The Implications of OpenID
-
Upload
simon-willison -
Category
Technology
-
view
118 -
download
0
description
Transcript of The Implications of OpenID
![Page 1: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/1.jpg)
The implications of
Simon WillisonXTech, 18th May 2007
![Page 2: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/2.jpg)
This talk isnot about
identity
![Page 3: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/3.jpg)
“identity”implies lots of unanswered questions
![Page 4: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/4.jpg)
I’m boredof unanswered
questions
![Page 5: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/5.jpg)
I’m going toanswer
as many questionsas possible
![Page 6: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/6.jpg)
(To keep things easy, I get to ask them)
![Page 7: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/7.jpg)
?Who here has used OpenID?
![Page 8: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/8.jpg)
?Who uses it regularly?
![Page 9: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/9.jpg)
![Page 10: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/10.jpg)
?What is OpenID?
![Page 11: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/11.jpg)
OpenID is a decentralised mechanism
for Single Sign On
![Page 12: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/12.jpg)
?What problemsdoes it solve?
![Page 13: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/13.jpg)
“Too many passwords!”
![Page 14: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/14.jpg)
“Someone else nabbed my username”
![Page 15: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/15.jpg)
“My online profile is scattered across dozens of sites”
(potentially, at least)
![Page 16: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/16.jpg)
?What is an OpenID?
![Page 17: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/17.jpg)
An OpenID is a URL
![Page 21: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/21.jpg)
http://openid.aol.com/simonwillison/
![Page 22: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/22.jpg)
?What can you do with an OpenID?
![Page 23: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/23.jpg)
You can claim that you own it
![Page 24: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/24.jpg)
You can provethat claim
![Page 25: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/25.jpg)
?Why is that useful?
![Page 26: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/26.jpg)
You can use it for authentication
![Page 27: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/27.jpg)
“Who the heck are you?!”
![Page 28: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/28.jpg)
“I’m simonwillison.net”
![Page 29: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/29.jpg)
“prove it!”
![Page 30: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/30.jpg)
(magic happens)
![Page 31: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/31.jpg)
“OK, you’re in!”
![Page 32: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/32.jpg)
?So it’s a bit like Microsoft Passport,
then?
![Page 33: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/33.jpg)
Yes, but Microsoftdon’t get to own your
credentials
![Page 34: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/34.jpg)
?Who does get toown them, then?
![Page 35: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/35.jpg)
You, the user, decide.
![Page 36: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/36.jpg)
You pick a provider
![Page 37: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/37.jpg)
(just like e-mail)
![Page 38: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/38.jpg)
?So I’m still giving someone the keys to my kingdom?
![Page 39: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/39.jpg)
Yes, but it can be someone you trust
![Page 40: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/40.jpg)
If you have the ability to run your own server
software, you can do it for yourself.
![Page 41: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/41.jpg)
?OK, how do I use it?
![Page 42: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/42.jpg)
![Page 43: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/43.jpg)
![Page 44: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/44.jpg)
![Page 45: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/45.jpg)
![Page 46: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/46.jpg)
![Page 47: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/47.jpg)
?So my users don’thave to sign up for an
account?
![Page 48: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/48.jpg)
Not necessarily
![Page 49: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/49.jpg)
An OpenID tells youvery little about a user
![Page 50: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/50.jpg)
You don’t knowtheir name
![Page 51: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/51.jpg)
You don’t knowtheir e-mail address
![Page 52: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/52.jpg)
You don’t knowif they’re a personor an evil robot
![Page 53: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/53.jpg)
(or a dog)
![Page 54: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/54.jpg)
?Where do I get that information from?
![Page 55: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/55.jpg)
You ask them!
![Page 56: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/56.jpg)
OpenID can even help them answer
![Page 57: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/57.jpg)
![Page 58: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/58.jpg)
![Page 59: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/59.jpg)
![Page 60: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/60.jpg)
![Page 61: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/61.jpg)
?How can I tell if they’rean evil spambot?
![Page 62: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/62.jpg)
Same as usual: challenge them with a CAPTCHA
![Page 63: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/63.jpg)
botbouncer.com can tell you if their OpenID has
passed a CAPTCHA before
![Page 64: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/64.jpg)
(assuming you trust botbouncer.com)
![Page 65: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/65.jpg)
?So how does OpenIDactually work?
