SlideShare ist ein Scribd-Unternehmen logo

OpenID Authentication

Cédric Hüsler
Cédric Hüsler

Slides from the Google TechTalk (Zurich, Switzerland) in April 2007. A technical overview of OpenID. Originally posted: http://www.keepthebyte.ch/2007/04/google-tech-talk-on-openid.html

TechnologieDesign
1 von 23
Downloaden Sie, um offline zu lesen
Distributed SSO Cédric Hüsler CTO local.ch Google TechTalk Zürich - April 2007
Quick Poll Who always use the same PW for every new account on a new site? Who has a blog? Who has an OpenID?
BA BA SII SC CS prove you are really who you suppose to be S Authentication Username & Password Challenge-response Public-Private Key vs. what are you allowed to do Authorization ACL (Access Control List) RBAC (Role-based Access Control)
BA BA SIIC S CS ability to uniquely identify yourself S Identity Your Name AHV-Nr / SSN Fingerprint vs. ability to control what others know about you Privacy Can you keep a secret? Virtualization Opt-in
BA BA SII SC CS how much can I depend on you? S trust vs. control how much information am I going to give?
BA BA SII SC CS S SSO Single-Sign-On   using the same automatic credentials to access authentication beyond multiple services session and service
= Authentication Delegation = Identity Manager = Open API ≠ Authentication ≠ Trust
Use a URL as user name! I own the domain: keepthebyte.ch - why not using it as user name?
Time for demo! http://jyte.com/
Login Process Overview Download at http://www.flickr.com/photos/keepthebyte/347821691/
...with trusted site auto login on the identity provider
HTTP Level - Part 1/3 User Agent <> RP GET: %site%/login.html POST: %site%/login with OpenID RP <> IdP GET: openid url mime:application/xrds+xml (Yadis Discovery) ?xml version=quot;1.0quot; encoding=quot;UTF-8quot;? xrds:XRDS xmlns:xrds=quot;xri://$xrdsquot; xmlns:openid=quot;http://openid.net/xmlns/1.0quot; xmlns=quot;xri://$xrd*($v*2.0)quot; XRD Service priority=quot;0quot; Typehttp://openid.net/signon/1.0/Type Typehttp://openid.net/sreg/1.0/Type URIhttp://www.myopenid.com/server/URI openid:Delegatehttp://keepthebyte.myopenid.com//openid:Delegate /Service /XRD /xrds:XRDS Fallback: GET: openid url mime:*/*
HTTP Level - Part 2/3 RP IdP (continued) ASSOCIATE REQUEST openid.dh_gen=Ag%3D%3D openid.session_type=DH-SHA1 openid.mode=associate openid.assoc_type=HMAC-SHA1 openid.dh_consumer_public=AMEJSFuaf%2Fi73z6uGonyKZUoIJQyI7PWSZJZBhACK8qQ48%2FIkplhKv%2BajPhSiNXz43%2Bb7nO% 2FyL86LQNlzNM3rFSP7nfAVoDZXUPyuQeacsCqg8vliMwTJUzu9MecZz4ngCgNLk8tOkBazhGJ7%2BCnx1g53dUVGvvV0LHMMMjUQMSo openid.dh_modulus=ANz5OguIOXLsDhmYmsWizjEOHTdxfo2Vcbt2I3MYZuYe91ouJ4mLBX% 2BYkcLiemOcPym2CBRYHNOyyjmG0mg3BVd9RcLn5S3IHHoXGHblzqdLFEi%2F368Ygo79JRnxTkXjgmY0rxlJ5bU1zIKaSDuKdiI% 2BXUkKJX8Fvf8W8vsixYOr ASSOCIATE RESPONSE assoc_type:HMAC-SHA1 assoc_handle:netmesh-u-1168177185-50172100 expires_in:2592000 session_type:DH-SHA1 dh_server_public:AIAkjwdpUn1lCHyQEzstI40wSnbsznGV/t+AepW/he/ChsS2N2WF9DTIpNyLtGBTECmF6w/ +DgtcjfVrujm1Z26CJBuwtDbJyL3rUCsqzn55RVCcM6QmBnRBD8q/5hbcI6jiBC9Nc78NfQywGE7YG3BCZZiT3Vz1etJAcRgPgUxJ enc_mac_key:eljydY56tUILU75CjytBwNF3Ec4=
