Lecture 20101124
-
Upload
anderson-liang -
Category
Technology
-
view
110 -
download
2
description
Transcript of Lecture 20101124
![Page 1: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/1.jpg)
Web Identity Management
Anderson Liang
CTO, cacaFly
Nov. 24, 2010
![Page 2: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/2.jpg)
Problems
2
Too many ids & passwords
Someone took my desired name
Duplicated profiles everywhere
Account management is hard
![Page 3: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/3.jpg)
Users want
3
Single Identity
Roaming among sites
sign on once v.s. sign on every sites
![Page 4: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/4.jpg)
Administrators want
4
“They” are the same guy?
Federated Identity
![Page 5: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/5.jpg)
Portal
5
Portal
Hide & bridge everything behindProvide Sign On once experiences
![Page 6: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/6.jpg)
What Enterprises have
There are a lot of solutions dealing with these problems for enterprises
Novell
Microsoft
IBM
Oracle
Sun Microsystems (acquired by Oracle)
Other ISVs
6
![Page 7: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/7.jpg)
Portal w/ SSO & Identity Integration
Source: Novell Inc.
客戶
Portal+
NovellAccess
ManagerOracle DB
Web Server
MS AD
Sun iDS
Mail Server
NISDriver
eDirectory
Novell Identity Manager
LDAPDriver
JDBCDriver
ADDriver
FTP Server
合作夥伴
員工
帳號密碼
anderson********
![Page 8: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/8.jpg)
8
Unified Management of Identity
Single Sign On Central Management Identity Integration
Source: Novell Inc.
![Page 9: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/9.jpg)
9
Cover complete Identity Lifecycle
Promote
Relocate
New Project
Forget Passwo
rdPassword
Expired
Resource Access Control
PROVISIONAccount
Management
DE-PROVISION
AMIDM
Password Management
Source: Novell Inc.
![Page 10: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/10.jpg)
What Open Web has
10
SAML (2002~)&
OpenID (2005~)
http://connectid.blogspot.com/2006/11/we-need-iiw-in-panama.html
![Page 11: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/11.jpg)
What Open Web has
Open Stack (OpenID & more)
11
• Unencumbered, Cross-Platform Standards
• Open Source / Free Software Implementations
• No Single-Vendor "Lock-In”• Distributed Extensibility
http://developer.mozilla.org/presentations/sxsw2007/the_open_web/
![Page 12: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/12.jpg)
Why sites accept external identities?
Enhance user engagement
Leverage social impressions
or
The “outside” identity belongs to the same real person, who has relationship with “inside” identity
12
![Page 13: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/13.jpg)
Technically Speaking
13
We’re dealing with the problem:
“Authentication”
&
“Authorization”
among different sites
![Page 14: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/14.jpg)
OpenID Introduction
Ref: http://www.slideshare.net/daveman692/open-id-overview-seoul-july-2007
![Page 15: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/15.jpg)
What’s OpenID
Single sign-on for the web
Simple and light-weightnot going to replace your bank card pin
Easy to use and deploy
Built upon proven existing technologiesDNS, HTTP, SSL/TLS, Diffie-Hellman
Decentralizedno single point of failure in the protocol
User-Centric (not Site-Centric)
Free!15
![Page 16: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/16.jpg)
An OpenID is a URI
URLs are globally unique and ubiquitous
OpenID allows proving ownership of an URI
People already have identity at URLs via blogs, photos, MySpace, FaceBook, DAUM, etc
16
![Page 17: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/17.jpg)
My OpenID
17
![Page 18: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/18.jpg)
How it works
18
Service Provider(IDP)
Consumer Application(Relying Party, RP)
End User
![Page 19: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/19.jpg)
How it works?
1. Site fetches the HTML of my OpenID
2. Finds "openid.server“
3. Establishes a shared secret with the Provider
4. Redirects my browser to the Provider where I
authenticate and allow the OpenID login
5. Provider redirects my browser back to the site
with an OpenID response
6. Site verifies the signature and logs me in
19
![Page 20: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/20.jpg)
Sign On in RP site
20
![Page 21: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/21.jpg)
Redirect to IDP for authentication
21
![Page 22: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/22.jpg)
Grant permission to RP site
22
![Page 23: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/23.jpg)
Sign On process success!
23
![Page 24: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/24.jpg)
Create OpenID on your own domain
24
in http://andersonlamp.hopto.org/index.php
![Page 25: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/25.jpg)
How it works in detail
25http://www.openaselect.org/trac/openaselect/wiki/OpenID
![Page 26: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/26.jpg)
Related Specifications
OpenID Authentication 1.1/2.0
OpenID Attribute Exchange (AX) 1.0
OpenID Provider Authentication Policy
Extension (PAPE) 1.0
OpenID Simple Registration Extension
(SReg) 1.0
Yadis Discovery Protocol
26
![Page 27: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/27.jpg)
Demo: Yadis Discovery
Open Source OpenID Implementation
Test Sitesmyid.tw
myopenid.com
yahoo
27
![Page 28: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/28.jpg)
myid.tw
28
![Page 29: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/29.jpg)
myopenid.com
29
![Page 30: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/30.jpg)
30
![Page 31: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/31.jpg)
blogspot
31
![Page 32: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/32.jpg)
Yahoo
32
![Page 33: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/33.jpg)
33
![Page 34: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/34.jpg)
Is OpenID enough?
