SlideShare ist ein Scribd-Unternehmen logo
1 von 43
Downloaden Sie, um offline zu lesen
VZnet	
  Netzwerke	
  Ltd.	
  -­‐	
  Tuesday,	
  December	
  7,	
  2010




                VZ-ID
                The technical background
                Bastian Hofmann
                VZnet Netzwerke Ltd.
VZnet	
  Netzwerke	
  Ltd.	
  -­‐	
  Tuesday,	
  December	
  7,	
  2010




Agenda
 – Sharing
    • OExchange
    • OpenGraph
 – Login
    • OpenID
    • OAuth	
  &	
  OAuth	
  2
    • OpenID	
  Connect
 – VZ-­‐JavaScript	
  Library
VZnet	
  Netzwerke	
  Ltd.	
  -­‐	
  Tuesday,	
  December	
  7,	
  2010




Sharing
VZnet	
  Netzwerke	
  Ltd.	
  -­‐	
  Tuesday,	
  December	
  7,	
  2010




OExchange
• Common	
  API	
  for	
  publishing	
  sth.	
  into	
  social	
  
  networks
 http://www.example.com/share.php?url={URI}&title={title
 for the content}&description={short description of the
 content}&ctype=flash&swfurl={SWF URI}&height={preferred
 SWF height}&width={preferred swf width}&screenshot=
 {screenshot URI}




  hQp://www.oexchange.org/
VZnet	
  Netzwerke	
  Ltd.	
  -­‐	
  Tuesday,	
  December	
  7,	
  2010




Discovery	
  over	
  XRD
 <?xml version='1.0' encoding='UTF-8'?>
 <XRD xmlns="http://docs.oasis-open.org/ns/xri/xrd-1.0">
     <Subject>http://www.example.com/linkeater</Subject>
     <Property
        type="http://www.oexchange.org/spec/0.8/prop/vendor">
         Examples Inc.</Property>
     <Property
        type="http://www.oexchange.org/spec/0.8/prop/title">
         A Link-Accepting Service</Property>
     <Link
        rel= "icon" href="http://www.example.com/favicon.ico"
        type="image/vnd.microsoft.icon" />
     <Link
        rel= "http://www.oexchange.org/spec/0.8/rel/offer"
        href="http://www.example.com/linkeater/offer.php"
        type="text/html" />
 </XRD>
VZnet	
  Netzwerke	
  Ltd.	
  -­‐	
  Tuesday,	
  December	
  7,	
  2010




OpenGraph
Retrieves	
  meta	
  data	
  through	
  meta	
  tags	
  in	
  shared	
  
page
<meta property="og:title" content="title" />
<meta property="og:description" content="description" />
<meta property="og:site_name" content="your site name" />
<meta property="og:image" content="http://example.com/
thumbnail.jpg" />




 hQp://opengraphprotocol.org/
VZnet	
  Netzwerke	
  Ltd.	
  -­‐	
  Tuesday,	
  December	
  7,	
  2010




Sharing	
  examples	
  @VZ

http://platform-redirect.vz-modules.net/r/Link/Share/?url=http%3A
%2F%2Fwww.example.com&description=descripton&title=title


http://www.studivz.net/Link/Share/?url=http%3A%2F
%2Fwww.example.com&description=descripton&title=title




                                                         hQp://developer.studivz.net/wiki/index.php/Sharing
VZnet	
  Netzwerke	
  Ltd.	
  -­‐	
  Tuesday,	
  December	
  7,	
  2010




Login
VZnet	
  Netzwerke	
  Ltd.	
  -­‐	
  Tuesday,	
  December	
  7,	
  2010




Iden@@es	
  in	
  real	
  life
VZnet	
  Netzwerke	
  Ltd.	
  -­‐	
  Tuesday,	
  December	
  7,	
  2010




Do	
  you	
  have	
  really	
  only	
  one	
  
iden@ty?
Lothar	
  Krappmann:

-­‐	
  IdenVty	
  is	
  conveyed	
  by	
  communicaVon

-­‐	
  IdenVty	
  is	
  not	
  fixed	
  but	
  recreated	
  by	
  every
	
  	
  communicaVon	
  with	
  your	
  fellows

-­‐	
  ExpectaVons	
  of	
  different	
  people	
  result	
  in
	
  	
  different	
  idenVVes
VZnet	
  Netzwerke	
  Ltd.	
  -­‐	
  Tuesday,	
  December	
  7,	
  2010




Example:




Paul	
  Adams
hQp://www.slideshare.net/padday/the-­‐real-­‐life-­‐social-­‐network-­‐v2
VZnet	
  Netzwerke	
  Ltd.	
  -­‐	
  Tuesday,	
  December	
  7,	
  2010




Iden@@es	
  in	
  the	
  Web
VZnet	
  Netzwerke	
  Ltd.	
  -­‐	
  Tuesday,	
  December	
  7,	
  2010