HTTP Level - Part 3/3 User Agent RP REDIRECT TO IdP http://mylid.net/keepthebyte? openid.mode=checkid_setup openid.return_to=http%3A%2F%2Flocalhost%3A3000%2Fauth%2Fcomplete%3Fnonce%3DQ5CG5Hfk openid.trust_root=http%3A%2F%2Flocalhost%3A3000%2Fauth openid.identity=http%3A%2F%2Fmylid.net%2Fkeepthebyte openid.assoc_handle=netmesh-u-1168177185-50172100 User Agent IdP DO THE LOGIN (not part of the OpenID spec) REDIRECT TO RP http://localhost:3000/auth/complete? nonce=Q5CG5Hfk openid.mode=id_res openid.identity=http%3A%2F%2Fmylid.net%2Fkeepthebyte openid.return_to=http%3A%2F%2Flocalhost%3A3000%2Fauth%2Fcomplete%3Fnonce%3DQ5CG5Hfk openid.assoc_handle=netmesh-u-1168177185-50172100 openid.signed=mode,identity,return_to,assoc_handle openid.sig=c55qNAPI58pfRBDkVlRc5dbvnyU%3D
Delegated Authentication My original OpenID: 1 keepthebyte.myopenid.com Add these lines to the root HTML document of the domain “keepthebyte.ch”: 2 link rel=quot;openid.serverquot; href=quot;http://www.myopenid.com/serverquot; / link rel=quot;openid.delegatequot; href=quot;http://keepthebyte.myopenid.comquot; / meta http-equiv=quot;X-XRDS-Locationquot; content=quot;http://keepthebyte.myopenid.com/xrdsquot; / Now I can use my domain as my OpenID: 3 keepthebyte.ch
... Immediate Mode - “AJAX” Ask an IdP if a End User owns the Claimed Identifier, getting back an immediate quot;yesquot; or quot;can't sayquot; answer.
...Stateless (Dump Mode) Not recommended due Security Issue - Replay Attack - use SSL!
Extension: Simple Registration Make OpenID more useful - Extension of OpenID 1.1 - Part of OpenID 2.0 (Attribute Exchange) Manage personal profile centrally on the Identity Provider Control what profile properties are allowed to be share with the site you like to login Screenshots from http://www.myopenid.com
Extension: E-Mail as OpenID PR PR O O PO PO SA SA L!! L Make OpenID easier: URL 0 vs. Email 1 Proposal for OpenID 2.0 Enter Email in OpenID field: 1 keepthebyte@myopenid.com 2 Read the transformation template from the XRDS document Converted to URL before authentication: 3 keepthebyte.myopenid.com Spec: http://www.sappenin.com/openid/ext/oet/openid-email-transform-extension-1_0.html
Integration: Browser Make OpenID easier to use! Prevent Phishing! Firefox Add-ons: - Appalachian Download: http://simile.mit.edu/wiki/Appalachian - VeriSign’s OpenID Seatbelt On the roadmap for Firefox 3.0
Integration: ??? H H YP YP E? E? Blog URL is the OpenID Microsoft announced it will integrate OpenID in CardSpace (WS-*) AOL provide an OpenID for all its users Web 2.0 Sites: Technorati, Ma.gnolia, Opinity, netvibes, Digg (soon) CMS/Blogs/Wiki: Wordpress, Drupal, MovableType, MediaWiki, phpbb
Your action is required! READ The OpenID Case - in 4-pages by Kaliya Hamlin www.kaliyasblogs.net/IdentityWebExpo.pdf Specification at openid.net Open Source Libraries for PHP, Ruby, Java... openid.net/wiki/index.php/Libraries PLAY OpenID Providers - MyOpenID.com - VeriSign PIP Y - idproxy.net (with Yahoo Auth) TR - List: openid.net/wiki/index.php/OpenIDServers A IT E IV G
it? ot G That’s it Slides on: keepthebyte.ch Links on: del.icio.us/keepthebyte/openid

Empfohlen

Proceso y metodología de investigación
Proceso y metodología de investigaciónProceso y metodología de investigación
Proceso y metodología de investigaciónruizstvn07
 
