Implications Of OpenID (Google Tech Talk)
-
Upload
simon-willison -
Category
Technology
-
view
110 -
download
0
description
Transcript of Implications Of OpenID (Google Tech Talk)
![Page 1: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/1.jpg)
The implications of
Simon WillisonGoogle Tech Talk, 25th June 2007
![Page 2: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/2.jpg)
?Who here has used OpenID?
![Page 3: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/3.jpg)
?Who uses it regularly?
![Page 4: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/4.jpg)
?What is OpenID?
![Page 5: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/5.jpg)
OpenID is a decentralised mechanism
for Single Sign On
![Page 6: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/6.jpg)
?What problemsdoes it solve?
![Page 7: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/7.jpg)
“Too many passwords!”
![Page 8: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/8.jpg)
“Someone else already grabbed my username”
![Page 9: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/9.jpg)
“My online profile is scattered across dozens of sites”
![Page 10: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/10.jpg)
?What is an OpenID?
![Page 11: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/11.jpg)
An OpenID is a URL
![Page 15: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/15.jpg)
http://openid.aol.com/simonwillison/
![Page 16: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/16.jpg)
?What can you do with an OpenID?
![Page 17: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/17.jpg)
You can claim that you own it
![Page 18: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/18.jpg)
You can provethat claim
![Page 19: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/19.jpg)
?Why is that useful?
![Page 20: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/20.jpg)
You can use it for authentication
![Page 21: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/21.jpg)
“Who the heck are you?!”
![Page 22: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/22.jpg)
“I’m simonwillison.net”
![Page 23: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/23.jpg)
“prove it!”
![Page 24: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/24.jpg)
(magic happens)
![Page 25: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/25.jpg)
“OK, you’re in!”
![Page 26: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/26.jpg)
?So it’s a bit like Microsoft Passport,
then?
![Page 27: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/27.jpg)
Yes, but you don’t need to ask their permission
to implement it
![Page 28: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/28.jpg)
And Microsoftdon’t get to own your
credentials
![Page 29: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/29.jpg)
?Who does get toown them?
![Page 30: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/30.jpg)
You, the user, decide.
![Page 31: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/31.jpg)
You pick your own provider
![Page 32: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/32.jpg)
(just like e-mail)
![Page 33: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/33.jpg)
?So I’m still giving someone the keys to my kingdom?
![Page 34: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/34.jpg)
Yes, but it can be someone you trust
![Page 35: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/35.jpg)
If you have the ability to run your own server
software, you can do it for yourself.
![Page 36: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/36.jpg)
?OK, how do I use it?
![Page 37: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/37.jpg)
![Page 38: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/38.jpg)
![Page 39: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/39.jpg)
![Page 40: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/40.jpg)
![Page 41: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/41.jpg)
![Page 42: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/42.jpg)
?So my users don’thave to sign up for an
account?
![Page 43: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/43.jpg)
Not necessarily
![Page 44: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/44.jpg)
An OpenID tells youvery little about a user
![Page 45: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/45.jpg)
You don’t knowtheir name
![Page 46: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/46.jpg)
You don’t knowtheir e-mail address
![Page 47: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/47.jpg)
You don’t knowif they’re a personor an evil robot
![Page 48: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/48.jpg)
(or a dog)
![Page 49: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/49.jpg)
?Where do I get that information from?
![Page 50: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/50.jpg)
You ask them!
![Page 51: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/51.jpg)
OpenID can even help them answer
![Page 52: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/52.jpg)
![Page 53: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/53.jpg)
![Page 54: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/54.jpg)
![Page 55: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/55.jpg)
![Page 56: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/56.jpg)
?How can I tell if they’rean evil spambot?
![Page 57: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/57.jpg)
Same as usual: challenge them with a CAPTCHA
![Page 58: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/58.jpg)
?So how does OpenIDactually work?
![Page 59: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/59.jpg)
![Page 60: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/60.jpg)
![Page 61: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/61.jpg)
<link rel="openid.server" href="http://www.myopenid.com/server" />
![Page 62: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/62.jpg)
“I’m simonwillison.myopenid.com”
![Page 63: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/63.jpg)
Site fetches HTML,discovers identity provider
![Page 64: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/64.jpg)
Establishes shared secretwith identity provider
(Using Diffie-Hellman key exchange)
![Page 65: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/65.jpg)
Redirects you to the identity provider
![Page 66: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/66.jpg)
If you’re logged in there, you get redirected back
![Page 67: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/67.jpg)
?How does my identityprovider know who I am?
