SlideShare una empresa de Scribd logo

OpenID Authentication

Cédric Hüsler
Cédric Hüsler

Slides from the Google TechTalk (Zurich, Switzerland) in April 2007. A technical overview of OpenID. Originally posted: http://www.keepthebyte.ch/2007/04/google-tech-talk-on-openid.html

TecnologíaDiseño
1 de 23
Descargar para leer sin conexión
Distributed SSO Cédric Hüsler CTO local.ch Google TechTalk Zürich - April 2007
Quick Poll Who always use the same PW for every new account on a new site? Who has a blog? Who has an OpenID?
BA BA SII SC CS prove you are really who you suppose to be S Authentication Username & Password Challenge-response Public-Private Key vs. what are you allowed to do Authorization ACL (Access Control List) RBAC (Role-based Access Control)
BA BA SIIC S CS ability to uniquely identify yourself S Identity Your Name AHV-Nr / SSN Fingerprint vs. ability to control what others know about you Privacy Can you keep a secret? Virtualization Opt-in
BA BA SII SC CS how much can I depend on you? S trust vs. control how much information am I going to give?
BA BA SII SC CS S SSO Single-Sign-On   using the same automatic credentials to access authentication beyond multiple services session and service
= Authentication Delegation = Identity Manager = Open API ≠ Authentication ≠ Trust
Use a URL as user name! I own the domain: keepthebyte.ch - why not using it as user name?
Time for demo! http://jyte.com/
Login Process Overview Download at http://www.flickr.com/photos/keepthebyte/347821691/
...with trusted site auto login on the identity provider
HTTP Level - Part 1/3 User Agent <> RP GET: %site%/login.html POST: %site%/login with OpenID RP <> IdP GET: openid url mime:application/xrds+xml (Yadis Discovery) ?xml version=quot;1.0quot; encoding=quot;UTF-8quot;? xrds:XRDS xmlns:xrds=quot;xri://$xrdsquot; xmlns:openid=quot;http://openid.net/xmlns/1.0quot; xmlns=quot;xri://$xrd*($v*2.0)quot; XRD Service priority=quot;0quot; Typehttp://openid.net/signon/1.0/Type Typehttp://openid.net/sreg/1.0/Type URIhttp://www.myopenid.com/server/URI openid:Delegatehttp://keepthebyte.myopenid.com//openid:Delegate /Service /XRD /xrds:XRDS Fallback: GET: openid url mime:*/*
HTTP Level - Part 2/3 RP IdP (continued) ASSOCIATE REQUEST openid.dh_gen=Ag%3D%3D openid.session_type=DH-SHA1 openid.mode=associate openid.assoc_type=HMAC-SHA1 openid.dh_consumer_public=AMEJSFuaf%2Fi73z6uGonyKZUoIJQyI7PWSZJZBhACK8qQ48%2FIkplhKv%2BajPhSiNXz43%2Bb7nO% 2FyL86LQNlzNM3rFSP7nfAVoDZXUPyuQeacsCqg8vliMwTJUzu9MecZz4ngCgNLk8tOkBazhGJ7%2BCnx1g53dUVGvvV0LHMMMjUQMSo openid.dh_modulus=ANz5OguIOXLsDhmYmsWizjEOHTdxfo2Vcbt2I3MYZuYe91ouJ4mLBX% 2BYkcLiemOcPym2CBRYHNOyyjmG0mg3BVd9RcLn5S3IHHoXGHblzqdLFEi%2F368Ygo79JRnxTkXjgmY0rxlJ5bU1zIKaSDuKdiI% 2BXUkKJX8Fvf8W8vsixYOr ASSOCIATE RESPONSE assoc_type:HMAC-SHA1 assoc_handle:netmesh-u-1168177185-50172100 expires_in:2592000 session_type:DH-SHA1 dh_server_public:AIAkjwdpUn1lCHyQEzstI40wSnbsznGV/t+AepW/he/ChsS2N2WF9DTIpNyLtGBTECmF6w/ +DgtcjfVrujm1Z26CJBuwtDbJyL3rUCsqzn55RVCcM6QmBnRBD8q/5hbcI6jiBC9Nc78NfQywGE7YG3BCZZiT3Vz1etJAcRgPgUxJ enc_mac_key:eljydY56tUILU75CjytBwNF3Ec4=
