to the chrome web store
 
JClouds at San Francisco Java User Group
JClouds at San Francisco Java User GroupJClouds at San Francisco Java User Group
JClouds at San Francisco Java User Group
 
OData – Super Cola W3
OData – Super Cola W3OData – Super Cola W3
OData – Super Cola W3
 
Web+proxy Posts - Page 1
Web+proxy Posts - Page 1Web+proxy Posts - Page 1
Web+proxy Posts - Page 1
 
Secure Authorization for your Printer: The OAuth Device Flow (DevSum 2018)
Secure Authorization for your Printer: The OAuth Device Flow (DevSum 2018)Secure Authorization for your Printer: The OAuth Device Flow (DevSum 2018)
Secure Authorization for your Printer: The OAuth Device Flow (DevSum 2018)
 
Building Viral Social Experiences
Building Viral Social ExperiencesBuilding Viral Social Experiences
Building Viral Social Experiences
 
I Know What Youll Do Next Summer - The Skills You Will Be Learning 
as a Domi...
I Know What Youll Do Next Summer - The Skills You Will Be Learning 
as a Domi...I Know What Youll Do Next Summer - The Skills You Will Be Learning 
as a Domi...
I Know What Youll Do Next Summer - The Skills You Will Be Learning 
as a Domi...
 
Open Id
Open IdOpen Id
Open Id
 
Student Authentication
Student AuthenticationStudent Authentication
Student Authentication
 

Mehr von Bastian Hofmann

Introduction to rg\injection
Introduction to rg\injectionIntroduction to rg\injection
Introduction to rg\injectionBastian Hofmann
 
IGNITE OpenSocial 2.0 - Viva La OpenAppRevolution!
IGNITE OpenSocial 2.0 - Viva La OpenAppRevolution! IGNITE OpenSocial 2.0 - Viva La OpenAppRevolution!
IGNITE OpenSocial 2.0 - Viva La OpenAppRevolution! Bastian Hofmann
 
How to create OpenSocial Apps in 45 minutes
How to create OpenSocial Apps in 45 minutesHow to create OpenSocial Apps in 45 minutes
How to create OpenSocial Apps in 45 minutesBastian Hofmann
 
Crossing the Boundaries of Web Applications with OpenSocial
Crossing the Boundaries of Web Applications with OpenSocialCrossing the Boundaries of Web Applications with OpenSocial
Crossing the Boundaries of Web Applications with OpenSocialBastian Hofmann
 
The Identity Problem of the Web and how to solve it
The Identity Problem of the Web and how to solve itThe Identity Problem of the Web and how to solve it
The Identity Problem of the Web and how to solve itBastian Hofmann
 
Crossing the Boundaries of Web Applications with OpenSocial
Crossing the Boundaries of Web Applications with OpenSocialCrossing the Boundaries of Web Applications with OpenSocial
Crossing the Boundaries of Web Applications with OpenSocialBastian Hofmann
 
Crossing the Boundaries of Web Applications with OpenSocial
Crossing the Boundaries of Web Applications with OpenSocialCrossing the Boundaries of Web Applications with OpenSocial
Crossing the Boundaries of Web Applications with OpenSocialBastian Hofmann
 
Mashing up JavaScript – Advanced Techniques for modern Web Apps
Mashing up JavaScript – Advanced Techniques for modern Web AppsMashing up JavaScript – Advanced Techniques for modern Web Apps
Mashing up JavaScript – Advanced Techniques for modern Web AppsBastian Hofmann
 
Creating social games for millions of users
Creating social games for millions of usersCreating social games for millions of users
Creating social games for millions of usersBastian Hofmann
 
How to create social apps for millions of users
How to create social apps for millions of users How to create social apps for millions of users
How to create social apps for millions of users Bastian Hofmann
 
Advanced Capabilities of OpenSocial Apps
Advanced Capabilities of OpenSocial AppsAdvanced Capabilities of OpenSocial Apps
Advanced Capabilities of OpenSocial AppsBastian Hofmann
 
Creating OpenSocial Apps for millions of users
Creating OpenSocial Apps for millions of usersCreating OpenSocial Apps for millions of users
Creating OpenSocial Apps for millions of usersBastian Hofmann
 
How to make your social games successfull
How to make your social games successfullHow to make your social games successfull
How to make your social games successfullBastian Hofmann
 
Creating OpenSocial Apps
Creating OpenSocial AppsCreating OpenSocial Apps
Creating OpenSocial AppsBastian Hofmann
 
OpenSocial in der Praxis
OpenSocial in der PraxisOpenSocial in der Praxis
OpenSocial in der PraxisBastian Hofmann
 

Mehr von Bastian Hofmann (19)

Introduction to rg\injection
Introduction to rg\injectionIntroduction to rg\injection
Introduction to rg\injection
 
IGNITE OpenSocial 2.0 - Viva La OpenAppRevolution!
IGNITE OpenSocial 2.0 - Viva La OpenAppRevolution! IGNITE OpenSocial 2.0 - Viva La OpenAppRevolution!
IGNITE OpenSocial 2.0 - Viva La OpenAppRevolution!
 