Lg real3 d-sdk
Lg real3 d-sdkLg real3 d-sdk
Lg real3 d-sdkDroidcon Berlin
 
L'empresa al núvol v120430b
L'empresa al núvol v120430bL'empresa al núvol v120430b
L'empresa al núvol v120430bIMET Club Emprendre
 
Apocalipsis oceanico
Apocalipsis oceanicoApocalipsis oceanico
Apocalipsis oceanicoRose Menacho
 
Curso experto maitre
Curso experto maitreCurso experto maitre
Curso experto maitreEuroinnova Formación
 
Monseñor Romero, piezas para un retrato - López Vigil
Monseñor Romero, piezas para un retrato - López VigilMonseñor Romero, piezas para un retrato - López Vigil
Monseñor Romero, piezas para un retrato - López VigilMarcos Eduardo Villa Corrales
 
Material für Schnullerketten
Material für Schnullerketten Material für Schnullerketten
Material für Schnullerketten myperlenwelt715
 
Tarea3 miguel bustos martinez
Tarea3 miguel bustos martinezTarea3 miguel bustos martinez
Tarea3 miguel bustos martinezmiguel_busmar
 

Empfohlen

Proceso y metodología de investigación
Proceso y metodología de investigaciónProceso y metodología de investigación
Proceso y metodología de investigaciónruizstvn07
 
Lg real3 d-sdk
Lg real3 d-sdkLg real3 d-sdk
Lg real3 d-sdkDroidcon Berlin
 
L'empresa al núvol v120430b
L'empresa al núvol v120430bL'empresa al núvol v120430b
L'empresa al núvol v120430bIMET Club Emprendre
 
Apocalipsis oceanico
Apocalipsis oceanicoApocalipsis oceanico
Apocalipsis oceanicoRose Menacho
 
Curso experto maitre
Curso experto maitreCurso experto maitre
Curso experto maitreEuroinnova Formación
 
Monseñor Romero, piezas para un retrato - López Vigil
Monseñor Romero, piezas para un retrato - López VigilMonseñor Romero, piezas para un retrato - López Vigil
Monseñor Romero, piezas para un retrato - López VigilMarcos Eduardo Villa Corrales
 
Material für Schnullerketten
Material für Schnullerketten Material für Schnullerketten
Material für Schnullerketten myperlenwelt715
 
Tarea3 miguel bustos martinez
Tarea3 miguel bustos martinezTarea3 miguel bustos martinez
Tarea3 miguel bustos martinezmiguel_busmar
 
Jornada anual con clientes en Vigo 25/04/2012
Jornada anual con clientes en Vigo 25/04/2012Jornada anual con clientes en Vigo 25/04/2012
Jornada anual con clientes en Vigo 25/04/2012Seresco
 
RSE GUIA DE IMPLEMENTACIÒN PARA PYMES
RSE GUIA DE IMPLEMENTACIÒN PARA PYMESRSE GUIA DE IMPLEMENTACIÒN PARA PYMES
RSE GUIA DE IMPLEMENTACIÒN PARA PYMESManuel Bedoya D
 
27 04 15_guia_exprese_dmj
27 04 15_guia_exprese_dmj27 04 15_guia_exprese_dmj
27 04 15_guia_exprese_dmjAmet Arce C
 
Enfermera general
Enfermera generalEnfermera general
Enfermera generalErika Jimenes Ordoñes
 
Desechos peligrosos
Desechos peligrososDesechos peligrosos
Desechos peligrososjuan_023
 
Pitufando en valldemossa
Pitufando en valldemossaPitufando en valldemossa
Pitufando en valldemossamaryana1420
 
III Congreso FEARP (Federación Española de Asociaciones de Rehabilitación Psi...
III Congreso FEARP (Federación Española de Asociaciones de Rehabilitación Psi...III Congreso FEARP (Federación Española de Asociaciones de Rehabilitación Psi...
III Congreso FEARP (Federación Española de Asociaciones de Rehabilitación Psi...Bizitegi Bizitegi
 
Curriculo 11º
Curriculo 11ºCurriculo 11º
Curriculo 11ºHarold Moreno
 
Diccionario.....
Diccionario.....Diccionario.....
Diccionario.....jasus2311
 
Curs ubuntu
Curs ubuntuCurs ubuntu
Curs ubuntucrys72f
 
Vogue uk march_2016
Vogue uk march_2016Vogue uk march_2016
Vogue uk march_2016PrivetOUTLET
 