![Page 66: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/66.jpg)
![Page 67: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/67.jpg)
![Page 68: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/68.jpg)
<link rel="openid.server" href="http://www.myopenid.com/server" />
![Page 69: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/69.jpg)
“I’m simonwillison.myopenid.com”
![Page 70: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/70.jpg)
Site fetches HTML,discovers identity provider
![Page 71: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/71.jpg)
Establishes shared secretwith identity provider
(Using Diffie-Hellman key exchange)
![Page 72: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/72.jpg)
Redirects you to the identity provider
![Page 73: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/73.jpg)
If you’re logged in there, you get redirected back
![Page 74: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/74.jpg)
?How does my identityprovider know who I am?
![Page 75: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/75.jpg)
OpenID deliberately doesn’t specify
![Page 76: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/76.jpg)
username/passwordis common
![Page 77: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/77.jpg)
But providers can use other methods if
they want to
![Page 78: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/78.jpg)
Client SSL certificates
![Page 79: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/79.jpg)
Out of band authentication via SMS,
e-mail or Jabber
![Page 80: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/80.jpg)
IP based login restrictions
![Page 81: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/81.jpg)
(one guy set that up using DynDNS)
![Page 82: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/82.jpg)
SecurID keyfobs
![Page 83: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/83.jpg)
No authentication at all (just say “Yes”)
![Page 84: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/84.jpg)
?Just say “yes”?
![Page 85: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/85.jpg)
Yup. That’s the OpenID version of bugmenot.com
![Page 87: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/87.jpg)
Users can give away their passwords today - this is just the OpenID
equivalent
![Page 88: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/88.jpg)
?What if I decide I hate my provider?
![Page 89: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/89.jpg)
Use your owndomain name
![Page 90: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/90.jpg)
Delegate to a provider you trust
![Page 91: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/91.jpg)
![Page 92: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/92.jpg)
![Page 93: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/93.jpg)
<link rel="openid.server" href="http://www.livejournal.com/openid/server.bml"><link rel="openid.delegate" href="http://swillison.livejournal.com/">
![Page 94: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/94.jpg)
Support for delegation is compulsory
![Page 95: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/95.jpg)
Minimise lock in
![Page 96: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/96.jpg)
?So everyone will end upwith one OpenID that
they use for everything?
![Page 97: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/97.jpg)
Probably not
![Page 98: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/98.jpg)
(I have half a dozen OpenIDs already)
![Page 99: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/99.jpg)
People like maintaining multiple online personas
![Page 100: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/100.jpg)
professionalsocialsecret
...
![Page 101: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/101.jpg)
OpenID makes it easier to manage multiple
online personas
![Page 102: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/102.jpg)
Different OpenIDs can express different things
![Page 103: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/103.jpg)
My AOL OpenID proves my AIM screen name
![Page 104: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/104.jpg)
A last.fm OpenIDcould incorporatemy taste in music
![Page 105: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/105.jpg)
My LiveJournal OpenID tells you where to find
my blog
![Page 106: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/106.jpg)
... and a FOAF filelisting my friends
![Page 107: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/107.jpg)
doxory.com uses this for contact imports
![Page 108: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/108.jpg)
An OpenID from sun.com proves that someone is a current
Sun employee
![Page 109: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/109.jpg)
?Why is OpenID worth implementing over all the other identity standards?
![Page 110: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/110.jpg)
It’s simple
![Page 111: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/111.jpg)
Unix philosophy:It solves one,tiny problem
![Page 112: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/112.jpg)
It’s a dumb network
![Page 113: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/113.jpg)
Many of the competing standards are now on
board
![Page 114: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/114.jpg)
?Isn’t putting all myeggs in one basketa really bad idea?
![Page 115: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/115.jpg)
Bad news: chances are you already do
![Page 116: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/116.jpg)
“I forgot my password” means your e-mail
account is already an SSO mechanism
![Page 117: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/117.jpg)
OpenID just makes this a bit more obvious
![Page 118: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/118.jpg)
?What about phishing?
![Page 119: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/119.jpg)
Phishing is a problem
![Page 120: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/120.jpg)
I can has lolcats!? BETA
Make your own lolcats! lol
Sign in with your OpenID:
OpenID: Sign in
![Page 121: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/121.jpg)
Fake edition
Username and password, please!