Register,	
  Register,	
  Register,	
  ...
VZnet	
  Netzwerke	
  Ltd.	
  -­‐	
  Tuesday,	
  December	
  7,	
  2010




Single	
  Sign	
  on




                                                                                ul_Marga
VZnet	
  Netzwerke	
  Ltd.	
  -­‐	
  Tuesday,	
  December	
  7,	
  2010




MicrosoK	
  Passport	
  /	
  Live	
  ID
• Windows	
  Live	
  ID
• Launched	
  1999	
  as	
  .net	
  Passport
• Used	
  mainly	
  for	
  Microso]	
  
  Services	
  but	
  not	
  much	
  outside
• OpenID	
  Provider	
  since	
  2008
VZnet	
  Netzwerke	
  Ltd.	
  -­‐	
  Tuesday,	
  December	
  7,	
  2010




Facebook	
  Connect
VZnet	
  Netzwerke	
  Ltd.	
  -­‐	
  Tuesday,	
  December	
  7,	
  2010




TwiSer	
  @Anywhere
VZnet	
  Netzwerke	
  Ltd.	
  -­‐	
  Tuesday,	
  December	
  7,	
  2010




And	
  there	
  are	
  much,	
  much	
  more
VZnet	
  Netzwerke	
  Ltd.	
  -­‐	
  Tuesday,	
  December	
  7,	
  2010




Nascar	
  problem




                                                                               Vaguely Artistic
VZnet	
  Netzwerke	
  Ltd.	
  -­‐	
  Tuesday,	
  December	
  7,	
  2010




How	
  to	
  fix	
  it?




                                                                                 Moff
VZnet	
  Netzwerke	
  Ltd.	
  -­‐	
  Tuesday,	
  December	
  7,	
  2010




Aggrega@on:	
  Janrain




   hQp://www.janrain.com/
VZnet	
  Netzwerke	
  Ltd.	
  -­‐	
  Tuesday,	
  December	
  7,	
  2010




OpenID
• Open	
  decentralized	
  user	
  authenVcaVon




  hQp://openid.net/
VZnet	
  Netzwerke	
  Ltd.	
  -­‐	
  Tuesday,	
  December	
  7,	
  2010
VZnet	
  Netzwerke	
  Ltd.	
  -­‐	
  Tuesday,	
  December	
  7,	
  2010




Connec@on	
  Flow
VZnet	
  Netzwerke	
  Ltd.	
  -­‐	
  Tuesday,	
  December	
  7,	
  2010




Authen@ca@on	
  vs	
  Authoriza@on
 Who	
  is	
  the	
  user?

                        Is	
  this	
  really	
  user	
  X?



                                                                      VS
                                                                              Is	
  X	
  allowed	
  to	
  do	
  something?


                                                           Does	
  X	
  have	
  the	
  permission?


            Client sites want more than just a
            unique identifier (Social Graph)
VZnet	
  Netzwerke	
  Ltd.	
  -­‐	
  Tuesday,	
  December	
  7,	
  2010




But	
  there	
  are	
  Spec	
  Extensions




                                                                                decafinata
VZnet	
  Netzwerke	
  Ltd.	
  -­‐	
  Tuesday,	
  December	
  7,	
  2010




OpenID	
  +	
  OAuth
• Combines	
  OpenID	
  AuthenVcaVon	
  and	
  OAuth	
  
  authorizaVon

                 openid.ns.oauth=http://specs.openid.net/extensions/oauth/1.0
                 &openid.oauth.consumer=123456




                 openid.ns.oauth=http://specs.openid.net/extensions/oauth/1.0
                 &openid.oauth.request_token=7890
VZnet	
  Netzwerke	
  Ltd.	
  -­‐	
  Tuesday,	
  December	
  7,	
  2010




                 OAuth	
  1.0a	
  Flow
                             +----------+                                  +---------------+
                             |          -+----(B)-- Request Token -------->|               |
                             | End-user |                                  | Authorization |
                             |     at    |<---(C)-- User authenticates --->|     Server    |
                             | Browser |                                   |               |
                             |          -+----(D)-- Verifier -------------<|               |
                             +-|----|---+                                  +---------------+
                                |     |                                        ^      v
                               (B) (D)                                         |      |
                                |     |                                        |      |
                                ^     v                                        |      |
                             +---------+                                       |      |
                             |          |>---(A)-- Redirect URL ---------------|      |
                             |    Web   |<---(A)-- Request Token + Secret -----|      |
                             | Client |>---(E)-- Request Token, Verifier ----'        |
                             |          |<---(E)-- Access Token + Secret -------------'
                             +---------+

	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  Every   Request: Client Credentials, Nonce, Timestamp, Signature



                            hQp://oauth.net/
VZnet	
  Netzwerke	
  Ltd.	
  -­‐	
  Tuesday,	
  December	
  7,	
  2010




Failures	
  of	
  OpenID	
  2.0
• Complex	
  to	
  implement

• No	
  markeVng
    – Do	
  you	
  have	
  an	
  OpenID?
    – What	
  is	
  it?