AoD Annual Report 2015 - FINAL
AoD Annual Report 2015 - FINALAoD Annual Report 2015 - FINAL
AoD Annual Report 2015 - FINALPeter Harden
 
Pressebericht: DOMUS NAVI / Kommunikation und Organisation für Immobilienverw...
Pressebericht: DOMUS NAVI / Kommunikation und Organisation für Immobilienverw...Pressebericht: DOMUS NAVI / Kommunikation und Organisation für Immobilienverw...
Pressebericht: DOMUS NAVI / Kommunikation und Organisation für Immobilienverw...DOMUS Software AG
 
SASTRERIA BARCELONA TERNOS A LA MEDIDA
SASTRERIA BARCELONA TERNOS A LA MEDIDASASTRERIA BARCELONA TERNOS A LA MEDIDA
SASTRERIA BARCELONA TERNOS A LA MEDIDAalvisegperu
 
Experience Manager 6 Developer Features - Highlights
Experience Manager 6 Developer Features - HighlightsExperience Manager 6 Developer Features - Highlights
Experience Manager 6 Developer Features - HighlightsCédric Hüsler
 
Building Content Applications with JCR and OSGi
Building Content Applications with JCR and OSGiBuilding Content Applications with JCR and OSGi
Building Content Applications with JCR and OSGiCédric Hüsler
 
CRX 2 Content Application Platform
CRX 2 Content Application PlatformCRX 2 Content Application Platform
CRX 2 Content Application PlatformCédric Hüsler
 
Day CQ 5.3 WCM - Was ist neu
Day CQ 5.3 WCM - Was ist neuDay CQ 5.3 WCM - Was ist neu
Day CQ 5.3 WCM - Was ist neuCédric Hüsler
 
Blogs, Wikis and Enterprise Social Networking Software
Blogs, Wikis and Enterprise Social Networking SoftwareBlogs, Wikis and Enterprise Social Networking Software
Blogs, Wikis and Enterprise Social Networking SoftwareCédric Hüsler
 
New recipes for the ever growing content cloud
New recipes for the ever growing content cloudNew recipes for the ever growing content cloud
New recipes for the ever growing content cloudCédric Hüsler
 
The 8 Don'ts of WCM
The 8 Don'ts of WCMThe 8 Don'ts of WCM
The 8 Don'ts of WCMCédric Hüsler
 
Cloud Based Content Services
Cloud Based Content ServicesCloud Based Content Services
Cloud Based Content ServicesCédric Hüsler
 

Weitere ähnliche Inhalte

Andere mochten auch

Jornada anual con clientes en Vigo 25/04/2012
Jornada anual con clientes en Vigo 25/04/2012Jornada anual con clientes en Vigo 25/04/2012
Jornada anual con clientes en Vigo 25/04/2012Seresco
 
RSE GUIA DE IMPLEMENTACIÒN PARA PYMES
RSE GUIA DE IMPLEMENTACIÒN PARA PYMESRSE GUIA DE IMPLEMENTACIÒN PARA PYMES
RSE GUIA DE IMPLEMENTACIÒN PARA PYMESManuel Bedoya D
 
27 04 15_guia_exprese_dmj
27 04 15_guia_exprese_dmj27 04 15_guia_exprese_dmj
27 04 15_guia_exprese_dmjAmet Arce C
 
Desechos peligrosos
Desechos peligrososDesechos peligrosos
Desechos peligrososjuan_023
 
Pitufando en valldemossa
Pitufando en valldemossaPitufando en valldemossa
Pitufando en valldemossamaryana1420
 
III Congreso FEARP (Federación Española de Asociaciones de Rehabilitación Psi...
III Congreso FEARP (Federación Española de Asociaciones de Rehabilitación Psi...III Congreso FEARP (Federación Española de Asociaciones de Rehabilitación Psi...
III Congreso FEARP (Federación Española de Asociaciones de Rehabilitación Psi...Bizitegi Bizitegi
 
Diccionario.....
Diccionario.....Diccionario.....
Diccionario.....jasus2311
 
Curs ubuntu
Curs ubuntuCurs ubuntu
Curs ubuntucrys72f
 
Vogue uk march_2016
Vogue uk march_2016Vogue uk march_2016
Vogue uk march_2016PrivetOUTLET
 
