Slides for my "OpenID for starters" session held at Barcamp Berlin in November 2007.

1. OpenID for starters
Lukas L. Rosenstock
OpenID Foundation Europe
BarCamp Berlin II
03.11.07
0700LukasRos.de
Lukas Rosenstock Digitale Dienste

2. Outline
● About me
● About this presentation
● Problem and solution
● Concept URL-based identity
● History of OpenID
● User perspective
● Technical perspective
● Business perspective
● Visions for the future
● Criticism 0700LukasRos.de
Lukas Rosenstock Digitale Dienste

3. About me
● Lukas Leander Rosenstock (1984)
● Computer science student at Darmstadt University of
Technology
● Involved in smaller web projects
● Active OpenID-supporter since Sept. 2005
● OpenID Foundation Europe Member
● Web Montag Frankfurt & Cologne
● BarCamp Frankfurt & Cologne
0700LukasRos.de
Lukas Rosenstock Digitale Dienste

4. About this presentation
● Complete overview for starters
● Introduction into the topic, starts at „0“ (zero)
● More questions and discussion after the presentation
or in other sessions at this BarCamp
0700LukasRos.de
Lukas Rosenstock Digitale Dienste

5. Problem and solution (1)
● Web 2.0 sites allow interaction
● Web 1.0 sites too (e.g. Boards)
● Yes, I know, you can't say a site is „1.0“ or „2.0“ ...
● Register everywhere? Maybe for one post or
download?
● Remember passwords?
● Often the same information has to be entered, no
connection between profiles
● Effect: websites are still islands / walled gardens
2.0 0700LukasRos.de
Lukas Rosenstock Digitale Dienste

6. Problem and solution (2)
● Negative side-effect: Centralization encouraged (e.g..
Gravatar, MySpace, Facebook)
● “(de)centralisization-paradox”
● Solution: one „username“ for every site?
● Single-Sign-On
● A framework für interoperability, extensible with profile
exchange, reputation / claims / votings, distributed
social networks and applications (while privacy
remains)?
● Here we go ...
0700LukasRos.de
Lukas Rosenstock Digitale Dienste

7. Concept URL-based identity
● URL, more exact: HTTP-URL, as identifier
● Well-known and proved concept
● Namespace is easily accessible
● Describes a „space“
● (meta-)information can be requested synchronously
● Examples:
● http://daveman692.livejournal.com/
● http://0700lukasros.de/
● http://openid.aol.com/username
0700LukasRos.de
Lukas Rosenstock Digitale Dienste

8. History of OpenID (1)
● Originally YADIS = Yet Another Distributed
Identity System, developed by Brad Fitzpatrick
(Danga/SixApart/LiveJournal)
● 17th May 2005: Renamed to OpenID and
published
● Implementation on LiveJournal
● September 2005: First public OpenID-Servers
videntity.org and MyOpenID.com
0700LukasRos.de
Lukas Rosenstock Digitale Dienste

9. History of OpenID (2)
● October 2005: „Yadis“ newly announced as
interoperability platform für OpenID and LID (Light Weight
Identity, Netmesh)
● JanRain Inc writes OpenID code librarys for PHP, Perl,
Ruby and Python
● 21th March 2006: Yadis Spezifikation 1.0 published,
based upon XRI/XRDS/i-names
● 26th July 2006: announcement of the OpenID code
bounty program
0700LukasRos.de
Lukas Rosenstock Digitale Dienste

10. History of OpenID (3)
● Beginning of 2007: RSA Conference; Microsoft
announces support for OpenID
● interoperability with CardSpace / InfoCard
● AOL “inofficially” gives their 63 million members an
OpenID
● Question: What are Google and Yahoo doing?
● Evaluating internally!
● During 2007: some websites introduce at least partial
OpenID support (wordpress.com, Technorati)
● OpenID Foundation & OpenID Foundation Europe
0700LukasRos.de
Lukas Rosenstock Digitale Dienste

12. User perspective
● Use Case: Login/Signup on a website
– User already owns his OpenID
● Example ...
0700LukasRos.de
Lukas Rosenstock Digitale Dienste

18. Technical perspective
points to Identity Provider
Identity-URL
(IdP)
owns confirms identity
wants to identify Relying Party
End User/Client himself (RP)
0700LukasRos.de
Lukas Rosenstock Digitale Dienste

19. Identity Provider
Identity-URL
(IdP)
(1) asks (2) gets a
for IdP handle
(discovery) issued
(association)
[if not yet done]]
Relying Party
End User/Client
(RP)
(3) sends
redirection
to IdP
0700LukasRos.de
Lukas Rosenstock Digitale Dienste

20. Identity Provider
(IdP)
(1) session, cookie,
password, client
certificate, trust
setting (either
automatically of
interactive)
(2) sends
redirection
to the RP
with signature
(SHA1-HMAC)
(4) signature validation
Relying Party
End User/Client
(RP)
(3) redirection
0700LukasRos.de
Lukas Rosenstock Digitale Dienste

21. Business perspective
● What benefits does OpenID offer?
● As relying party (offer OpenID logins):
– lower entry barrier for potential customers
– more users, more profit :-)
0700LukasRos.de
Lukas Rosenstock Digitale Dienste

22. Business perspective
● As a provider (offering OpenID URLs):
– free bonus feature
– more links back to your site
● potentially higher pagerank
● Dominate the world with a “microsoft strategy”
(proprietary addons) ...
0700LukasRos.de
Lukas Rosenstock Digitale Dienste

25. Visions for the future
● URL as platform
– RSS, FOAF, Microformats
● Decentral Social Networking
– Good-bye to walled gardens
– videntity, claimID
– Who's next?
– An own dedicated session for this ...
0700LukasRos.de
Lukas Rosenstock Digitale Dienste

26. Visions for the future
● OpenID 2.0 and extensions coming up
– added security (& privacy)
– profile exchange
0700LukasRos.de
Lukas Rosenstock Digitale Dienste

27. Criticism
● openid-neindanke.de
● IdP as “Big Brother”?
– your ISP already is
– can be prevented with multiple OpenIDs
● IdP as SPoF
– can be prevented with multiple OpenIDs*
● Not secure?
– comparable to „password by email reset“
* this does not break the concept of OpenID
0700LukasRos.de
Lukas Rosenstock Digitale Dienste

28. That's all, folks ...
● Thanks for your attention!
● Questions now or in discussion session
● A link to slides will be on the BarCamp wiki
0700LukasRos.de
Lukas Rosenstock Digitale Dienste