HTTP Level - Part 3/3 User Agent RP REDIRECT TO IdP http://mylid.net/keepthebyte? openid.mode=checkid_setup openid.return_to=http%3A%2F%2Flocalhost%3A3000%2Fauth%2Fcomplete%3Fnonce%3DQ5CG5Hfk openid.trust_root=http%3A%2F%2Flocalhost%3A3000%2Fauth openid.identity=http%3A%2F%2Fmylid.net%2Fkeepthebyte openid.assoc_handle=netmesh-u-1168177185-50172100 User Agent IdP DO THE LOGIN (not part of the OpenID spec) REDIRECT TO RP http://localhost:3000/auth/complete? nonce=Q5CG5Hfk openid.mode=id_res openid.identity=http%3A%2F%2Fmylid.net%2Fkeepthebyte openid.return_to=http%3A%2F%2Flocalhost%3A3000%2Fauth%2Fcomplete%3Fnonce%3DQ5CG5Hfk openid.assoc_handle=netmesh-u-1168177185-50172100 openid.signed=mode,identity,return_to,assoc_handle openid.sig=c55qNAPI58pfRBDkVlRc5dbvnyU%3D
Delegated Authentication My original OpenID: 1 keepthebyte.myopenid.com Add these lines to the root HTML document of the domain “keepthebyte.ch”: 2 link rel=quot;openid.serverquot; href=quot;http://www.myopenid.com/serverquot; / link rel=quot;openid.delegatequot; href=quot;http://keepthebyte.myopenid.comquot; / meta http-equiv=quot;X-XRDS-Locationquot; content=quot;http://keepthebyte.myopenid.com/xrdsquot; / Now I can use my domain as my OpenID: 3 keepthebyte.ch
... Immediate Mode - “AJAX” Ask an IdP if a End User owns the Claimed Identifier, getting back an immediate quot;yesquot; or quot;can't sayquot; answer.
...Stateless (Dump Mode) Not recommended due Security Issue - Replay Attack - use SSL!
Extension: Simple Registration Make OpenID more useful - Extension of OpenID 1.1 - Part of OpenID 2.0 (Attribute Exchange) Manage personal profile centrally on the Identity Provider Control what profile properties are allowed to be share with the site you like to login Screenshots from http://www.myopenid.com
Extension: E-Mail as OpenID PR PR O O PO PO SA SA L!! L Make OpenID easier: URL 0 vs. Email 1 Proposal for OpenID 2.0 Enter Email in OpenID field: 1 keepthebyte@myopenid.com 2 Read the transformation template from the XRDS document Converted to URL before authentication: 3 keepthebyte.myopenid.com Spec: http://www.sappenin.com/openid/ext/oet/openid-email-transform-extension-1_0.html
Integration: Browser Make OpenID easier to use! Prevent Phishing! Firefox Add-ons: - Appalachian Download: http://simile.mit.edu/wiki/Appalachian - VeriSign’s OpenID Seatbelt On the roadmap for Firefox 3.0
Integration: ??? H H YP YP E? E? Blog URL is the OpenID Microsoft announced it will integrate OpenID in CardSpace (WS-*) AOL provide an OpenID for all its users Web 2.0 Sites: Technorati, Ma.gnolia, Opinity, netvibes, Digg (soon) CMS/Blogs/Wiki: Wordpress, Drupal, MovableType, MediaWiki, phpbb
Your action is required! READ The OpenID Case - in 4-pages by Kaliya Hamlin www.kaliyasblogs.net/IdentityWebExpo.pdf Specification at openid.net Open Source Libraries for PHP, Ruby, Java... openid.net/wiki/index.php/Libraries PLAY OpenID Providers - MyOpenID.com - VeriSign PIP Y - idproxy.net (with Yahoo Auth) TR - List: openid.net/wiki/index.php/OpenIDServers A IT E IV G
it? ot G That’s it Slides on: keepthebyte.ch Links on: del.icio.us/keepthebyte/openid

Recomendados

Proceso y metodología de investigación
Proceso y metodología de investigaciónProceso y metodología de investigación
Proceso y metodología de investigaciónruizstvn07
 
