SlideShare una empresa de Scribd logo

Distributed Identity via OpenID

David Rogers
David Rogers

The document discusses distributed identity and OpenID as a solution. It begins by defining digital identity and distinguishing it from authentication. It then describes the standard authentication process on the web. The document proposes using identity federation via OpenID as a way to simplify authentication by allowing users to log in using an existing identity from another site rather than having to create new accounts. It provides code examples of implementing OpenID login with Ruby on Rails.

TecnologíaDiseño
1 de 28
Descargar para leer sin conexión
OPENID AND THE CASE OF DISTRIBUTED IDENTITY EXPLORING THE PROBLEM OF DISTRIBUTED IDENTITY AND OFFERING SOME SOLUTIONS 1
WHAT ARE WE TALKING ABOUT? IDENTITY === AUTHENTICATION ? DIGITAL IDENTITY REFERS TO THE ASPECT OF DIGITAL TECHNOLOGY THAT IS CONCERNED WITH THE MEDIATION OF PEOPLE'S EXPERIENCE OF THEIR OWN IDENTITY AND THE IDENTITY OF OTHER PEOPLE AND THINGS. “DIGITAL IDENTITY” ALSO HAS ANOTHER COMMON USAGE AS THE DIGITAL REPRESENTATION OF A SET OF CLAIMS MADE BY ONE DIGITAL SUBJECT ABOUT ITSELF OR ANOTHER DIGITAL SUBJECT. IDENTITY == AUTHENTICATION 2
STANDARD AUTHENTICATION 3
STANDARD AUTHENTICATION A “USER” AGENT REQUESTS A “PAGE” RESOURCE 4
STANDARD AUTHENTICATION A “USER” AGENT REQUESTS A “PAGE” RESOURCE IS THE RESOURCE REQUESTED PUBLIC? 4
STANDARD AUTHENTICATION A “USER” AGENT REQUESTS A “PAGE” RESOURCE IS THE RESOURCE REQUESTED PUBLIC? IF NOT, IS THE REQUESTING AGENT AUTHENTICATED? 4
STANDARD AUTHENTICATION A “USER” AGENT REQUESTS A “PAGE” RESOURCE IS THE RESOURCE REQUESTED PUBLIC? IF NOT, IS THE REQUESTING AGENT AUTHENTICATED? IF NOT, IS THE REQUESTING AGENT REGISTERED? 4
STANDARD AUTHENTICATION IF “USER” IS REGISTERED BUT NOT AUTHENTICATED, THEN PRESENT THE “LOGIN” FORM... 5
STANDARD AUTHENTICATION IF “USER” IS REGISTERED BUT NOT AUTHENTICATED, THEN PRESENT THE “LOGIN” FORM... IF “USER” IS NEITHER AUTHENTICATED NOR REGISTERED, THEN PRESENT THE “REGISTRATION” FORM... 5
STANDARD AUTHENTICATION IF “USER” IS REGISTERED BUT NOT AUTHENTICATED, THEN PRESENT THE “LOGIN” FORM... IF “USER” IS NEITHER AUTHENTICATED NOR REGISTERED, THEN PRESENT THE “REGISTRATION” FORM... SIMILAR PROCESSING; SUCCESS RETURNS TO THE ORIGINAL REQUEST. 5
STANDARD AUTHENTICATION INPUT FILTERING TO COMBAT SCRIPT INJECTION 6
STANDARD AUTHENTICATION INPUT FILTERING TO COMBAT SCRIPT INJECTION UNIQUENESS OF LOCAL IDENTITY 6
STANDARD AUTHENTICATION INPUT FILTERING TO COMBAT SCRIPT INJECTION UNIQUENESS OF LOCAL IDENTITY CREDENTIAL SECURITY PASSWORD STRENGTH 6
STANDARD AUTHENTICATION INPUT FILTERING TO COMBAT SCRIPT INJECTION UNIQUENESS OF LOCAL IDENTITY CREDENTIAL SECURITY PASSWORD STRENGTH DATA STORE 6
STANDARD AUTHENTICATION INPUT FILTERING TO COMBAT SCRIPT ! !! INJECTION C UNIQUENESS OF LOCAL A HE S D IDENTITY H E A CREDENTIAL SECURITY PASSWORD STRENGTH DATA STORE 6
REP ETIT STANDARD AUTHENTICATION INPUT FILTERING TO ION !!! COMBAT SCRIPT ! !! INJECTION C UNIQUENESS OF LOCAL A HE S D IDENTITY H E A CREDENTIAL SECURITY PASSWORD STRENGTH DATA STORE 6
REP ETIT STANDARD AUTHENTICATION INPUT FILTERING TO ION !!! COMBAT SCRIPT ! !! INJECTION C UNIQUENESS OF LOCAL A HE S D IDENTITY A H E FAIL!!! CREDENTIAL SECURITY PASSWORD STRENGTH DATA STORE 6
INT RODUCI NG ! IDENTITY FEDERATION WHY CAN’T SOMEBODY ELSE DO ALL THIS FOR ME? BUT T NE W ! NO IM P R OVED 7
FEDERATED IDENTITY HOW THIS IS SUPPOSED TO WORK... 8