AoD Annual Report 2015 - FINAL
AoD Annual Report 2015 - FINALAoD Annual Report 2015 - FINAL
AoD Annual Report 2015 - FINALPeter Harden
 
Pressebericht: DOMUS NAVI / Kommunikation und Organisation für Immobilienverw...
Pressebericht: DOMUS NAVI / Kommunikation und Organisation für Immobilienverw...Pressebericht: DOMUS NAVI / Kommunikation und Organisation für Immobilienverw...
Pressebericht: DOMUS NAVI / Kommunikation und Organisation für Immobilienverw...DOMUS Software AG
 
SASTRERIA BARCELONA TERNOS A LA MEDIDA
SASTRERIA BARCELONA TERNOS A LA MEDIDASASTRERIA BARCELONA TERNOS A LA MEDIDA
SASTRERIA BARCELONA TERNOS A LA MEDIDAalvisegperu
 

Andere mochten auch (14)

Jornada anual con clientes en Vigo 25/04/2012
Jornada anual con clientes en Vigo 25/04/2012Jornada anual con clientes en Vigo 25/04/2012
Jornada anual con clientes en Vigo 25/04/2012
 
RSE GUIA DE IMPLEMENTACIÒN PARA PYMES
RSE GUIA DE IMPLEMENTACIÒN PARA PYMESRSE GUIA DE IMPLEMENTACIÒN PARA PYMES
RSE GUIA DE IMPLEMENTACIÒN PARA PYMES
 
27 04 15_guia_exprese_dmj
27 04 15_guia_exprese_dmj27 04 15_guia_exprese_dmj
27 04 15_guia_exprese_dmj
 
Enfermera general
Enfermera generalEnfermera general
Enfermera general
 
Desechos peligrosos
Desechos peligrososDesechos peligrosos
Desechos peligrosos
 
Pitufando en valldemossa
Pitufando en valldemossaPitufando en valldemossa
Pitufando en valldemossa
 
III Congreso FEARP (Federación Española de Asociaciones de Rehabilitación Psi...
III Congreso FEARP (Federación Española de Asociaciones de Rehabilitación Psi...III Congreso FEARP (Federación Española de Asociaciones de Rehabilitación Psi...
III Congreso FEARP (Federación Española de Asociaciones de Rehabilitación Psi...
 
Curriculo 11º
Curriculo 11ºCurriculo 11º
Curriculo 11º
 
Diccionario.....
Diccionario.....Diccionario.....
Diccionario.....
 
Curs ubuntu
Curs ubuntuCurs ubuntu
Curs ubuntu
 
Vogue uk march_2016
Vogue uk march_2016Vogue uk march_2016
Vogue uk march_2016
 
AoD Annual Report 2015 - FINAL
AoD Annual Report 2015 - FINALAoD Annual Report 2015 - FINAL
AoD Annual Report 2015 - FINAL
 
Pressebericht: DOMUS NAVI / Kommunikation und Organisation für Immobilienverw...
Pressebericht: DOMUS NAVI / Kommunikation und Organisation für Immobilienverw...Pressebericht: DOMUS NAVI / Kommunikation und Organisation für Immobilienverw...
Pressebericht: DOMUS NAVI / Kommunikation und Organisation für Immobilienverw...
 
SASTRERIA BARCELONA TERNOS A LA MEDIDA
SASTRERIA BARCELONA TERNOS A LA MEDIDASASTRERIA BARCELONA TERNOS A LA MEDIDA
SASTRERIA BARCELONA TERNOS A LA MEDIDA
 

Mehr von Cédric Hüsler

Experience Manager 6 Developer Features - Highlights
Experience Manager 6 Developer Features - HighlightsExperience Manager 6 Developer Features - Highlights
Experience Manager 6 Developer Features - HighlightsCédric Hüsler
 
Building Content Applications with JCR and OSGi
Building Content Applications with JCR and OSGiBuilding Content Applications with JCR and OSGi
Building Content Applications with JCR and OSGiCédric Hüsler
 
CRX 2 Content Application Platform
CRX 2 Content Application PlatformCRX 2 Content Application Platform
CRX 2 Content Application PlatformCédric Hüsler
 