OpenID deal with the “Identity”, not the “resources”
Several extensions to enhance the authorization of accessing “resources”
34
![Page 35: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/35.jpg)
OpenID Conversation
35http://www.slideshare.net/steveivy/openid-oauth-an-introduction
![Page 36: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/36.jpg)
OAuth Conversation
36http://www.slideshare.net/steveivy/openid-oauth-an-introduction
![Page 37: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/37.jpg)
OAuth Introduction
Ref: http://www.slideshare.net/rmetzler/identity-on-the-web-openid-vs-oauth
![Page 38: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/38.jpg)
What’s OAuth?
Sharing your data without sharing your password
Site-Centric/Centralized
Registration-based
Secure API authentication
38
![Page 39: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/39.jpg)
Role
39
• User own Resource at Service Provider
• Manually register Consumer at Service Provider
• User grants Consumer access to Resource
![Page 40: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/40.jpg)
OAuth Flow
40http://oauth.net/core/diagram.png
![Page 41: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/41.jpg)
Sign in with OAuth
41
![Page 42: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/42.jpg)
Authenticate
42
![Page 43: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/43.jpg)
Grant Access
43
![Page 44: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/44.jpg)
Logged in
44
![Page 45: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/45.jpg)
OpenID v.s. OAuth
OpenID
Sharing Identity
Decentralized
Consumer-Provider-Relationship: unknown
OAuth
Sharing Resources
Centralized
Consumer-Provider-Relationship: known
45
![Page 46: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/46.jpg)
Google works
OpenID + OAuth
![Page 47: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/47.jpg)
Google Account as OpenID
Everyone can pastehttps://www.google.com/accounts/o8/idand login as your OpenID
It will be discovered by RP as an server endpoint, trigger an id_select login process
You will be issued an OpenID ashttps://www.google.com/accounts/o8/id?id=AItOwk...nqJOSI
47from: http://www.slideshare.net/timdream/google-apps-account-as-openid
![Page 48: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/48.jpg)
Google Account as OpenID
48
<?xml version="1.0" encoding="UTF-8"?><xrds:XRDS xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0)"> <XRD> <Service priority="0"> <Type>http://specs.openid.net/auth/2.0/server</Type> <Type>http://openid.net/srv/ax/1.0</Type> <Type>http://specs.openid.net/extensions/ui/1.0/mode/popup</Type> <Type>http://specs.openid.net/extensions/ui/1.0/icon</Type> <Type>http://specs.openid.net/extensions/pape/1.0</Type> <URI>https://www.google.com/accounts/o8/ud</URI> </Service> </XRD>
</xrds:XRDS>
from: http://www.slideshare.net/timdream/google-apps-account-as-openid
![Page 49: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/49.jpg)
OpenID + OAuth Dance
49from: http://code.google.com/intl/zh-TW/apis/accounts/docs/OpenID.html
![Page 50: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/50.jpg)
“id_select” process?
New* in OpenID 2.0
Which is introduced back in 2007
Indicate that user wishes to use a specific OpenID
IdP, however he didn’t know/say his own OpenID
Therefore the “id_select” login process asks the
OpenID IdP to select an ID for the user.
The other login process being “signon” process
50
![Page 51: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/51.jpg)
Yahoo
OpenID + OAuth
![Page 52: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/52.jpg)
http://openid.yahoo.com/
52
![Page 53: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/53.jpg)
Authenticate
53
![Page 54: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/54.jpg)
Rename your OpenID
54
![Page 55: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/55.jpg)
Yahoo Dance
55
![Page 56: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/56.jpg)
![Page 57: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/57.jpg)
facebook & yelp !
57
![Page 58: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/58.jpg)
Single Sign-On
Facebook enables you to remove the registration process for your site by enabling users to log in to your site with their Facebook account.