• URL	
  as	
  idenVfier	
  =>	
  Bad	
  User	
  Experience
VZnet	
  Netzwerke	
  Ltd.	
  -­‐	
  Tuesday,	
  December	
  7,	
  2010




OpenID	
  Connect
• Goals:
    – Easier	
  to	
  implement
    – More	
  simple	
  specificaVon
    – BeQer	
  user	
  experience
• =>	
  wider	
  adpVon
• Built	
  on	
  top	
  of	
  OAuth	
  2.0
VZnet	
  Netzwerke	
  Ltd.	
  -­‐	
  Tuesday,	
  December	
  7,	
  2010




What‘s	
  wrong	
  with	
  OAuth?
• Does	
  not	
  work	
  well	
  with	
  non	
  web	
  or	
  JavaScript	
  
  based	
  clients

• The	
  „Invalid	
  Signature“	
  Problem


• Complicated	
  Flow,	
  many	
  requests
VZnet	
  Netzwerke	
  Ltd.	
  -­‐	
  Tuesday,	
  December	
  7,	
  2010




What‘s	
  new	
  in	
  OAuth2?	
                                                 (DraK	
  10)




• Different	
  client	
  profiles
• No	
  signatures
• No	
  Token	
  Secrets
• Cookie-­‐like	
  Bearer	
  Token
• Mandatory	
  TSL/SSL
• No	
  Request	
  Tokens
• Much	
  more	
  flexible	
  regarding	
  extensions

                                                                                 hQp://tools.iej.org/html/dra]-­‐iej-­‐oauth-­‐v2
VZnet	
  Netzwerke	
  Ltd.	
  -­‐	
  Tuesday,	
  December	
  7,	
  2010




Web-­‐Server	
  Profile
 +----------+            Client Identifier       +---------------+
 |          -+----(A)--- & Redirect URI ------>|                 |
 | End-user |                                    | Authorization |
 |     at     |<---(B)-- User authenticates --->|      Server    |
 | Browser |                                     |               |
 |          -+----(C)-- Authorization Code ---<|                 |
 +-|----|---+                                    +---------------+
    |     |                                          ^      v
   (A) (C)                                           |      |
    |     |                                          |      |
    ^     v                                          |      |
 +---------+                                         |      |
 |          |>---(D)-- Client Credentials, --------'        |
 |    Web   |           Authorization Code,                 |
 | Client |               & Redirect URI                    |
 |          |                                               |
 |          |<---(E)----- Access Token -------------------'
 +---------+         (w/ Optional Refresh Token)
VZnet	
  Netzwerke	
  Ltd.	
  -­‐	
  Tuesday,	
  December	
  7,	
  2010




   User-­‐Agent	
  Profile
       +----------+          Client Identifier     +----------------+
       |          |>---(A)-- & Redirection URI --->|                |
       |          |                                |                |
End <--+ - - - +----(B)-- User authenticates -->| Authorization |
User   |          |                                |     Server     |
       |          |<---(C)--- Redirect URI -------<|                |
       | Client |           with Access Token      |                |
       |    in    |            in Fragment         +----------------+
       | Browser |
       |          |                                +----------------+
       |          |>---(D)--- Redirect URI ------->|                |
       |          |         without Fragment       |   Web Server   |
       |          |                                |   with Client |
       |    (F)   |<---(E)--- Web Page with ------<|    Resource    |
       | Access |                Script            |                |
       |   Token |                                 +----------------+
       +----------+
VZnet	
  Netzwerke	
  Ltd.	
  -­‐	
  Tuesday,	
  December	
  7,	
  2010




What	
  happend	
  to	
  signatures?
• Ongoing	
  controvers	
  discussion

• Bearer	
  Tokens	
  are	
  fine	
  over	
  secure	
  connecVon


• Vulnerable	
  if	
  discovery	
  is	
  introduced

• Or	
  TSL/SSL	
  is	
  not	
  possible
VZnet	
  Netzwerke	
  Ltd.	
  -­‐	
  Tuesday,	
  December	
  7,	
  2010




Scopes
• OpVonal	
  parameter	
  for	
  provider	
  specific	
  
  implementaVons

• For	
  example
   – AddiVonal	
  return	
  values
   – Access	
  Control
VZnet	
  Netzwerke	
  Ltd.	
  -­‐	
  Tuesday,	
  December	
  7,	
  2010




OpenID	
  Connect?
• Scope:	
  „openid“

• With	
  access	
  token	
  addiVonal	
  values	
  are	
  returned
   – UserID:	
  URL	
  to	
  Portable	
  Contacts	
  endpoint
   – Signature
   – Timestamp


   hQp://openidconnect.com/
VZnet	
  Netzwerke	
  Ltd.	
  -­‐	
  Tuesday,	
  December	
  7,	
  2010