How to create OpenSocial Apps in 45 minutes
How to create OpenSocial Apps in 45 minutesHow to create OpenSocial Apps in 45 minutes
How to create OpenSocial Apps in 45 minutes
 
Crossing the Boundaries of Web Applications with OpenSocial
Crossing the Boundaries of Web Applications with OpenSocialCrossing the Boundaries of Web Applications with OpenSocial
Crossing the Boundaries of Web Applications with OpenSocial
 
The Identity Problem of the Web and how to solve it
The Identity Problem of the Web and how to solve itThe Identity Problem of the Web and how to solve it
The Identity Problem of the Web and how to solve it
 
Mashing up JavaScript
Mashing up JavaScriptMashing up JavaScript
Mashing up JavaScript
 
Crossing the Boundaries of Web Applications with OpenSocial
Crossing the Boundaries of Web Applications with OpenSocialCrossing the Boundaries of Web Applications with OpenSocial
Crossing the Boundaries of Web Applications with OpenSocial
 
Crossing the Boundaries of Web Applications with OpenSocial
Crossing the Boundaries of Web Applications with OpenSocialCrossing the Boundaries of Web Applications with OpenSocial
Crossing the Boundaries of Web Applications with OpenSocial
 
Mashing up JavaScript – Advanced Techniques for modern Web Apps
Mashing up JavaScript – Advanced Techniques for modern Web AppsMashing up JavaScript – Advanced Techniques for modern Web Apps
Mashing up JavaScript – Advanced Techniques for modern Web Apps
 
Mashing up JavaScript
Mashing up JavaScriptMashing up JavaScript
Mashing up JavaScript
 
Creating social games for millions of users
Creating social games for millions of usersCreating social games for millions of users
Creating social games for millions of users
 
How to create social apps for millions of users
How to create social apps for millions of users How to create social apps for millions of users
How to create social apps for millions of users
 
Advanced Capabilities of OpenSocial Apps
Advanced Capabilities of OpenSocial AppsAdvanced Capabilities of OpenSocial Apps
Advanced Capabilities of OpenSocial Apps
 
Creating OpenSocial Apps for millions of users
Creating OpenSocial Apps for millions of usersCreating OpenSocial Apps for millions of users
Creating OpenSocial Apps for millions of users
 
How to make your social games successfull
How to make your social games successfullHow to make your social games successfull
How to make your social games successfull
 
Creating OpenSocial Apps
Creating OpenSocial AppsCreating OpenSocial Apps
Creating OpenSocial Apps
 
OpenSocial in der Praxis
OpenSocial in der PraxisOpenSocial in der Praxis
OpenSocial in der Praxis
 
OpenSocial Done Right
OpenSocial Done RightOpenSocial Done Right
OpenSocial Done Right
 
Social apps done right
Social apps done rightSocial apps done right
Social apps done right
 

Kürzlich hochgeladen

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 

Kürzlich hochgeladen (20)