Day CQ 5.3 WCM - Was ist neu
Day CQ 5.3 WCM - Was ist neuDay CQ 5.3 WCM - Was ist neu
Day CQ 5.3 WCM - Was ist neuCédric Hüsler
 
Blogs, Wikis and Enterprise Social Networking Software
Blogs, Wikis and Enterprise Social Networking SoftwareBlogs, Wikis and Enterprise Social Networking Software
Blogs, Wikis and Enterprise Social Networking SoftwareCédric Hüsler
 
New recipes for the ever growing content cloud
New recipes for the ever growing content cloudNew recipes for the ever growing content cloud
New recipes for the ever growing content cloudCédric Hüsler
 
Cloud Based Content Services
Cloud Based Content ServicesCloud Based Content Services
Cloud Based Content ServicesCédric Hüsler
 
Data First in Cloud Persistence
Data First in Cloud PersistenceData First in Cloud Persistence
Data First in Cloud PersistenceCédric Hüsler
 
CMIS PlugFest (April 2009) Screenshots
CMIS PlugFest (April 2009) ScreenshotsCMIS PlugFest (April 2009) Screenshots
CMIS PlugFest (April 2009) ScreenshotsCédric Hüsler
 
Imagine you blog & everybody is reading!
Imagine you blog & everybody is reading!Imagine you blog & everybody is reading!
Imagine you blog & everybody is reading!Cédric Hüsler
 
OpenID and SocialGraph/Apps
OpenID and SocialGraph/AppsOpenID and SocialGraph/Apps
OpenID and SocialGraph/AppsCédric Hüsler
 
Dataportability & Digital Identity
Dataportability & Digital IdentityDataportability & Digital Identity
Dataportability & Digital IdentityCédric Hüsler
 
Autos in Zeitung publizieren
Autos in Zeitung publizierenAutos in Zeitung publizieren
Autos in Zeitung publizierenCédric Hüsler
 
Geoweb - because location matters
Geoweb - because location mattersGeoweb - because location matters
Geoweb - because location mattersCédric Hüsler
 

Mehr von Cédric Hüsler (16)

Experience Manager 6 Developer Features - Highlights
Experience Manager 6 Developer Features - HighlightsExperience Manager 6 Developer Features - Highlights
Experience Manager 6 Developer Features - Highlights
 
Building Content Applications with JCR and OSGi
Building Content Applications with JCR and OSGiBuilding Content Applications with JCR and OSGi
Building Content Applications with JCR and OSGi
 
CRX 2 Content Application Platform
CRX 2 Content Application PlatformCRX 2 Content Application Platform
CRX 2 Content Application Platform
 
Day CQ 5.3 WCM - Was ist neu
Day CQ 5.3 WCM - Was ist neuDay CQ 5.3 WCM - Was ist neu
Day CQ 5.3 WCM - Was ist neu
 
Blogs, Wikis and Enterprise Social Networking Software
Blogs, Wikis and Enterprise Social Networking SoftwareBlogs, Wikis and Enterprise Social Networking Software
Blogs, Wikis and Enterprise Social Networking Software
 
New recipes for the ever growing content cloud
New recipes for the ever growing content cloudNew recipes for the ever growing content cloud
New recipes for the ever growing content cloud
 
The 8 Don'ts of WCM
The 8 Don'ts of WCMThe 8 Don'ts of WCM
The 8 Don'ts of WCM
 
Cloud Based Content Services
Cloud Based Content ServicesCloud Based Content Services
Cloud Based Content Services
 
Data First in Cloud Persistence
Data First in Cloud PersistenceData First in Cloud Persistence
Data First in Cloud Persistence
 
CMIS PlugFest (April 2009) Screenshots
CMIS PlugFest (April 2009) ScreenshotsCMIS PlugFest (April 2009) Screenshots
CMIS PlugFest (April 2009) Screenshots
 
Day CRX Introduction
Day CRX IntroductionDay CRX Introduction
Day CRX Introduction
 
Imagine you blog & everybody is reading!
Imagine you blog & everybody is reading!Imagine you blog & everybody is reading!
Imagine you blog & everybody is reading!
 