OpenID	
  Connect	
  Discovery
• Get	
  IdenVfier	
  of	
  user

• Call	
  /.well-­‐know/host-­‐meta	
  file	
  at	
  the	
  domain	
  of	
  
  the	
  user‘s	
  provider

• Look	
  for	
  a	
  link	
  poinVng	
  to	
  the	
  OpenID	
  Connect	
  
  endpoints	
  in	
  the	
  returned	
  LRDD
VZnet	
  Netzwerke	
  Ltd.	
  -­‐	
  Tuesday,	
  December	
  7,	
  2010




OpenID	
  Connect	
  @VZ
• Available	
  now

• But	
  without	
  the	
  discovery	
  part
   – No	
  discovering	
  clients
   – No	
  discoverable	
  enVVes
VZnet	
  Netzwerke	
  Ltd.	
  -­‐	
  Tuesday,	
  December	
  7,	
  2010




VZ-­‐JavaScript	
  Library
<script src="http://static.pe.studivz.net/Js/id/v3/library.js"
data-authority="platform-redirect.vz-modules.net/r"
data-authorityssl="platform-redirect.vz-modules.net/r"
type="text/javascript"></script>

<script type="vz/share">
   id: shareButton
   title: title of your site
   description : a description
</script>




                                                     hQp://developer.studivz.net/wiki/index.php/JS-­‐Library
VZnet	
  Netzwerke	
  Ltd.	
  -­‐	
  Tuesday,	
  December	
  7,	
  2010




Login	
  widget
<script type="text/javascript">
function callbackMethod(c) {
  if (c.error) {
    return;
  }
  var url = c.user_id;
  vz.id.login.callApi(url, function(data) {
    console.log(data.entry.displayName);
  });
}
</script>
<script type="vz/login">
   client_id : 1234567890abcdef
   redirect_uri : http://example.com/callback.html
   callback : callbackMethod
   fields : name,emails
</script>              hQp://developer.studivz.net/wiki/index.php/JS-­‐Library
VZnet	
  Netzwerke	
  Ltd.	
  -­‐	
  Tuesday,	
  December	
  7,	
  2010




Callback.html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//
EN">
<html>
  <head>
    <title></title>
    <meta http-equiv="Content-Type" content="text/html;
charset=UTF-8">
  </head>
  <body>
      <script type="text/javascript">
        opener.vz.id.authStorage.setAuthParameterHash
(location.hash.substr(1));
        window.close();
      </script>
  </body>
</html>
VZnet	
  Netzwerke	
  Ltd.	
  -­‐	
  Tuesday,	
  December	
  7,	
  2010




                                            Thank	
  you


hQp://twiQer.com/BasVanHofmann
hQp://studivz.net/basVan
hQp://slideshare.net/bashofmann
bhofmann@vz.net

hQp://developer.studivz.net

Weitere ähnliche Inhalte

Ähnlich wie Technical Background of VZ-ID

OpenSocial - Past, Present, Future
OpenSocial - Past, Present, FutureOpenSocial - Past, Present, Future
OpenSocial - Past, Present, FutureBastian Hofmann
 
Distributed Identities with OpenID
Distributed Identities with OpenIDDistributed Identities with OpenID
Distributed Identities with OpenIDBastian Hofmann
 
Distributed Identities with OpenID
Distributed Identities with OpenIDDistributed Identities with OpenID
Distributed Identities with OpenIDBastian Hofmann
 
How to create social apps for millions of users
How to create social apps for millions of users How to create social apps for millions of users
How to create social apps for millions of users Bastian Hofmann
 
OAuth-as-a-service - using ASP.NET Web API and Windows Azure Access Control -...
OAuth-as-a-service - using ASP.NET Web API and Windows Azure Access Control -...OAuth-as-a-service - using ASP.NET Web API and Windows Azure Access Control -...
OAuth-as-a-service - using ASP.NET Web API and Windows Azure Access Control -...Maarten Balliauw
 
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...Maarten Balliauw
 
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
OAuth-as-a-serviceusing ASP.NET Web API and Windows Azure Access ControlOAuth-as-a-serviceusing ASP.NET Web API and Windows Azure Access Control
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access ControlMaarten Balliauw
 
OpenID Connect Demo at OpenID Tech Night
OpenID Connect Demo at OpenID Tech NightOpenID Connect Demo at OpenID Tech Night
OpenID Connect Demo at OpenID Tech NightDaisuke Fuke
 
Crossing the Boundaries of Web Applications with OpenSocial
Crossing the Boundaries of Web Applications with OpenSocialCrossing the Boundaries of Web Applications with OpenSocial
Crossing the Boundaries of Web Applications with OpenSocialBastian Hofmann
 