Lg real3 d-sdk
Lg real3 d-sdkLg real3 d-sdk
Lg real3 d-sdkDroidcon Berlin
 
L'empresa al núvol v120430b
L'empresa al núvol v120430bL'empresa al núvol v120430b
L'empresa al núvol v120430bIMET Club Emprendre
 
Apocalipsis oceanico
Apocalipsis oceanicoApocalipsis oceanico
Apocalipsis oceanicoRose Menacho
 
Curso experto maitre
Curso experto maitreCurso experto maitre
Curso experto maitreEuroinnova Formación
 
Monseñor Romero, piezas para un retrato - López Vigil
Monseñor Romero, piezas para un retrato - López VigilMonseñor Romero, piezas para un retrato - López Vigil
Monseñor Romero, piezas para un retrato - López VigilMarcos Eduardo Villa Corrales
 
Material für Schnullerketten
Material für Schnullerketten Material für Schnullerketten
Material für Schnullerketten myperlenwelt715
 
Tarea3 miguel bustos martinez
Tarea3 miguel bustos martinezTarea3 miguel bustos martinez
Tarea3 miguel bustos martinezmiguel_busmar
 

Recomendados

Proceso y metodología de investigación
Proceso y metodología de investigaciónProceso y metodología de investigación
Proceso y metodología de investigaciónruizstvn07
 
Lg real3 d-sdk
Lg real3 d-sdkLg real3 d-sdk
Lg real3 d-sdkDroidcon Berlin
 
L'empresa al núvol v120430b
L'empresa al núvol v120430bL'empresa al núvol v120430b
L'empresa al núvol v120430bIMET Club Emprendre
 
Apocalipsis oceanico
Apocalipsis oceanicoApocalipsis oceanico
Apocalipsis oceanicoRose Menacho
 
Curso experto maitre
Curso experto maitreCurso experto maitre
Curso experto maitreEuroinnova Formación
 
Monseñor Romero, piezas para un retrato - López Vigil
Monseñor Romero, piezas para un retrato - López VigilMonseñor Romero, piezas para un retrato - López Vigil
Monseñor Romero, piezas para un retrato - López VigilMarcos Eduardo Villa Corrales
 
Material für Schnullerketten
Material für Schnullerketten Material für Schnullerketten
Material für Schnullerketten myperlenwelt715
 
Tarea3 miguel bustos martinez
Tarea3 miguel bustos martinezTarea3 miguel bustos martinez
Tarea3 miguel bustos martinezmiguel_busmar
 
Jornada anual con clientes en Vigo 25/04/2012
Jornada anual con clientes en Vigo 25/04/2012Jornada anual con clientes en Vigo 25/04/2012
Jornada anual con clientes en Vigo 25/04/2012Seresco
 
RSE GUIA DE IMPLEMENTACIÒN PARA PYMES
RSE GUIA DE IMPLEMENTACIÒN PARA PYMESRSE GUIA DE IMPLEMENTACIÒN PARA PYMES
RSE GUIA DE IMPLEMENTACIÒN PARA PYMESManuel Bedoya D
 
27 04 15_guia_exprese_dmj
27 04 15_guia_exprese_dmj27 04 15_guia_exprese_dmj
27 04 15_guia_exprese_dmjAmet Arce C
 
Enfermera general
Enfermera generalEnfermera general
Enfermera generalErika Jimenes Ordoñes
 
Desechos peligrosos
Desechos peligrososDesechos peligrosos
Desechos peligrososjuan_023
 
Pitufando en valldemossa
Pitufando en valldemossaPitufando en valldemossa
Pitufando en valldemossamaryana1420
 
III Congreso FEARP (Federación Española de Asociaciones de Rehabilitación Psi...
III Congreso FEARP (Federación Española de Asociaciones de Rehabilitación Psi...III Congreso FEARP (Federación Española de Asociaciones de Rehabilitación Psi...
III Congreso FEARP (Federación Española de Asociaciones de Rehabilitación Psi...Bizitegi Bizitegi
 
Curriculo 11º
Curriculo 11ºCurriculo 11º
Curriculo 11ºHarold Moreno
 
Diccionario.....
Diccionario.....Diccionario.....
Diccionario.....jasus2311
 
Curs ubuntu
Curs ubuntuCurs ubuntu
Curs ubuntucrys72f
 
Vogue uk march_2016
Vogue uk march_2016Vogue uk march_2016
Vogue uk march_2016PrivetOUTLET
 