FEDERATED IDENTITY HOW THIS IS SUPPOSED TO WORK... 8
FEDERATION VIA OPENID 9
THAT SEEMS EASY... EVEN EASIER WITH EXISTING LIBRARIES: ZEND_OPENID FOR PHP5 RUBY-OPENID FOR RUBY NET::OPENID FOR PERL MOD_AUTH_OPENID FOR APACHE2 OPENID4JAVA FOR JAVA CHECK THE OPENID.NET WIKI FOR MORE...! 10
LET’S TRY IT OUT! views/openid/new.html.erb: $> openid_consumer defgem install ruby-openid complete create <html> $> Get the=OpenID parameter home_url # @openid_consumer.blank? ifscript/generate controller openid new create completequot;indexquot; url_for :controller => quot;openidquot;, :action => openid_consumer openid_url = params[:openid_url] complete_url = url_for :controller => quot;openidquot;, :action => quot;completequot; @openid_consumer = <head> OpenID::Consumer.new(session, <title>Log in with OpenID</title> openid_response = something # Make sure we gotopenid_consumer.complete(params, complete_url) </head>OpenID::Store::Filesystem.new(quot;#{RAILS_ROOT}/tmp/openidquot;)) if <body> endopenid_url.blank? session[:openid]=flash[:error].blank? %> try againquot; flash[:error] =quot;No OpenID was entered; <% if not openid_response.identity_url flash[:error] :back flash[:error] -%></b></p> return @openid_consumer redirect_to = quot;You have been logged in as '#{session[:openid]}'quot; <p><b><%= endreturn end %> redirect_to :action => quot;newquot; <% return end { } end <% form_tag quot;/openid/createquot; do %> # Get an OpenID response <%= text_field_tag quot;openid_urlquot; %> openid_response = openid_consumer.begin openid_url <%= submit_tag quot;Log in with OpenIDquot; %> <% end %> home_url = url_for :controller => quot;openidquot;, :action => quot;indexquot; </body> </html> complete_url = url_for :controller => quot;openidquot;, :action => quot;completequot; openid_redirect_url = openid_response.redirect_url(home_url, complete_url) redirect_to openid_redirect_url return end HTTP://WWW.LINUXJOURNAL.COM/ARTICLE/10104 11
LET’S TRY IT OUT! views/openid/new.html.erb: $> openid_consumer defgem install ruby-openid complete create <html> $> Get the=OpenID parameter home_url # @openid_consumer.blank? ifscript/generate controller openid new create completequot;indexquot; url_for :controller => quot;openidquot;, :action => openid_consumer openid_url = params[:openid_url] complete_url = url_for :controller => quot;openidquot;, :action => quot;completequot; @openid_consumer = <head> OpenID::Consumer.new(session, <title>Log in with OpenID</title> openid_response = something # Make sure we gotopenid_consumer.complete(params, complete_url) </head>OpenID::Store::Filesystem.new(quot;#{RAILS_ROOT}/tmp/openidquot;)) if <body> endopenid_url.blank? session[:openid]=flash[:error].blank? %> try againquot; flash[:error] =quot;No OpenID was entered; <% if not openid_response.identity_url flash[:error] :back flash[:error] -%></b></p> return @openid_consumer redirect_to = quot;You have been logged in as '#{session[:openid]}'quot; <p><b><%= endreturn end %> redirect_to :action => quot;newquot; <% return end { } end <% form_tag quot;/openid/createquot; do %> # Get an OpenID response <%= text_field_tag quot;openid_urlquot; %> openid_response = openid_consumer.begin openid_url <%= submit_tag quot;Log in with OpenIDquot; %> <% end %> home_url = url_for :controller => quot;openidquot;, :action => quot;indexquot; </body> </html> complete_url = url_for :controller => quot;openidquot;, :action => quot;completequot; openid_redirect_url = openid_response.redirect_url(home_url, complete_url) redirect_to openid_redirect_url return end HTTP://WWW.LINUXJOURNAL.COM/ARTICLE/10104 11