Once a user logs in to your site with his or her Facebook account, you can access the user's account information from Facebook, and the user is logged in to your site as long as he or she is logged in to Facebook.
http://developers.facebook.com/docs/guides/web#loginhttp://www.facebook.com/instantpersonalization/ 58
![Page 59: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/59.jpg)
Register Your Resource (App)
59
http://developers.facebook.com/setup/
![Page 60: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/60.jpg)
OAuth Authorization
60
https://graph.facebook.com/oauth/authorize?client_id=<your App ID>&redirect_uri=<redirect URL>
resource
![Page 61: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/61.jpg)
Grant Access to the Resource (App)
61
This is a demo APP to show the usage of facebook social plugins
http://andersonlamp.hopto.org/?code=2.XX7JPLlnLnC26i_5ldohMQ__.3600.1290531600-702462107|7qT7yWTCm4CjglPkLQDT2NnsMVw
![Page 62: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/62.jpg)
Get Access Token & Invoke Graph API
62
https://graph.facebook.com/oauth/access_token? client_id=<app id>& redirect_uri=<redirect url>& client_secret=<app secret>& code=<verification string>
access_token=1558827777************************4b20009d789d-100001*******************************LA44qC1NxGh-***
https://graph.facebook.com/me?access_token=...
![Page 63: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/63.jpg)
Quick start with social plugins
http://developers.facebook.com/plugins
Like Button Like Box
Comments
Activity Feed Recommendations
FriendpileLogin ButtonLive Stream
63
![Page 64: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/64.jpg)
Case Study
![Page 65: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/65.jpg)
Redefine the Problems
How to achieve Identity Federation?
Web Single Sign OnHow to let users sign on once (on one site), and roam everywhere (on other sites), for a given period of time?
Examplesfacebook Like Button outside facebook
funP Push Button outside funP
Yam’s Identity in funP.com
65
![Page 66: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/66.jpg)
facebook Like Button
66
![Page 67: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/67.jpg)
funP Push Button
67
![Page 68: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/68.jpg)
Sign On Yam
68
![Page 69: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/69.jpg)
Sign On Yam Successed
69
![Page 70: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/70.jpg)
Visit funP.com & Click Push Button
70
![Page 71: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/71.jpg)
Ask Remote Identity
71
We have a valid session from Yam at this moment!
![Page 72: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/72.jpg)
funP grant access w/o Sign On
72
Duration of the permission granted
User has choice to refuse to use the identity from Yam
![Page 73: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/73.jpg)
Enter funP with Yam’s Identity
73
![Page 74: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/74.jpg)
Click Push Button with Yam’s Identity
74
![Page 75: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/75.jpg)
Redefine the Problems
How to achieve Identity Federation?
Identity Integration (Identity Acquisition)How to recognize different Web identities represents the same real identity?
cross-domain user account provisioning
cross-domain entitlement management
cross-domain user attribute exchange
ExamplesfunP – account acquisition from Yam
Jibjab.com – leverage facebook accounts
75
![Page 76: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/76.jpg)
funP.com
76
![Page 77: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/77.jpg)
Option 1: Clone Yam’s Identity
77
Option 1Option 2
![Page 78: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/78.jpg)
Option 1:Create a funP Identity from Yam’s Identity
78
![Page 79: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/79.jpg)
Option 2:Upgrade Yam’s Identity to funP Identity
79
Upgrade notice
Name the new identity
![Page 80: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/80.jpg)
Option 2: Upgrade complete
80
![Page 81: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/81.jpg)
Yam Identity’s replica in funP
81
![Page 82: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/82.jpg)
Option 2: Acquire Yam’s Identity
82
![Page 83: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/83.jpg)
Sign On funP
83
Go to acquire external accounts
![Page 84: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/84.jpg)
Acquire Yam’s Identity
84
Acquire Yam’s Identity
![Page 85: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/85.jpg)
Redirect to authenticate Yam’s Identity
85
![Page 86: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/86.jpg)
Yam’s Authentication
86
![Page 87: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/87.jpg)
Authenticated! Return to funP
87
User can abandon the acquired identity instead
Identity acquired! Ask for final confirmation
![Page 88: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/88.jpg)
Identity acquisition complete
88
![Page 89: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/89.jpg)
Compound Identity
89
![Page 90: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/90.jpg)
Jibjab.com
90
![Page 91: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/91.jpg)
Choose to Sign On w/ fb Identity
91
![Page 92: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/92.jpg)
Redirect to Sign On with fb Identity
92
![Page 93: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/93.jpg)
Grant fb permissions
93
![Page 94: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/94.jpg)
Grant fb permission (again?)
94
![Page 95: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/95.jpg)
Ask to merge fb Identity w/ Jibjab one
95
![Page 96: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/96.jpg)
Signed in w/ fb Identity
96
![Page 97: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/97.jpg)
Users have freedom to link to a jibjab account anytime
97
![Page 98: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/98.jpg)
Remarks
![Page 99: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/99.jpg)
OpenID is “Open” for “Users”
99http://www.slideshare.net/steveivy/openid-oauth-an-introduction
![Page 100: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/100.jpg)
OAuth is “Open” for “Applications”
100http://www.slideshare.net/steveivy/openid-oauth-an-introduction
![Page 101: Lecture 20101124](https://reader038.fdocuments.us/reader038/viewer/2022102923/54c8c5744a79597b3c8b46d5/html5/thumbnails/101.jpg)
Q&A