AoD Annual Report 2015 - FINAL
AoD Annual Report 2015 - FINALAoD Annual Report 2015 - FINAL
AoD Annual Report 2015 - FINALPeter Harden
 
Pressebericht: DOMUS NAVI / Kommunikation und Organisation für Immobilienverw...
Pressebericht: DOMUS NAVI / Kommunikation und Organisation für Immobilienverw...Pressebericht: DOMUS NAVI / Kommunikation und Organisation für Immobilienverw...
Pressebericht: DOMUS NAVI / Kommunikation und Organisation für Immobilienverw...DOMUS Software AG
 
SASTRERIA BARCELONA TERNOS A LA MEDIDA
SASTRERIA BARCELONA TERNOS A LA MEDIDASASTRERIA BARCELONA TERNOS A LA MEDIDA
SASTRERIA BARCELONA TERNOS A LA MEDIDAalvisegperu
 
Experience Manager 6 Developer Features - Highlights
Experience Manager 6 Developer Features - HighlightsExperience Manager 6 Developer Features - Highlights
Experience Manager 6 Developer Features - HighlightsCédric Hüsler
 
Building Content Applications with JCR and OSGi
Building Content Applications with JCR and OSGiBuilding Content Applications with JCR and OSGi
Building Content Applications with JCR and OSGiCédric Hüsler
 
CRX 2 Content Application Platform
CRX 2 Content Application PlatformCRX 2 Content Application Platform
CRX 2 Content Application PlatformCédric Hüsler
 
Day CQ 5.3 WCM - Was ist neu
Day CQ 5.3 WCM - Was ist neuDay CQ 5.3 WCM - Was ist neu
Day CQ 5.3 WCM - Was ist neuCédric Hüsler
 
Blogs, Wikis and Enterprise Social Networking Software
Blogs, Wikis and Enterprise Social Networking SoftwareBlogs, Wikis and Enterprise Social Networking Software
Blogs, Wikis and Enterprise Social Networking SoftwareCédric Hüsler
 
New recipes for the ever growing content cloud
New recipes for the ever growing content cloudNew recipes for the ever growing content cloud
New recipes for the ever growing content cloudCédric Hüsler
 
The 8 Don'ts of WCM
The 8 Don'ts of WCMThe 8 Don'ts of WCM
The 8 Don'ts of WCMCédric Hüsler
 
Cloud Based Content Services
Cloud Based Content ServicesCloud Based Content Services
Cloud Based Content ServicesCédric Hüsler
 

Más contenido relacionado

Destacado

Jornada anual con clientes en Vigo 25/04/2012
Jornada anual con clientes en Vigo 25/04/2012Jornada anual con clientes en Vigo 25/04/2012
Jornada anual con clientes en Vigo 25/04/2012Seresco
 
RSE GUIA DE IMPLEMENTACIÒN PARA PYMES
RSE GUIA DE IMPLEMENTACIÒN PARA PYMESRSE GUIA DE IMPLEMENTACIÒN PARA PYMES
RSE GUIA DE IMPLEMENTACIÒN PARA PYMESManuel Bedoya D
 
27 04 15_guia_exprese_dmj
27 04 15_guia_exprese_dmj27 04 15_guia_exprese_dmj
27 04 15_guia_exprese_dmjAmet Arce C
 
Desechos peligrosos
Desechos peligrososDesechos peligrosos
Desechos peligrososjuan_023
 
Pitufando en valldemossa
Pitufando en valldemossaPitufando en valldemossa
Pitufando en valldemossamaryana1420
 
III Congreso FEARP (Federación Española de Asociaciones de Rehabilitación Psi...
III Congreso FEARP (Federación Española de Asociaciones de Rehabilitación Psi...III Congreso FEARP (Federación Española de Asociaciones de Rehabilitación Psi...
III Congreso FEARP (Federación Española de Asociaciones de Rehabilitación Psi...Bizitegi Bizitegi
 
Diccionario.....
Diccionario.....Diccionario.....
Diccionario.....jasus2311
 
Curs ubuntu
Curs ubuntuCurs ubuntu
Curs ubuntucrys72f
 
Vogue uk march_2016
Vogue uk march_2016Vogue uk march_2016
Vogue uk march_2016PrivetOUTLET
 