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 

Distributed Identities with OpenID

  • 1. Bastian Hofmann, VZnet Netzwerke Ltd. Distributed Identities with OpenID Dienstag, 12. Oktober 2010
  • 2. Agenda •What are Identities? •The history of Identity Providers •Trying it the open way: OpenID •The rise of Social •OpenIDs future Dienstag, 12. Oktober 2010
  • 3. Identities in real life Dienstag, 12. Oktober 2010
  • 4. Do you have really only one identity? Lothar Krappmann: - Identity is conveyed by communication - Identity is not fixed but recreated by every communication with your fellows - Expectations of different people result in different identities Dienstag, 12. Oktober 2010
  • 5. Example: Paul Adams http://www.slideshare.net/padday/the-real-life-social-network-v2 Dienstag, 12. Oktober 2010
  • 6. Identities in the Web Dienstag, 12. Oktober 2010
  • 7. Register, Register, Register, ... Dienstag, 12. Oktober 2010
  • 8. Single Sign on ul_Marga Dienstag, 12. Oktober 2010
  • 9. Microsoft Passport / Live ID •Windows Live ID •Launched 1999 as .net Passport •Used mainly for Microsoft Services but not much outside •OpenID Provider since 2008 Dienstag, 12. Oktober 2010
  • 10. OpenID •Open decentralized user authentication http://openid.net/ Dienstag, 12. Oktober 2010
  • 11. The Client Dienstag, 12. Oktober 2010
  • 12. Discovery <link rel="openid.server" href="http://www.myopenid.com/ server" /> <link rel="openid2.provider" href="http://www.myopenid.com/ server" /> Delegation <meta http-equiv="X-XRDS-Location" content="http:// bhofmann.myopenid.com/" /> <link rel="openid2.provider" href="http:// www.myopenid.com/server" /> <link rel="openid2.local_id" href="http:// bhofmann.myopenid.com/" /> <link rel="openid.server" href="http://www.myopenid.com/ server" /> <link rel="openid.delegate" href="http:// bhofmann.myopenid.com/" /> Dienstag, 12. Oktober 2010
  • 15. Authentication vs Authorization Who is the user? Is this really user X? VS Is X allowed to do something? Does X have the permission? Client sites want more than just a unique identifier (Social Graph) Dienstag, 12. Oktober 2010
  • 16. But there are Spec Extensions decafinata Dienstag, 12. Oktober 2010
  • 17. Simple Registration •Allows to specify certain fields in request that must or should be returned by the Identity Provider openid.sreg.required=openid.sreg.fullname& openid.sreg.optional=openid.sreg.email,openid.sreg.gender openid.sreg.fullname=Bastian&openid.sreg.gender=male Dienstag, 12. Oktober 2010
  • 18. Attribute Exchange •Two-Way exchange of data possible penid.ns.ax=http://openid.net/srv/ax/1.0 openid.ax.mode=fetch_request openid.ax.type.fname=http://example.com/schema/fullname openid.ax.type.gender=http://example.com/schema/gender openid.ax.type.fav_dog=http://example.com/schema/favourite_dog openid.ax.type.fav_movie=http://example.com/schema/ favourite_movie openid.ax.count.fav_movie=3 openid.ax.required=fname,gender openid.ax.if_available=fav_dog,fav_movie openid.ax.update_url=http://idconsumer.com/update? transaction_id=a6b5c41 Dienstag, 12. Oktober 2010
  • 19. Attribute Exchange •Two-Way exchange of data possible openid.ns.ax=http://openid.net/srv/ax/1.0 openid.ax.mode=fetch_response openid.ax.type.fname=http://example.com/schema/fullname openid.ax.type.gender=http://example.com/schema/gender openid.ax.type.fav_dog=http://example.com/schema/favourite_dog openid.ax.type.fav_movie=http://example.com/schema/ favourite_movie openid.ax.value.fname=John Smith openid.ax.count.gender=0 openid.ax.value.fav_dog=Spot openid.ax.count.fav_movie=2 openid.ax.value.fav_movie.1=Movie1 openid.ax.value.fav_movie.2=Movie2 openid.ax.update_url=http://idconsumer.com/update? transaction_id=a6b5c41 Dienstag, 12. Oktober 2010
  • 20. Attribute Exchange •Two-Way exchange of data possible openid.ns.ax=http://openid.net/srv/ax/1.0 openid.ax.mode=store_request openid.ax.type.fname=http://example.com/schema/fullname openid.ax.value.fname=Bob Smith openid.ax.type.fav_movie=http://example.com/schema/ favourite_movie openid.ax.count.fav_movie=2 openid.ax.value.fav_movie.1=Movie1 openid.ax.value.fav_movie.2=Movie2 openid.ns.ax=http://openid.net/srv/ax/1.0 openid.ax.mode=store_response_success Dienstag, 12. Oktober 2010
  • 21. OpenID + OAuth •Combines OpenID Authentication and OAuth authorization openid.ns.oauth=http://specs.openid.net/extensions/oauth/1.0 &openid.oauth.consumer=123456 openid.ns.oauth=http://specs.openid.net/extensions/oauth/1.0 &openid.oauth.request_token=7890 Dienstag, 12. Oktober 2010