Creating OpenSocial Apps for millions of users
Creating OpenSocial Apps for millions of usersCreating OpenSocial Apps for millions of users
Creating OpenSocial Apps for millions of usersBastian Hofmann
 
international PHP2011_Bastian Hofmann_Mashing up java script
international PHP2011_Bastian Hofmann_Mashing up java scriptinternational PHP2011_Bastian Hofmann_Mashing up java script
international PHP2011_Bastian Hofmann_Mashing up java scriptsmueller_sandsmedia
 
Crossing the Boundaries of Web Applications with OpenSocial
Crossing the Boundaries of Web Applications with OpenSocialCrossing the Boundaries of Web Applications with OpenSocial
Crossing the Boundaries of Web Applications with OpenSocialBastian Hofmann
 
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"Andreas Falk
 
Opening up the Social Web - Standards that are bridging the Islands
Opening up the Social Web - Standards that are bridging the IslandsOpening up the Social Web - Standards that are bridging the Islands
Opening up the Social Web - Standards that are bridging the IslandsBastian Hofmann
 
IoT Wonderland: Understanding the Magic of OAuth2 Device Registration Flow
IoT Wonderland: Understanding the Magic of OAuth2 Device Registration FlowIoT Wonderland: Understanding the Magic of OAuth2 Device Registration Flow
IoT Wonderland: Understanding the Magic of OAuth2 Device Registration FlowForgeRock
 

Ähnlich wie Technical Background of VZ-ID (20)

OpenSocial - Past, Present, Future
OpenSocial - Past, Present, FutureOpenSocial - Past, Present, Future
OpenSocial - Past, Present, Future
 
Distributed Identities with OpenID
Distributed Identities with OpenIDDistributed Identities with OpenID
Distributed Identities with OpenID
 
Distributed Identities with OpenID
Distributed Identities with OpenIDDistributed Identities with OpenID
Distributed Identities with OpenID
 
How to create social apps for millions of users
How to create social apps for millions of users How to create social apps for millions of users
How to create social apps for millions of users
 
OAuth-as-a-service - using ASP.NET Web API and Windows Azure Access Control -...
OAuth-as-a-service - using ASP.NET Web API and Windows Azure Access Control -...OAuth-as-a-service - using ASP.NET Web API and Windows Azure Access Control -...
OAuth-as-a-service - using ASP.NET Web API and Windows Azure Access Control -...
 
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access ControlOAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
 
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
 
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
OAuth-as-a-serviceusing ASP.NET Web API and Windows Azure Access ControlOAuth-as-a-serviceusing ASP.NET Web API and Windows Azure Access Control
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
 
OpenID Connect Demo at OpenID Tech Night
OpenID Connect Demo at OpenID Tech NightOpenID Connect Demo at OpenID Tech Night
OpenID Connect Demo at OpenID Tech Night
 
Crossing the Boundaries of Web Applications with OpenSocial
Crossing the Boundaries of Web Applications with OpenSocialCrossing the Boundaries of Web Applications with OpenSocial
Crossing the Boundaries of Web Applications with OpenSocial
 
Creating OpenSocial Apps for millions of users
Creating OpenSocial Apps for millions of usersCreating OpenSocial Apps for millions of users
Creating OpenSocial Apps for millions of users
 
OpenID and OAuth
OpenID and OAuthOpenID and OAuth
OpenID and OAuth
 
international PHP2011_Bastian Hofmann_Mashing up java script
international PHP2011_Bastian Hofmann_Mashing up java scriptinternational PHP2011_Bastian Hofmann_Mashing up java script
international PHP2011_Bastian Hofmann_Mashing up java script
 
Mashing up JavaScript
Mashing up JavaScriptMashing up JavaScript
Mashing up JavaScript
 
Crossing the Boundaries of Web Applications with OpenSocial
Crossing the Boundaries of Web Applications with OpenSocialCrossing the Boundaries of Web Applications with OpenSocial
Crossing the Boundaries of Web Applications with OpenSocial
 
OData – Super Cola W3
OData – Super Cola W3OData – Super Cola W3
OData – Super Cola W3
 
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
 
Opening up the Social Web - Standards that are bridging the Islands
Opening up the Social Web - Standards that are bridging the IslandsOpening up the Social Web - Standards that are bridging the Islands
Opening up the Social Web - Standards that are bridging the Islands
 
IoT Wonderland: Understanding the Magic of OAuth2 Device Registration Flow
IoT Wonderland: Understanding the Magic of OAuth2 Device Registration FlowIoT Wonderland: Understanding the Magic of OAuth2 Device Registration Flow
IoT Wonderland: Understanding the Magic of OAuth2 Device Registration Flow
 
Dot netnuke
Dot netnukeDot netnuke
Dot netnuke
 

Mehr von Bastian Hofmann

Introduction to rg\injection
Introduction to rg\injectionIntroduction to rg\injection
Introduction to rg\injectionBastian Hofmann
 