AoD Annual Report 2015 - FINAL
AoD Annual Report 2015 - FINALAoD Annual Report 2015 - FINAL
AoD Annual Report 2015 - FINALPeter Harden
 
Pressebericht: DOMUS NAVI / Kommunikation und Organisation für Immobilienverw...
Pressebericht: DOMUS NAVI / Kommunikation und Organisation für Immobilienverw...Pressebericht: DOMUS NAVI / Kommunikation und Organisation für Immobilienverw...
Pressebericht: DOMUS NAVI / Kommunikation und Organisation für Immobilienverw...DOMUS Software AG
 
SASTRERIA BARCELONA TERNOS A LA MEDIDA
SASTRERIA BARCELONA TERNOS A LA MEDIDASASTRERIA BARCELONA TERNOS A LA MEDIDA
SASTRERIA BARCELONA TERNOS A LA MEDIDAalvisegperu
 

Destacado (14)

Jornada anual con clientes en Vigo 25/04/2012
Jornada anual con clientes en Vigo 25/04/2012Jornada anual con clientes en Vigo 25/04/2012
Jornada anual con clientes en Vigo 25/04/2012
 
RSE GUIA DE IMPLEMENTACIÒN PARA PYMES
RSE GUIA DE IMPLEMENTACIÒN PARA PYMESRSE GUIA DE IMPLEMENTACIÒN PARA PYMES
RSE GUIA DE IMPLEMENTACIÒN PARA PYMES
 
27 04 15_guia_exprese_dmj
27 04 15_guia_exprese_dmj27 04 15_guia_exprese_dmj
27 04 15_guia_exprese_dmj
 
Enfermera general
Enfermera generalEnfermera general
Enfermera general
 
Desechos peligrosos
Desechos peligrososDesechos peligrosos
Desechos peligrosos
 
Pitufando en valldemossa
Pitufando en valldemossaPitufando en valldemossa
Pitufando en valldemossa
 
III Congreso FEARP (Federación Española de Asociaciones de Rehabilitación Psi...
III Congreso FEARP (Federación Española de Asociaciones de Rehabilitación Psi...III Congreso FEARP (Federación Española de Asociaciones de Rehabilitación Psi...
III Congreso FEARP (Federación Española de Asociaciones de Rehabilitación Psi...
 
Curriculo 11º
Curriculo 11ºCurriculo 11º
Curriculo 11º
 
Diccionario.....
Diccionario.....Diccionario.....
Diccionario.....
 
Curs ubuntu
Curs ubuntuCurs ubuntu
Curs ubuntu
 
Vogue uk march_2016
Vogue uk march_2016Vogue uk march_2016
Vogue uk march_2016
 
AoD Annual Report 2015 - FINAL
AoD Annual Report 2015 - FINALAoD Annual Report 2015 - FINAL
AoD Annual Report 2015 - FINAL
 
Pressebericht: DOMUS NAVI / Kommunikation und Organisation für Immobilienverw...
Pressebericht: DOMUS NAVI / Kommunikation und Organisation für Immobilienverw...Pressebericht: DOMUS NAVI / Kommunikation und Organisation für Immobilienverw...
Pressebericht: DOMUS NAVI / Kommunikation und Organisation für Immobilienverw...
 
SASTRERIA BARCELONA TERNOS A LA MEDIDA
SASTRERIA BARCELONA TERNOS A LA MEDIDASASTRERIA BARCELONA TERNOS A LA MEDIDA
SASTRERIA BARCELONA TERNOS A LA MEDIDA
 

Más de Cédric Hüsler

Experience Manager 6 Developer Features - Highlights
Experience Manager 6 Developer Features - HighlightsExperience Manager 6 Developer Features - Highlights
Experience Manager 6 Developer Features - HighlightsCédric Hüsler
 
Building Content Applications with JCR and OSGi
Building Content Applications with JCR and OSGiBuilding Content Applications with JCR and OSGi
Building Content Applications with JCR and OSGiCédric Hüsler
 
CRX 2 Content Application Platform
CRX 2 Content Application PlatformCRX 2 Content Application Platform
CRX 2 Content Application PlatformCédric Hüsler
 
