1 / 14

OpenID

OpenID. And the Future of Digital Identity Alicia Bozyk April 1, 2008. Introduction. Identity 1.0. Identity happens in silos Closed and complex. Identity 2.0 is a way for users to have one identity that can be used in multiple places

honorato-graham
Download Presentation

OpenID

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008

  2. Introduction Identity 1.0 • Identity happens in silos • Closed and complex

  3. Identity 2.0 is a way for users to have one identity that can be used in multiple places on the web. Must Be: Simple Scalable Flexible Introduction Identity 2.0

  4. Technologies • OpenID • Windows CardSpace

  5. OpenID • OpenID is a decentralized single sign on service. • Managed by the OpenID Foundation • General Principles: • simple, modular, free, and further extensible • Provides the verification of a users identity from an identity provider to a relying party

  6. OpenID What is an OpenID? • URI/XRI identifier that is used to find the OpenID Identity Provider for a user • An example identifier is: http://alicia.myopenid.com

  7. OpenID Yadis Capability Document

  8. OpenID Authentication • user initiates authentication by supplying and identifier to a relying party • relying party performs discovery and determines the endpoint URL to request authentication from • relying party and identity provider establish a shared secret through the use of the Diffie-Hellman key exchange, and signs all of the following messages with this key • relying party requests authentication for the user • identity provide determines whether the end user is authorized to perform OpenID authentication and wishes to do so the identity provider returns either an assertion that authentication is approved or has failed • relying party verifies the information received from the provider by checking the return URL, verifying the discovered information, checking a nonce, and verifying the signature using the established shared key

  9. OpenID Strengths: • Decentralized and Portable • Easily Controlled and Managed by User • Lightweight Weaknesses: • Phishing • Windows Only

  10. Windows CardSpace • Identity Metasystem • Information Cards Goals: • A way to represent identities using claims • A means for identity providers, relying parties, and subjects to negotiate • An encapsulating protocol to obtain claims and requirements • A means to bridge technology and organizational boundaries using claims transformation • A consistent user experience across multiple contexts, technologies, and operators

  11. CardSpace Strengths: • Consistent User Interface • Security – uses SAML Weaknesses: • Portability • Security – physical • Windows Only

  12. Conclusions • OpenID is the next step in managing digital identity • OpenID is better than other solutions since it is decentralized, free, and open standard, and is gaining momentum in the online community • OpenID helps breaks the boundaries between web applications

  13. Questions?

More Related