IGNITE OpenSocial 2.0 - Viva La OpenAppRevolution!
IGNITE OpenSocial 2.0 - Viva La OpenAppRevolution! IGNITE OpenSocial 2.0 - Viva La OpenAppRevolution!
IGNITE OpenSocial 2.0 - Viva La OpenAppRevolution! Bastian Hofmann
 
How to create OpenSocial Apps in 45 minutes
How to create OpenSocial Apps in 45 minutesHow to create OpenSocial Apps in 45 minutes
How to create OpenSocial Apps in 45 minutesBastian Hofmann
 
Crossing the Boundaries of Web Applications with OpenSocial
Crossing the Boundaries of Web Applications with OpenSocialCrossing the Boundaries of Web Applications with OpenSocial
Crossing the Boundaries of Web Applications with OpenSocialBastian Hofmann
 
The Identity Problem of the Web and how to solve it
The Identity Problem of the Web and how to solve itThe Identity Problem of the Web and how to solve it
The Identity Problem of the Web and how to solve itBastian Hofmann
 
Mashing up JavaScript – Advanced Techniques for modern Web Apps
Mashing up JavaScript – Advanced Techniques for modern Web AppsMashing up JavaScript – Advanced Techniques for modern Web Apps
Mashing up JavaScript – Advanced Techniques for modern Web AppsBastian Hofmann
 
Creating social games for millions of users
Creating social games for millions of usersCreating social games for millions of users
Creating social games for millions of usersBastian Hofmann
 
Advanced Capabilities of OpenSocial Apps
Advanced Capabilities of OpenSocial AppsAdvanced Capabilities of OpenSocial Apps
Advanced Capabilities of OpenSocial AppsBastian Hofmann
 
How to make your social games successfull
How to make your social games successfullHow to make your social games successfull
How to make your social games successfullBastian Hofmann
 
Opening up the Social Web - Standards that are bridging the Islands
Opening up the Social Web - Standards that are bridging the Islands Opening up the Social Web - Standards that are bridging the Islands
Opening up the Social Web - Standards that are bridging the Islands Bastian Hofmann
 
Creating OpenSocial Apps
Creating OpenSocial AppsCreating OpenSocial Apps
Creating OpenSocial AppsBastian Hofmann
 
OpenSocial in der Praxis
OpenSocial in der PraxisOpenSocial in der Praxis
OpenSocial in der PraxisBastian Hofmann
 

Mehr von Bastian Hofmann (15)

Introduction to rg\injection
Introduction to rg\injectionIntroduction to rg\injection
Introduction to rg\injection
 
IGNITE OpenSocial 2.0 - Viva La OpenAppRevolution!
IGNITE OpenSocial 2.0 - Viva La OpenAppRevolution! IGNITE OpenSocial 2.0 - Viva La OpenAppRevolution!
IGNITE OpenSocial 2.0 - Viva La OpenAppRevolution!
 
How to create OpenSocial Apps in 45 minutes
How to create OpenSocial Apps in 45 minutesHow to create OpenSocial Apps in 45 minutes
How to create OpenSocial Apps in 45 minutes
 
Crossing the Boundaries of Web Applications with OpenSocial
Crossing the Boundaries of Web Applications with OpenSocialCrossing the Boundaries of Web Applications with OpenSocial
Crossing the Boundaries of Web Applications with OpenSocial
 
The Identity Problem of the Web and how to solve it
The Identity Problem of the Web and how to solve itThe Identity Problem of the Web and how to solve it
The Identity Problem of the Web and how to solve it
 
Mashing up JavaScript
Mashing up JavaScriptMashing up JavaScript
Mashing up JavaScript
 
Mashing up JavaScript – Advanced Techniques for modern Web Apps
Mashing up JavaScript – Advanced Techniques for modern Web AppsMashing up JavaScript – Advanced Techniques for modern Web Apps
Mashing up JavaScript – Advanced Techniques for modern Web Apps
 
Creating social games for millions of users
Creating social games for millions of usersCreating social games for millions of users
Creating social games for millions of users
 
Advanced Capabilities of OpenSocial Apps
Advanced Capabilities of OpenSocial AppsAdvanced Capabilities of OpenSocial Apps
Advanced Capabilities of OpenSocial Apps
 
How to make your social games successfull
How to make your social games successfullHow to make your social games successfull
How to make your social games successfull
 
Opening up the Social Web - Standards that are bridging the Islands
Opening up the Social Web - Standards that are bridging the Islands Opening up the Social Web - Standards that are bridging the Islands
Opening up the Social Web - Standards that are bridging the Islands
 
Creating OpenSocial Apps
Creating OpenSocial AppsCreating OpenSocial Apps
Creating OpenSocial Apps
 
OpenSocial in der Praxis
OpenSocial in der PraxisOpenSocial in der Praxis
OpenSocial in der Praxis
 
OpenSocial Done Right
OpenSocial Done RightOpenSocial Done Right
OpenSocial Done Right
 