Day CQ 5.3 WCM - Was ist neu
Day CQ 5.3 WCM - Was ist neuDay CQ 5.3 WCM - Was ist neu
Day CQ 5.3 WCM - Was ist neuCédric Hüsler
 
Blogs, Wikis and Enterprise Social Networking Software
Blogs, Wikis and Enterprise Social Networking SoftwareBlogs, Wikis and Enterprise Social Networking Software
Blogs, Wikis and Enterprise Social Networking SoftwareCédric Hüsler
 
New recipes for the ever growing content cloud
New recipes for the ever growing content cloudNew recipes for the ever growing content cloud
New recipes for the ever growing content cloudCédric Hüsler
 
Cloud Based Content Services
Cloud Based Content ServicesCloud Based Content Services
Cloud Based Content ServicesCédric Hüsler
 
Data First in Cloud Persistence
Data First in Cloud PersistenceData First in Cloud Persistence
Data First in Cloud PersistenceCédric Hüsler
 
CMIS PlugFest (April 2009) Screenshots
CMIS PlugFest (April 2009) ScreenshotsCMIS PlugFest (April 2009) Screenshots
CMIS PlugFest (April 2009) ScreenshotsCédric Hüsler
 
Imagine you blog & everybody is reading!
Imagine you blog & everybody is reading!Imagine you blog & everybody is reading!
Imagine you blog & everybody is reading!Cédric Hüsler
 
OpenID and SocialGraph/Apps
OpenID and SocialGraph/AppsOpenID and SocialGraph/Apps
OpenID and SocialGraph/AppsCédric Hüsler
 
Dataportability & Digital Identity
Dataportability & Digital IdentityDataportability & Digital Identity
Dataportability & Digital IdentityCédric Hüsler
 
Autos in Zeitung publizieren
Autos in Zeitung publizierenAutos in Zeitung publizieren
Autos in Zeitung publizierenCédric Hüsler
 
Geoweb - because location matters
Geoweb - because location mattersGeoweb - because location matters
Geoweb - because location mattersCédric Hüsler
 

Más de Cédric Hüsler (16)

Experience Manager 6 Developer Features - Highlights
Experience Manager 6 Developer Features - HighlightsExperience Manager 6 Developer Features - Highlights
Experience Manager 6 Developer Features - Highlights
 
Building Content Applications with JCR and OSGi
Building Content Applications with JCR and OSGiBuilding Content Applications with JCR and OSGi
Building Content Applications with JCR and OSGi
 
CRX 2 Content Application Platform
CRX 2 Content Application PlatformCRX 2 Content Application Platform
CRX 2 Content Application Platform
 
Day CQ 5.3 WCM - Was ist neu
Day CQ 5.3 WCM - Was ist neuDay CQ 5.3 WCM - Was ist neu
Day CQ 5.3 WCM - Was ist neu
 
Blogs, Wikis and Enterprise Social Networking Software
Blogs, Wikis and Enterprise Social Networking SoftwareBlogs, Wikis and Enterprise Social Networking Software
Blogs, Wikis and Enterprise Social Networking Software
 
New recipes for the ever growing content cloud
New recipes for the ever growing content cloudNew recipes for the ever growing content cloud
New recipes for the ever growing content cloud
 
The 8 Don'ts of WCM
The 8 Don'ts of WCMThe 8 Don'ts of WCM
The 8 Don'ts of WCM
 
Cloud Based Content Services
Cloud Based Content ServicesCloud Based Content Services
Cloud Based Content Services
 
Data First in Cloud Persistence
Data First in Cloud PersistenceData First in Cloud Persistence
Data First in Cloud Persistence
 
CMIS PlugFest (April 2009) Screenshots
CMIS PlugFest (April 2009) ScreenshotsCMIS PlugFest (April 2009) Screenshots
CMIS PlugFest (April 2009) Screenshots
 
Day CRX Introduction
Day CRX IntroductionDay CRX Introduction
Day CRX Introduction
 
Imagine you blog & everybody is reading!
Imagine you blog & everybody is reading!Imagine you blog & everybody is reading!
Imagine you blog & everybody is reading!
 