  • 22. OAuth 1.0a Flow +----------+ +---------------+ | -+----(B)-- Request Token -------->| | | End-user | | Authorization | | at |<---(C)-- User authenticates --->| Server | | Browser | | | | -+----(D)-- Verifier -------------<| | +-|----|---+ +---------------+ | | ^ v (B) (D) | | | | | | ^ v | | +---------+ | | | |>---(A)-- Redirect URL ---------------| | | Web |<---(A)-- Request Token + Secret -----| | | Client |>---(E)-- Request Token, Verifier ----' | | |<---(E)-- Access Token + Secret -------------' +---------+ Every Request: Client Credentials, Nonce, Timestamp, Signature http://oauth.net/ Dienstag, 12. Oktober 2010
  • 23. Failures of OpenID 2.0 •Complex to implement •No marketing –Do you have an OpenID? –What is it? •URL as identifier => Bad User Experience Dienstag, 12. Oktober 2010
  • 27. And there are much, much more Dienstag, 12. Oktober 2010
  • 28. Nascar problem Vaguely Artistic Dienstag, 12. Oktober 2010
  • 30. How to fix it? Moff Dienstag, 12. Oktober 2010
  • 31. Aggregation: Janrain http://www.janrain.com/ Dienstag, 12. Oktober 2010
  • 32. OpenID Connect •Goals: –Easier to implement –More simple specification –Better user experience •=> wider adption •Built on top of OAuth 2.0 Dienstag, 12. Oktober 2010
  • 33. What‘s wrong with OAuth? •Does not work well with non web or JavaScript based clients •The „Invalid Signature“ Problem •Complicated Flow, many requests Dienstag, 12. Oktober 2010
  • 34. What‘s new in OAuth2? (Draft 10) •Different client profiles •No signatures •No Token Secrets •Cookie-like Bearer Token •Mandatory TSL/SSL •No Request Tokens •Much more flexible regarding extensions http://tools.ietf.org/html/draft-ietf-oauth-v2 Dienstag, 12. Oktober 2010
  • 35. Web-Server Profile +----------+ Client Identifier +---------------+ | -+----(A)--- & Redirect URI ------>| | | End-user | | Authorization | | at |<---(B)-- User authenticates --->| Server | | Browser | | | | -+----(C)-- Authorization Code ---<| | +-|----|---+ +---------------+ | | ^ v (A) (C) | | | | | | ^ v | | +---------+ | | | |>---(D)-- Client Credentials, --------' | | Web | Authorization Code, | | Client | & Redirect URI | | | | | |<---(E)----- Access Token -------------------' +---------+ (w/ Optional Refresh Token) Dienstag, 12. Oktober 2010
  • 36. User-Agent Profile +----------+ Client Identifier +----------------+ | |>---(A)-- & Redirection URI --->| | | | | | End <--+ - - - +----(B)-- User authenticates -->| Authorization | User | | | Server | | |<---(C)--- Redirect URI -------<| | | Client | with Access Token | | | in | in Fragment +----------------+ | Browser | | | +----------------+ | |>---(D)--- Redirect URI ------->| | | | without Fragment | Web Server | | | | with Client | | (F) |<---(E)--- Web Page with ------<| Resource | | Access | Script | | | Token | +----------------+ +----------+ Dienstag, 12. Oktober 2010
  • 37. What happend to signatures? •Ongoing controvers discussion •Bearer Tokens are fine over secure connection •Vulnerable if discovery is introduced •Or TSL/SSL is not possible Dienstag, 12. Oktober 2010
  • 38. Scopes •Optional parameter for provider specific implementations •For example –Additional return values –Access Control Dienstag, 12. Oktober 2010
  • 39. OpenID Connect? •Scope: „openid“ •With access token additional values are returned –UserID: URL to Portable Contacts endpoint –Signature –Timestamp http://openidconnect.com/ Dienstag, 12. Oktober 2010
  • 41. OpenID Connect Discovery •Get Identifier of user •Call /.well-know/host-meta file at the domain of the user‘s provider •Look for a link pointing to the OpenID Connect endpoints in the returned LRDD Dienstag, 12. Oktober 2010
  • 42. When will it be available at VZ? NOW in BETA http://developer.studivz.net/wiki/index.php/VZ-Login http://github.com/vznet/vz_os_clientlibrary_php Dienstag, 12. Oktober 2010
  • 43. FOAF+SSL (WebID) http://esw.w3.org/Foaf%2Bssl Dienstag, 12. Oktober 2010
  • 45. Problems •Bad browser UI •Syncing between different computers? •More than one user on the same computer? Dienstag, 12. Oktober 2010
  • 46. UX Mockups Mozilla Weave Dienstag, 12. Oktober 2010
  • 47. Summing it up •We need a single sign on system for the web •OpenID is cool, but has some problems •Proprietary solutions are bad for users, site owners and developers •A new more simple and flexible spec is coming up •Browser vendors are working to solve this problem in the browser Dienstag, 12. Oktober 2010
  • 48. Thank you http://studivz.net/bastian http://twitter.com/BastianHofmann http://slideshare.net/bashofmann http://github.com/vznet http://developer.studivz.net Dienstag, 12. Oktober 2010