OpenID and SocialGraph/Apps
OpenID and SocialGraph/AppsOpenID and SocialGraph/Apps
OpenID and SocialGraph/Apps
 
Dataportability & Digital Identity
Dataportability & Digital IdentityDataportability & Digital Identity
Dataportability & Digital Identity
 
Autos in Zeitung publizieren
Autos in Zeitung publizierenAutos in Zeitung publizieren
Autos in Zeitung publizieren
 
Geoweb - because location matters
Geoweb - because location mattersGeoweb - because location matters
Geoweb - because location matters
 

Kürzlich hochgeladen

Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 

Kürzlich hochgeladen (20)

Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 

OpenID Authentication

  • 1. Distributed SSO Cédric Hüsler CTO local.ch Google TechTalk Zürich - April 2007
  • 2. Quick Poll Who always use the same PW for every new account on a new site? Who has a blog? Who has an OpenID?
  • 3. BA BA SII SC CS prove you are really who you suppose to be S Authentication Username & Password Challenge-response Public-Private Key vs. what are you allowed to do Authorization ACL (Access Control List) RBAC (Role-based Access Control)
  • 4. BA BA SIIC S CS ability to uniquely identify yourself S Identity Your Name AHV-Nr / SSN Fingerprint vs. ability to control what others know about you Privacy Can you keep a secret? Virtualization Opt-in
  • 5. BA BA SII SC CS how much can I depend on you? S trust vs. control how much information am I going to give?
  • 6. BA BA SII SC CS S SSO Single-Sign-On   using the same automatic credentials to access authentication beyond multiple services session and service
  • 7. = Authentication Delegation = Identity Manager = Open API ≠ Authentication ≠ Trust
  • 8. Use a URL as user name! I own the domain: keepthebyte.ch - why not using it as user name?
  • 10. Login Process Overview Download at http://www.flickr.com/photos/keepthebyte/347821691/
  • 11. ...with trusted site auto login on the identity provider
  • 12. HTTP Level - Part 1/3 User Agent <> RP GET: %site%/login.html POST: %site%/login with OpenID RP <> IdP GET: openid url mime:application/xrds+xml (Yadis Discovery) ?xml version=quot;1.0quot; encoding=quot;UTF-8quot;? xrds:XRDS xmlns:xrds=quot;xri://$xrdsquot; xmlns:openid=quot;http://openid.net/xmlns/1.0quot; xmlns=quot;xri://$xrd*($v*2.0)quot; XRD Service priority=quot;0quot; Typehttp://openid.net/signon/1.0/Type Typehttp://openid.net/sreg/1.0/Type URIhttp://www.myopenid.com/server/URI openid:Delegatehttp://keepthebyte.myopenid.com//openid:Delegate /Service /XRD /xrds:XRDS Fallback: GET: openid url mime:*/*
  • 13. HTTP Level - Part 2/3 RP IdP (continued) ASSOCIATE REQUEST openid.dh_gen=Ag%3D%3D openid.session_type=DH-SHA1 openid.mode=associate openid.assoc_type=HMAC-SHA1 openid.dh_consumer_public=AMEJSFuaf%2Fi73z6uGonyKZUoIJQyI7PWSZJZBhACK8qQ48%2FIkplhKv%2BajPhSiNXz43%2Bb7nO% 2FyL86LQNlzNM3rFSP7nfAVoDZXUPyuQeacsCqg8vliMwTJUzu9MecZz4ngCgNLk8tOkBazhGJ7%2BCnx1g53dUVGvvV0LHMMMjUQMSo openid.dh_modulus=ANz5OguIOXLsDhmYmsWizjEOHTdxfo2Vcbt2I3MYZuYe91ouJ4mLBX% 2BYkcLiemOcPym2CBRYHNOyyjmG0mg3BVd9RcLn5S3IHHoXGHblzqdLFEi%2F368Ygo79JRnxTkXjgmY0rxlJ5bU1zIKaSDuKdiI% 2BXUkKJX8Fvf8W8vsixYOr ASSOCIATE RESPONSE assoc_type:HMAC-SHA1 assoc_handle:netmesh-u-1168177185-50172100 expires_in:2592000 session_type:DH-SHA1 dh_server_public:AIAkjwdpUn1lCHyQEzstI40wSnbsznGV/t+AepW/he/ChsS2N2WF9DTIpNyLtGBTECmF6w/ +DgtcjfVrujm1Z26CJBuwtDbJyL3rUCsqzn55RVCcM6QmBnRBD8q/5hbcI6jiBC9Nc78NfQywGE7YG3BCZZiT3Vz1etJAcRgPgUxJ enc_mac_key:eljydY56tUILU75CjytBwNF3Ec4=