OpenID and SocialGraph/Apps
OpenID and SocialGraph/AppsOpenID and SocialGraph/Apps
OpenID and SocialGraph/Apps
 
Dataportability & Digital Identity
Dataportability & Digital IdentityDataportability & Digital Identity
Dataportability & Digital Identity
 
Autos in Zeitung publizieren
Autos in Zeitung publizierenAutos in Zeitung publizieren
Autos in Zeitung publizieren
 
Geoweb - because location matters
Geoweb - because location mattersGeoweb - because location matters
Geoweb - because location matters
 

Último

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024SynarionITSolutions
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 

Último (20)

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 

OpenID Authentication

  • 1. Distributed SSO Cédric Hüsler CTO local.ch Google TechTalk Zürich - April 2007
  • 2. Quick Poll Who always use the same PW for every new account on a new site? Who has a blog? Who has an OpenID?
  • 3. BA BA SII SC CS prove you are really who you suppose to be S Authentication Username & Password Challenge-response Public-Private Key vs. what are you allowed to do Authorization ACL (Access Control List) RBAC (Role-based Access Control)
  • 4. BA BA SIIC S CS ability to uniquely identify yourself S Identity Your Name AHV-Nr / SSN Fingerprint vs. ability to control what others know about you Privacy Can you keep a secret? Virtualization Opt-in
  • 5. BA BA SII SC CS how much can I depend on you? S trust vs. control how much information am I going to give?
  • 6. BA BA SII SC CS S SSO Single-Sign-On   using the same automatic credentials to access authentication beyond multiple services session and service
  • 7. = Authentication Delegation = Identity Manager = Open API ≠ Authentication ≠ Trust
  • 8. Use a URL as user name! I own the domain: keepthebyte.ch - why not using it as user name?
  • 10. Login Process Overview Download at http://www.flickr.com/photos/keepthebyte/347821691/
  • 11. ...with trusted site auto login on the identity provider
  • 12. HTTP Level - Part 1/3 User Agent <> RP GET: %site%/login.html POST: %site%/login with OpenID RP <> IdP GET: openid url mime:application/xrds+xml (Yadis Discovery) ?xml version=quot;1.0quot; encoding=quot;UTF-8quot;? xrds:XRDS xmlns:xrds=quot;xri://$xrdsquot; xmlns:openid=quot;http://openid.net/xmlns/1.0quot; xmlns=quot;xri://$xrd*($v*2.0)quot; XRD Service priority=quot;0quot; Typehttp://openid.net/signon/1.0/Type Typehttp://openid.net/sreg/1.0/Type URIhttp://www.myopenid.com/server/URI openid:Delegatehttp://keepthebyte.myopenid.com//openid:Delegate /Service /XRD /xrds:XRDS Fallback: GET: openid url mime:*/*
  • 13. HTTP Level - Part 2/3 RP IdP (continued) ASSOCIATE REQUEST openid.dh_gen=Ag%3D%3D openid.session_type=DH-SHA1 openid.mode=associate openid.assoc_type=HMAC-SHA1 openid.dh_consumer_public=AMEJSFuaf%2Fi73z6uGonyKZUoIJQyI7PWSZJZBhACK8qQ48%2FIkplhKv%2BajPhSiNXz43%2Bb7nO% 2FyL86LQNlzNM3rFSP7nfAVoDZXUPyuQeacsCqg8vliMwTJUzu9MecZz4ngCgNLk8tOkBazhGJ7%2BCnx1g53dUVGvvV0LHMMMjUQMSo openid.dh_modulus=ANz5OguIOXLsDhmYmsWizjEOHTdxfo2Vcbt2I3MYZuYe91ouJ4mLBX% 2BYkcLiemOcPym2CBRYHNOyyjmG0mg3BVd9RcLn5S3IHHoXGHblzqdLFEi%2F368Ygo79JRnxTkXjgmY0rxlJ5bU1zIKaSDuKdiI% 2BXUkKJX8Fvf8W8vsixYOr ASSOCIATE RESPONSE assoc_type:HMAC-SHA1 assoc_handle:netmesh-u-1168177185-50172100 expires_in:2592000 session_type:DH-SHA1 dh_server_public:AIAkjwdpUn1lCHyQEzstI40wSnbsznGV/t+AepW/he/ChsS2N2WF9DTIpNyLtGBTECmF6w/ +DgtcjfVrujm1Z26CJBuwtDbJyL3rUCsqzn55RVCcM6QmBnRBD8q/5hbcI6jiBC9Nc78NfQywGE7YG3BCZZiT3Vz1etJAcRgPgUxJ enc_mac_key:eljydY56tUILU75CjytBwNF3Ec4=