Your identity provider
Username:
Password:Log in
![Page 122: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/122.jpg)
Identity theft :(
![Page 123: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/123.jpg)
An untrusted site redirects you to your
trusted provider
![Page 124: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/124.jpg)
Sound familiar?
![Page 125: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/125.jpg)
That’s how Paypal works!
![Page 126: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/126.jpg)
It still sucks though
![Page 127: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/127.jpg)
One solution: don’t let the user log in on the
identity provider “landing page”
![Page 128: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/128.jpg)
![Page 129: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/129.jpg)
Better solutions
![Page 130: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/130.jpg)
CardSpace
![Page 131: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/131.jpg)
Seat belt
![Page 132: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/132.jpg)
Native browser support for OpenID
![Page 133: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/133.jpg)
Competition between providers
![Page 134: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/134.jpg)
?How do I implementOpenID on my site?
![Page 135: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/135.jpg)
As a consumer...
![Page 136: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/136.jpg)
Grab an OpenID library for your chosen
language or platform
![Page 138: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/138.jpg)
Allow your existing users to associate their accounts with one or
more OpenIDs
![Page 139: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/139.jpg)
(make sure you authenticate the OpenIDs first)
![Page 140: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/140.jpg)
Allow people to kick-start the registration process with their
OpenID
![Page 141: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/141.jpg)
Make passwords optional during signup if an OpenID has already
been confirmed
![Page 142: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/142.jpg)
As a provider...
![Page 143: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/143.jpg)
Figure out your anti-phishing mechanism
![Page 144: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/144.jpg)
Read the spec!
![Page 145: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/145.jpg)
?Why allow multiple OpenIDs per account?
![Page 146: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/146.jpg)
People can still signin if one of their
providers is down
![Page 147: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/147.jpg)
People can un-associate an OpenID without
locking themselves out
![Page 148: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/148.jpg)
You can take advantage of site-specific services
around OpenID
![Page 149: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/149.jpg)
?Any other neat tricks?
![Page 150: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/150.jpg)
Yes, lots!
![Page 151: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/151.jpg)
Lightweight accounts
![Page 152: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/152.jpg)
Pre-approved accounts
![Page 153: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/153.jpg)
Social whitelists
![Page 154: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/154.jpg)
OpenID and hCard
![Page 155: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/155.jpg)
Decentralised social networks?
![Page 156: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/156.jpg)
“People keep asking me to join the LinkedIn network, but I’m already part of a network, it’s
called the Internet.”Gary McGraw, via Jon Udell, via Gavin Bell
![Page 157: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/157.jpg)
?What are the privacy implications?
![Page 158: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/158.jpg)
Cross correlation of accounts
![Page 159: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/159.jpg)
Don’t publish a user’s OpenID without explicit
permission
![Page 160: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/160.jpg)
?The online equivalent of a credit reporting agency?
![Page 161: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/161.jpg)
This could be built today by sites conspiring to share e-mail addresses
![Page 162: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/162.jpg)
IANAL, but legal protections against this
already exist
![Page 163: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/163.jpg)
OpenID 2.0 makes it trivial to use a different OpenID for every site
![Page 164: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/164.jpg)
?Patents?
![Page 165: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/165.jpg)
Sun have pre-announced a “patent covenant”
![Page 166: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/166.jpg)
They won’t clobber OpenID with their
patents
![Page 167: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/167.jpg)
They’ll clobber anyone else who tries to
![Page 168: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/168.jpg)
?Who else is involved?
![Page 169: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/169.jpg)
AOL - provider, full consumer by end of June
![Page 170: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/170.jpg)
Microsoft: Bill Gates expressed their interest
![Page 171: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/171.jpg)
(Mainly as good PR for CardSpace)
![Page 172: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/172.jpg)
Sun: Patent Covenant, 33,000 employees
![Page 173: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/173.jpg)
Six Apart
![Page 174: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/174.jpg)
VeriSign
![Page 175: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/175.jpg)
JanRain
![Page 176: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/176.jpg)
You?
![Page 177: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/177.jpg)
http://openid.net/
http://www.openidenabled.com/
http://simonwillison.net/tags/openid/
![Page 178: The Implications of OpenID](https://reader034.fdocuments.us/reader034/viewer/2022051014/54c8c54c4a795913078b459d/html5/thumbnails/178.jpg)
Thank you