Social apps done right
Social apps done rightSocial apps done right
Social apps done right
 

Kürzlich hochgeladen

Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 

Kürzlich hochgeladen (20)

Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 

Technical Background of VZ-ID

  • 1. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 VZ-ID The technical background Bastian Hofmann VZnet Netzwerke Ltd.
  • 2. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Agenda – Sharing • OExchange • OpenGraph – Login • OpenID • OAuth  &  OAuth  2 • OpenID  Connect – VZ-­‐JavaScript  Library
  • 3. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Sharing
  • 4. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 OExchange • Common  API  for  publishing  sth.  into  social   networks http://www.example.com/share.php?url={URI}&title={title for the content}&description={short description of the content}&ctype=flash&swfurl={SWF URI}&height={preferred SWF height}&width={preferred swf width}&screenshot= {screenshot URI} hQp://www.oexchange.org/
  • 5. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Discovery  over  XRD <?xml version='1.0' encoding='UTF-8'?> <XRD xmlns="http://docs.oasis-open.org/ns/xri/xrd-1.0">     <Subject>http://www.example.com/linkeater</Subject>     <Property        type="http://www.oexchange.org/spec/0.8/prop/vendor">         Examples Inc.</Property>     <Property        type="http://www.oexchange.org/spec/0.8/prop/title">         A Link-Accepting Service</Property>     <Link        rel= "icon" href="http://www.example.com/favicon.ico"        type="image/vnd.microsoft.icon" />     <Link        rel= "http://www.oexchange.org/spec/0.8/rel/offer"        href="http://www.example.com/linkeater/offer.php"        type="text/html" /> </XRD>
  • 6. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 OpenGraph Retrieves  meta  data  through  meta  tags  in  shared   page <meta property="og:title" content="title" /> <meta property="og:description" content="description" /> <meta property="og:site_name" content="your site name" /> <meta property="og:image" content="http://example.com/ thumbnail.jpg" /> hQp://opengraphprotocol.org/
  • 7. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Sharing  examples  @VZ http://platform-redirect.vz-modules.net/r/Link/Share/?url=http%3A %2F%2Fwww.example.com&description=descripton&title=title http://www.studivz.net/Link/Share/?url=http%3A%2F %2Fwww.example.com&description=descripton&title=title hQp://developer.studivz.net/wiki/index.php/Sharing
  • 8. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Login
  • 9. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Iden@@es  in  real  life
  • 10. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Do  you  have  really  only  one   iden@ty? Lothar  Krappmann: -­‐  IdenVty  is  conveyed  by  communicaVon -­‐  IdenVty  is  not  fixed  but  recreated  by  every    communicaVon  with  your  fellows -­‐  ExpectaVons  of  different  people  result  in    different  idenVVes
  • 11. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Example: Paul  Adams hQp://www.slideshare.net/padday/the-­‐real-­‐life-­‐social-­‐network-­‐v2
  • 12. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Iden@@es  in  the  Web
  • 13. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Register,  Register,  Register,  ...
  • 14. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Single  Sign  on ul_Marga
  • 15. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 MicrosoK  Passport  /  Live  ID • Windows  Live  ID • Launched  1999  as  .net  Passport • Used  mainly  for  Microso]   Services  but  not  much  outside • OpenID  Provider  since  2008
  • 16. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Facebook  Connect
  • 17. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 TwiSer  @Anywhere
  • 18. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 And  there  are  much,  much  more
  • 19. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Nascar  problem Vaguely Artistic
  • 20. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 How  to  fix  it? Moff
  • 21. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Aggrega@on:  Janrain hQp://www.janrain.com/
  • 22. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 OpenID • Open  decentralized  user  authenVcaVon hQp://openid.net/
  • 23. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010
  • 24. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Connec@on  Flow
  • 25. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Authen@ca@on  vs  Authoriza@on Who  is  the  user? Is  this  really  user  X? VS Is  X  allowed  to  do  something? Does  X  have  the  permission? Client sites want more than just a unique identifier (Social Graph)
  • 26. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 But  there  are  Spec  Extensions decafinata
  • 27. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 OpenID  +  OAuth • Combines  OpenID  AuthenVcaVon  and  OAuth   authorizaVon openid.ns.oauth=http://specs.openid.net/extensions/oauth/1.0 &openid.oauth.consumer=123456 openid.ns.oauth=http://specs.openid.net/extensions/oauth/1.0 &openid.oauth.request_token=7890