  • 14. HTTP Level - Part 3/3 User Agent RP REDIRECT TO IdP http://mylid.net/keepthebyte? openid.mode=checkid_setup openid.return_to=http%3A%2F%2Flocalhost%3A3000%2Fauth%2Fcomplete%3Fnonce%3DQ5CG5Hfk openid.trust_root=http%3A%2F%2Flocalhost%3A3000%2Fauth openid.identity=http%3A%2F%2Fmylid.net%2Fkeepthebyte openid.assoc_handle=netmesh-u-1168177185-50172100 User Agent IdP DO THE LOGIN (not part of the OpenID spec) REDIRECT TO RP http://localhost:3000/auth/complete? nonce=Q5CG5Hfk openid.mode=id_res openid.identity=http%3A%2F%2Fmylid.net%2Fkeepthebyte openid.return_to=http%3A%2F%2Flocalhost%3A3000%2Fauth%2Fcomplete%3Fnonce%3DQ5CG5Hfk openid.assoc_handle=netmesh-u-1168177185-50172100 openid.signed=mode,identity,return_to,assoc_handle openid.sig=c55qNAPI58pfRBDkVlRc5dbvnyU%3D
  • 15. Delegated Authentication My original OpenID: 1 keepthebyte.myopenid.com Add these lines to the root HTML document of the domain “keepthebyte.ch”: 2 link rel=quot;openid.serverquot; href=quot;http://www.myopenid.com/serverquot; / link rel=quot;openid.delegatequot; href=quot;http://keepthebyte.myopenid.comquot; / meta http-equiv=quot;X-XRDS-Locationquot; content=quot;http://keepthebyte.myopenid.com/xrdsquot; / Now I can use my domain as my OpenID: 3 keepthebyte.ch
  • 16. ... Immediate Mode - “AJAX” Ask an IdP if a End User owns the Claimed Identifier, getting back an immediate quot;yesquot; or quot;can't sayquot; answer.
  • 17. ...Stateless (Dump Mode) Not recommended due Security Issue - Replay Attack - use SSL!
  • 18. Extension: Simple Registration Make OpenID more useful - Extension of OpenID 1.1 - Part of OpenID 2.0 (Attribute Exchange) Manage personal profile centrally on the Identity Provider Control what profile properties are allowed to be share with the site you like to login Screenshots from http://www.myopenid.com
  • 19. Extension: E-Mail as OpenID PR PR O O PO PO SA SA L!! L Make OpenID easier: URL 0 vs. Email 1 Proposal for OpenID 2.0 Enter Email in OpenID field: 1 keepthebyte@myopenid.com 2 Read the transformation template from the XRDS document Converted to URL before authentication: 3 keepthebyte.myopenid.com Spec: http://www.sappenin.com/openid/ext/oet/openid-email-transform-extension-1_0.html
  • 20. Integration: Browser Make OpenID easier to use! Prevent Phishing! Firefox Add-ons: - Appalachian Download: http://simile.mit.edu/wiki/Appalachian - VeriSign’s OpenID Seatbelt On the roadmap for Firefox 3.0
  • 21. Integration: ??? H H YP YP E? E? Blog URL is the OpenID Microsoft announced it will integrate OpenID in CardSpace (WS-*) AOL provide an OpenID for all its users Web 2.0 Sites: Technorati, Ma.gnolia, Opinity, netvibes, Digg (soon) CMS/Blogs/Wiki: Wordpress, Drupal, MovableType, MediaWiki, phpbb
  • 22. Your action is required! READ The OpenID Case - in 4-pages by Kaliya Hamlin www.kaliyasblogs.net/IdentityWebExpo.pdf Specification at openid.net Open Source Libraries for PHP, Ruby, Java... openid.net/wiki/index.php/Libraries PLAY OpenID Providers - MyOpenID.com - VeriSign PIP Y - idproxy.net (with Yahoo Auth) TR - List: openid.net/wiki/index.php/OpenIDServers A IT E IV G
  • 23. it? ot G That’s it Slides on: keepthebyte.ch Links on: del.icio.us/keepthebyte/openid