The Future of Software Development - Devin AI Innovative Approach.pdf
Digital ID World 2007 - Understanding Openid
1. Understanding
Digital ID World 2007
David Recordon Eve Maler
Open Platforms Tech Lead Technology Director
david@sixapart.com eve.maler@sun.com
2. quot;Its definitely time to declare quot;OpenID is a protocol made
OpenID a winnerquot; for the public, by the public.
TechCrunch No one owns or controls your
login information:You do.quot;
37signals
quot;...sees great potential for OpenID's use
alongside enterprise-ready software
infrastructurequot;
Sun Microsystems
quot;taking the world by stormquot;
quot;this high profile announcement marks
Tim O'Reilly
the importance of single sign on identity
technology to the future of the Internetquot;
ReadWriteWeb
3. What is OpenID?
• Single sign-on for the web
• Simple and light-weight
(not going to replace your bank card pin)
• Easy to use and deploy
• Built upon proven existing technologies
(DNS, HTTP, SSL/TLS, Diffie-Hellman)
• Decentralized
(you don't have to ask anyone permission to implement it)
• Free!
4. An OpenID is a URI
• URLs are globally unique
and ubiquitous
• OpenID allows proving
ownership of an URI
• People already have
identity at URLs via
blogs, photos, MySpace,
FaceBook, etc
• People already describe
relationships via URLs
(e.g. links to my friends)
6. Benefits
• Reduces the number of usernames and
passwords
• Simplifies new account creation
• Allows for lightweight accounts
• Simplifies internal SSO
• Enables wide-spread benefit of strong
authentication
• Enables decentralized reputation
• Enables social network portability
20. 6
Total Relying Parties
0
(aka places you can login with OpenID)
0
6,000
2
4,500
3,000
1,500
0
'05
ct
ov
ec
'06
b
ar
r
ay
e
ly
g
p
Ap
Au
n
Fe
Se
Ju
O
M
M
D
N
Ju
p
Jan
Se
OpenID 1.1 - As viewed by MyOpenID.com
21. Total Relying Parties (aka places you can login with OpenID)
6,000
4,500
3,000
1,500
0
'05
ct
ov
ec
'06
b
ar
r
ay
e
ly
g
p
ct
ov
ec
'07
b
ar
r
ay
e
ly
st
22
Ap
Ap
Au
n
n
Fe
Se
Fe
Ju
Ju
gu
O
O
M
M
M
M
D
D
N
Ju
N
Ju
p
p
Jan
Jan
Au
Se
Se
OpenID 1.1 - As viewed by MyOpenID.com
22. quot;So that's great there
are so many blogs, but
what about something
real?quot;
33. IE Team has posted a job
ad mentioning quot;OpenIDquot;
quot;Does the idea of redefining the role of the Internet browser appeal to you?
Do the terms HTTP, RSS, Microformats, and OpenID, excite you? If so, then
this just might be the opportunity for you.quot;
36. Founding Board
Scott Kveton David Recordon
Chair Vice-Chair
scott@kveton.com david@sixapart.com
Dick Hardt Martin Atkins
Treasurer Secretary
dick@sxip.com mart@degeneration.co.uk
Johannes Ernst Drummond Reed
jernst@netmesh.us drummond.reed@cordance.net
Bill Washburn
Artur Bergman
Executive Director
sky@crucially.net
bill@oidf.org
37. Current Efforts
• Add four corporate board members
• Finalize an IPR policy for future technical work
(effort let by OIDF, AOL, Microsoft, Sun, Symantec,VeriSign,Yahoo!)
• Develop a trademark policy that supports the
World-wide OpenID community
• Develop and refined core messaging for
OpenID and websites oriented toward
developers, users, and other potential adopters
• Coordinate World-wide joint marketing and
evangelism (Snorri Giorgetti appointed as European representative)
40. • Exploratory program launched by Sun in May
• Why?
• Learn from experience!
• Analyze use cases that connect business scenarios and
“enterprise-strength” technology
• Pass on our experiences to customers, partners, and
others
• What does it include?
• An OpenID Provider (of a specialized sort)
• Advising Sun website teams on OpenID
• A non-assertion covenant (important IPR declaration)
• Sharing what we learn
41. The Sun Provider
• Only for Sun employees
• http://openid.sun.com/nickname
• These are effectively pseudonyms (and we don’t peek)
• Can be used directly or with delegation
• Use of Sun’s OpenID authentication service means:
• “Yes, this person is associated with this OpenID” and
“This person is a current Sun employee”
• OpenID relying parties can act on this additional knowledge
• e.g. offer discounts to proven Sun employees
42. Architecture
Enterprise-class and open-sourced
OpenSSO.dev.java.net/public/extensions/openid
OpenSSO.dev.java.net
http://blogs.sun.com/hubertsblog has more information
43. How are they being used?
• Not for business use -- an “employee perk”
• ProjectConcordia.org wiki (work-related use that I
undertake on my own recognizance)
• Not currently using for internal applications
• Not a corporate approved authn mechanism
• Currently low usage
• <1% of employees have signed up (~350)
• ~7% the number of employees on Facebook
44. Formal Security Review
• Business purposes:
What we are trying to achieve, so that risks can be
appropriately measured and mitigated?
• Data governance:
What responsibilities do we have regarding employee data
privacy?
• Authentication:
Why did we choose the password method?
• Protocol and implementation:
Where are the “holes”?
• www.laurenwood.org/anyway - starting September 19th
45. Do Sun Websites Accept OpenID?
• Pitched to several community site owners
• No takers to date
• Why?
• Doesn’t completely remove local account management
• Allows decentralized authorization only if everyone
adopts it
• No currently deployed OpenID standard for locally and
third party asserted authorization claims
• Business prioritization
• Lost account costs not high enough
• Not high-enough user demand
46. Offer all employees
OpenIDs; open source
Enterprise SSO and
identity manager with
LDAP and OpenID
Internal SSO for bug
trackers and wikis
OpenID Provider with
plans to ship in enterprise
products this year
Shared OpenID Provider
for their businesses and
partners
Project management,
CRM, and billing for small
businesses
47. Thanks!
Questions?
http://openid.net/
http://sun.com/identity/
David Recordon Eve Maler
davidrecordon.com xmlgrrl.com/blog/
david@sixapart.com eve.maler@sun.com