  • 28. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 OAuth  1.0a  Flow +----------+ +---------------+ | -+----(B)-- Request Token -------->| | | End-user | | Authorization | | at |<---(C)-- User authenticates --->| Server | | Browser | | | | -+----(D)-- Verifier -------------<| | +-|----|---+ +---------------+ | | ^ v (B) (D) | | | | | | ^ v | | +---------+ | | | |>---(A)-- Redirect URL ---------------| | | Web |<---(A)-- Request Token + Secret -----| | | Client |>---(E)-- Request Token, Verifier ----' | | |<---(E)-- Access Token + Secret -------------' +---------+                    Every Request: Client Credentials, Nonce, Timestamp, Signature hQp://oauth.net/
  • 29. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Failures  of  OpenID  2.0 • Complex  to  implement • No  markeVng – Do  you  have  an  OpenID? – What  is  it? • URL  as  idenVfier  =>  Bad  User  Experience
  • 30. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 OpenID  Connect • Goals: – Easier  to  implement – More  simple  specificaVon – BeQer  user  experience • =>  wider  adpVon • Built  on  top  of  OAuth  2.0
  • 31. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 What‘s  wrong  with  OAuth? • Does  not  work  well  with  non  web  or  JavaScript   based  clients • The  „Invalid  Signature“  Problem • Complicated  Flow,  many  requests
  • 32. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 What‘s  new  in  OAuth2?   (DraK  10) • Different  client  profiles • No  signatures • No  Token  Secrets • Cookie-­‐like  Bearer  Token • Mandatory  TSL/SSL • No  Request  Tokens • Much  more  flexible  regarding  extensions hQp://tools.iej.org/html/dra]-­‐iej-­‐oauth-­‐v2
  • 33. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Web-­‐Server  Profile +----------+ Client Identifier +---------------+ | -+----(A)--- & Redirect URI ------>| | | End-user | | Authorization | | at |<---(B)-- User authenticates --->| Server | | Browser | | | | -+----(C)-- Authorization Code ---<| | +-|----|---+ +---------------+ | | ^ v (A) (C) | | | | | | ^ v | | +---------+ | | | |>---(D)-- Client Credentials, --------' | | Web | Authorization Code, | | Client | & Redirect URI | | | | | |<---(E)----- Access Token -------------------' +---------+ (w/ Optional Refresh Token)
  • 34. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 User-­‐Agent  Profile +----------+ Client Identifier +----------------+ | |>---(A)-- & Redirection URI --->| | | | | | End <--+ - - - +----(B)-- User authenticates -->| Authorization | User | | | Server | | |<---(C)--- Redirect URI -------<| | | Client | with Access Token | | | in | in Fragment +----------------+ | Browser | | | +----------------+ | |>---(D)--- Redirect URI ------->| | | | without Fragment | Web Server | | | | with Client | | (F) |<---(E)--- Web Page with ------<| Resource | | Access | Script | | | Token | +----------------+ +----------+
  • 35. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 What  happend  to  signatures? • Ongoing  controvers  discussion • Bearer  Tokens  are  fine  over  secure  connecVon • Vulnerable  if  discovery  is  introduced • Or  TSL/SSL  is  not  possible
  • 36. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Scopes • OpVonal  parameter  for  provider  specific   implementaVons • For  example – AddiVonal  return  values – Access  Control
  • 37. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 OpenID  Connect? • Scope:  „openid“ • With  access  token  addiVonal  values  are  returned – UserID:  URL  to  Portable  Contacts  endpoint – Signature – Timestamp hQp://openidconnect.com/
  • 38. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 OpenID  Connect  Discovery • Get  IdenVfier  of  user • Call  /.well-­‐know/host-­‐meta  file  at  the  domain  of   the  user‘s  provider • Look  for  a  link  poinVng  to  the  OpenID  Connect   endpoints  in  the  returned  LRDD
  • 39. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 OpenID  Connect  @VZ • Available  now • But  without  the  discovery  part – No  discovering  clients – No  discoverable  enVVes
  • 40. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 VZ-­‐JavaScript  Library <script src="http://static.pe.studivz.net/Js/id/v3/library.js" data-authority="platform-redirect.vz-modules.net/r" data-authorityssl="platform-redirect.vz-modules.net/r" type="text/javascript"></script> <script type="vz/share">    id: shareButton    title: title of your site    description : a description </script> hQp://developer.studivz.net/wiki/index.php/JS-­‐Library
  • 41. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Login  widget <script type="text/javascript"> function callbackMethod(c) {   if (c.error) {     return;   }   var url = c.user_id;   vz.id.login.callApi(url, function(data) {     console.log(data.entry.displayName);   }); } </script> <script type="vz/login">    client_id : 1234567890abcdef    redirect_uri : http://example.com/callback.html    callback : callbackMethod    fields : name,emails </script> hQp://developer.studivz.net/wiki/index.php/JS-­‐Library
  • 42. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Callback.html <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional// EN"> <html>   <head>     <title></title>     <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">   </head>   <body>       <script type="text/javascript">         opener.vz.id.authStorage.setAuthParameterHash (location.hash.substr(1));         window.close();       </script>   </body> </html>
  • 43. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Thank  you hQp://twiQer.com/BasVanHofmann hQp://studivz.net/basVan hQp://slideshare.net/bashofmann bhofmann@vz.net hQp://developer.studivz.net