  • 14. HTTP Level - Part 3/3 User Agent RP REDIRECT TO IdP http://mylid.net/keepthebyte? openid.mode=checkid_setup openid.return_to=http%3A%2F%2Flocalhost%3A3000%2Fauth%2Fcomplete%3Fnonce%3DQ5CG5Hfk openid.trust_root=http%3A%2F%2Flocalhost%3A3000%2Fauth openid.identity=http%3A%2F%2Fmylid.net%2Fkeepthebyte openid.assoc_handle=netmesh-u-1168177185-50172100 User Agent IdP DO THE LOGIN (not part of the OpenID spec) REDIRECT TO RP http://localhost:3000/auth/complete? nonce=Q5CG5Hfk openid.mode=id_res openid.identity=http%3A%2F%2Fmylid.net%2Fkeepthebyte openid.return_to=http%3A%2F%2Flocalhost%3A3000%2Fauth%2Fcomplete%3Fnonce%3DQ5CG5Hfk openid.assoc_handle=netmesh-u-1168177185-50172100 openid.signed=mode,identity,return_to,assoc_handle openid.sig=c55qNAPI58pfRBDkVlRc5dbvnyU%3D
  • 15. Delegated Authentication My original OpenID: 1 keepthebyte.myopenid.com Add these lines to the root HTML document of the domain “keepthebyte.ch”: 2 link rel=quot;openid.serverquot; href=quot;http://www.myopenid.com/serverquot; / link rel=quot;openid.delegatequot; href=quot;http://keepthebyte.myopenid.comquot; / meta http-equiv=quot;X-XRDS-Locationquot; content=quot;http://keepthebyte.myopenid.com/xrdsquot; / Now I can use my domain as my OpenID: 3 keepthebyte.ch
  • 16. ... Immediate Mode - “AJAX” Ask an IdP if a End User owns the Claimed Identifier, getting back an immediate quot;yesquot; or quot;can't sayquot; answer.
  • 17. ...Stateless (Dump Mode) Not recommended due Security Issue - Replay Attack - use SSL!
  • 18. Extension: Simple Registration Make OpenID more useful - Extension of OpenID 1.1 - Part of OpenID 2.0 (Attribute Exchange) Manage personal profile centrally on the Identity Provider Control what profile properties are allowed to be share with the site you like to login Screenshots from http://www.myopenid.com
  • 19. Extension: E-Mail as OpenID PR PR O O PO PO SA SA L!! L Make OpenID easier: URL 0 vs. Email 1 Proposal for OpenID 2.0 Enter Email in OpenID field: 1 keepthebyte@myopenid.com 2 Read the transformation template from the XRDS document Converted to URL before authentication: 3 keepthebyte.myopenid.com Spec: http://www.sappenin.com/openid/ext/oet/openid-email-transform-extension-1_0.html
  • 20. Integration: Browser Make OpenID easier to use! Prevent Phishing! Firefox Add-ons: - Appalachian Download: http://simile.mit.edu/wiki/Appalachian - VeriSign’s OpenID Seatbelt On the roadmap for Firefox 3.0
  • 21. Integration: ??? H H YP YP E? E? Blog URL is the OpenID Microsoft announced it will integrate OpenID in CardSpace (WS-*) AOL provide an OpenID for all its users Web 2.0 Sites: Technorati, Ma.gnolia, Opinity, netvibes, Digg (soon) CMS/Blogs/Wiki: Wordpress, Drupal, MovableType, MediaWiki, phpbb
  • 22. Your action is required! READ The OpenID Case - in 4-pages by Kaliya Hamlin www.kaliyasblogs.net/IdentityWebExpo.pdf Specification at openid.net Open Source Libraries for PHP, Ruby, Java... openid.net/wiki/index.php/Libraries PLAY OpenID Providers - MyOpenID.com - VeriSign PIP Y - idproxy.net (with Yahoo Auth) TR - List: openid.net/wiki/index.php/OpenIDServers A IT E IV G
  • 23. it? ot G That’s it Slides on: keepthebyte.ch Links on: del.icio.us/keepthebyte/openid