![Page 68: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/68.jpg)
OpenID deliberately doesn’t specify
![Page 69: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/69.jpg)
username/passwordis common
![Page 70: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/70.jpg)
But providers can use other methods if
they want to
![Page 71: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/71.jpg)
Client SSL certificates
![Page 72: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/72.jpg)
Out of band authentication via SMS,
e-mail or Jabber
![Page 73: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/73.jpg)
IP based login restrictions
![Page 74: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/74.jpg)
(one guy set that up using DynDNS)
![Page 75: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/75.jpg)
SecurID keyfobs
![Page 76: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/76.jpg)
No authentication at all (just say “Yes”)
![Page 77: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/77.jpg)
?Just say “yes”?
![Page 78: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/78.jpg)
Yup. That’s the OpenID version of bugmenot.com
![Page 80: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/80.jpg)
Users can give away their passwords today - this is just the OpenID
equivalent
![Page 81: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/81.jpg)
?What if I decide I hate my provider?
![Page 82: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/82.jpg)
Use your owndomain name
![Page 83: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/83.jpg)
Delegate to a provider you trust
![Page 84: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/84.jpg)
![Page 85: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/85.jpg)
![Page 86: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/86.jpg)
<link rel="openid.server" href="http://www.livejournal.com/openid/server.bml"><link rel="openid.delegate" href="http://swillison.livejournal.com/">
![Page 87: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/87.jpg)
Support for delegation is compulsory
![Page 88: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/88.jpg)
This minimises lock in
![Page 89: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/89.jpg)
?So everyone will end upwith one OpenID that
they use for everything?
![Page 90: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/90.jpg)
Probably not
![Page 91: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/91.jpg)
(I have half a dozen OpenIDs already)
![Page 92: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/92.jpg)
People like maintaining multiple online personas
![Page 93: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/93.jpg)
professionalsocialsecret
...
![Page 94: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/94.jpg)
OpenID makes it easier to manage multiple
online personas
![Page 95: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/95.jpg)
Three accounts is still better than three dozen
![Page 96: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/96.jpg)
?If an OpenID is just a URL, is there anything else interesting
you can do with it?
![Page 97: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/97.jpg)
Yes. Different OpenIDs can express different things
![Page 98: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/98.jpg)
My AOL OpenID proves my AIM screen name
![Page 99: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/99.jpg)
An OpenID from sun.com proves that someone is a current
Sun employee
![Page 100: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/100.jpg)
A last.fm OpenIDcould incorporatemy taste in music
![Page 101: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/101.jpg)
My LiveJournal OpenID tells you where to find
my blog
![Page 102: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/102.jpg)
... and a FOAF filelisting my friends
![Page 103: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/103.jpg)
doxory.com uses this for contact imports
![Page 104: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/104.jpg)
?Why is OpenID worth implementing over all the other identity standards?
![Page 105: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/105.jpg)
It’s simple
![Page 106: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/106.jpg)
Unix philosophy:It solves one,tiny problem
![Page 107: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/107.jpg)
It’s a dumb network
![Page 108: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/108.jpg)
Many of the competing standards are now on
board
![Page 109: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/109.jpg)
?Isn’t putting all myeggs in one basketa really bad idea?
![Page 110: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/110.jpg)
Bad news: chances are you already do
![Page 111: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/111.jpg)
“I forgot my password” means your e-mail
account is already an SSO mechanism
![Page 112: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/112.jpg)
OpenID just makes this a bit more obvious
![Page 113: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/113.jpg)
?What about phishing?
![Page 114: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/114.jpg)
Phishing is a problem
![Page 115: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/115.jpg)
I can has lolcats!? BETA
Make your own lolcats! lol
Sign in with your OpenID:
OpenID: Sign in
http://icanhascheezburger.com/2007/05/16/i-has-a-backpack/
![Page 116: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/116.jpg)
Fake edition
Username and password, please!
Your identity provider
Username:
Password:Log in
![Page 117: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/117.jpg)
Identity theft :(
![Page 118: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/118.jpg)
An untrusted site redirects you to your
trusted provider
![Page 119: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/119.jpg)
Sound familiar?
![Page 120: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/120.jpg)
PayPalYahoo! BBAuthGoogle Auth
Google Checkout
![Page 121: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/121.jpg)
You guys already need to solve that problem!
![Page 122: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/122.jpg)
One solution: don’t let the user log in on the
identity provider “landing page”
![Page 123: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/123.jpg)
![Page 124: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/124.jpg)
Better solutions
![Page 125: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/125.jpg)
CardSpace
![Page 126: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/126.jpg)
Native browser support for OpenID (e.g. SeatBelt)
![Page 127: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/127.jpg)
Competition between providers
![Page 128: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/128.jpg)
Permanent cookie set using out-of-band token
![Page 129: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/129.jpg)
?Best practices for OpenID consumers?
![Page 130: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/130.jpg)
“I forgot my password” becomes “I can’t sign in
with my OpenID”
![Page 131: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/131.jpg)
Allow multiple OpenIDs to be associated with a
single account
![Page 132: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/132.jpg)
People can still signin if one of their
providers is down
![Page 133: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/133.jpg)
People can un-associate an OpenID without
locking themselves out
![Page 134: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/134.jpg)
You can take advantage of site-specific services around each of their
OpenIDs
![Page 135: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/135.jpg)
?Any other neat tricks?
![Page 136: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/136.jpg)
Portable contact lists
![Page 137: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/137.jpg)
Facebook (and others) currently ask for the
user’s Google username and password
![Page 138: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/138.jpg)
I don’t need to tell you why that’s a horrible idea
![Page 139: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/139.jpg)
Lightweight accounts
![Page 140: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/140.jpg)
Pre-approved accounts
![Page 141: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/141.jpg)
Social whitelists
![Page 142: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/142.jpg)
OpenID and microformats
![Page 143: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/143.jpg)
Decentralised social networks?
![Page 144: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/144.jpg)
“People keep asking me to join the LinkedIn network, but I’m already part of a network, it’s
called the Internet.”Gary McGraw, via Jon Udell, via Gavin Bell
![Page 145: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/145.jpg)
?Doesn’t this outsource the security of my users to untrusted third parties?
![Page 146: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/146.jpg)
Yes it does. But...
![Page 147: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/147.jpg)
... so do “forgotten password” e-mails!
![Page 148: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/148.jpg)
If e-mail is secure enough for your user’s
authentication, so is OpenID
![Page 149: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/149.jpg)
Password e-mails are essentially SSO with a deliberately bad user
experience
![Page 150: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/150.jpg)
?What are the privacy implications?
![Page 151: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/151.jpg)
Cross correlation of accounts
![Page 152: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/152.jpg)
Don’t publish a user’s OpenID without making it clear that you’re going
to do that
![Page 153: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/153.jpg)
Allow users to opt-out of sharing their OpenID
![Page 154: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/154.jpg)
?The online equivalent of a credit reporting agency?
![Page 155: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/155.jpg)
This could be built today by sites conspiring to share e-mail addresses
![Page 156: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/156.jpg)
IANAL, but legal protections against this
already exist
![Page 157: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/157.jpg)
“Directed identity” in OpenID 2.0 makes it easy to use a different OpenID for every site
![Page 158: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/158.jpg)
?Patents?
![Page 159: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/159.jpg)
Sun and VeriSign have both announced
“patent covenants”
![Page 160: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/160.jpg)
They won’t smack you down with their patents
for using OpenID 1.1
![Page 161: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/161.jpg)
They will smack down anyone else who asserts their own patents against
OpenID
![Page 162: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/162.jpg)
?Who else is involved?
![Page 163: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/163.jpg)
(Slide borrowed from David Recordon)
![Page 164: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/164.jpg)
AOL - provider, full consumer by end of July
![Page 165: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/165.jpg)
Microsoft: Bill Gates expressed their interest at the RSA conference
![Page 166: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/166.jpg)
(mainly as good PR for CardSpace?)
![Page 167: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/167.jpg)
Sun: Patent Covenant, 33,000 employees
![Page 168: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/168.jpg)
Six Apart
![Page 169: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/169.jpg)
VeriSign
![Page 170: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/170.jpg)
JanRain
![Page 171: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/171.jpg)
Yahoo! - indirectly
![Page 172: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/172.jpg)
![Page 173: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/173.jpg)
Google?
![Page 174: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/174.jpg)
http://openid.net/
http://www.openidenabled.com/
http://simonwillison.net/tags/openid/
![Page 175: Implications Of OpenID (Google Tech Talk)](https://reader033.fdocuments.net/reader033/viewer/2022061300/54c8c53a4a79591e078b4593/html5/thumbnails/175.jpg)
Thank you