LET’S TRY IT OUT! views/openid/new.html.erb: $> openid_consumer defgem install ruby-openid complete create <html> $> Get the=OpenID parameter home_url # @openid_consumer.blank? ifscript/generate controller openid new create completequot;indexquot; url_for :controller => quot;openidquot;, :action => openid_consumer openid_url = params[:openid_url] complete_url = url_for :controller => quot;openidquot;, :action => quot;completequot; @openid_consumer = <head> OpenID::Consumer.new(session, <title>Log in with OpenID</title> openid_response = something # Make sure we gotopenid_consumer.complete(params, complete_url) </head>OpenID::Store::Filesystem.new(quot;#{RAILS_ROOT}/tmp/openidquot;)) if <body> endopenid_url.blank? session[:openid]=flash[:error].blank? %> try againquot; flash[:error] =quot;No OpenID was entered; <% if not openid_response.identity_url flash[:error] :back flash[:error] -%></b></p> return @openid_consumer redirect_to = quot;You have been logged in as '#{session[:openid]}'quot; <p><b><%= endreturn end %> redirect_to :action => quot;newquot; <% return end { } end <% form_tag quot;/openid/createquot; do %> # Get an OpenID response <%= text_field_tag quot;openid_urlquot; %> openid_response = openid_consumer.begin openid_url <%= submit_tag quot;Log in with OpenIDquot; %> <% end %> home_url = url_for :controller => quot;openidquot;, :action => quot;indexquot; </body> </html> complete_url = url_for :controller => quot;openidquot;, :action => quot;completequot; openid_redirect_url = openid_response.redirect_url(home_url, complete_url) redirect_to openid_redirect_url return end HTTP://WWW.LINUXJOURNAL.COM/ARTICLE/10104 11
LET’S TRY IT OUT! views/openid/new.html.erb: $> openid_consumer defgem install ruby-openid complete create <html> $> Get the=OpenID parameter home_url # @openid_consumer.blank? ifscript/generate controller openid new create completequot;indexquot; url_for :controller => quot;openidquot;, :action => openid_consumer openid_url = params[:openid_url] complete_url = url_for :controller => quot;openidquot;, :action => quot;completequot; @openid_consumer = <head> OpenID::Consumer.new(session, <title>Log in with OpenID</title> openid_response = something # Make sure we gotopenid_consumer.complete(params, complete_url) </head>OpenID::Store::Filesystem.new(quot;#{RAILS_ROOT}/tmp/openidquot;)) if <body> endopenid_url.blank? session[:openid]=flash[:error].blank? %> try againquot; flash[:error] =quot;No OpenID was entered; <% if not openid_response.identity_url flash[:error] :back flash[:error] -%></b></p> return @openid_consumer redirect_to = quot;You have been logged in as '#{session[:openid]}'quot; <p><b><%= endreturn end %> redirect_to :action => quot;newquot; <% return end { } end <% form_tag quot;/openid/createquot; do %> # Get an OpenID response <%= text_field_tag quot;openid_urlquot; %> openid_response = openid_consumer.begin openid_url <%= submit_tag quot;Log in with OpenIDquot; %> <% end %> home_url = url_for :controller => quot;openidquot;, :action => quot;indexquot; </body> </html> complete_url = url_for :controller => quot;openidquot;, :action => quot;completequot; openid_redirect_url = openid_response.redirect_url(home_url, complete_url) redirect_to openid_redirect_url return end HTTP://WWW.LINUXJOURNAL.COM/ARTICLE/10104 11
LET’S TRY IT OUT! views/openid/new.html.erb: $> openid_consumer defgem install ruby-openid complete create <html> $> Get the=OpenID parameter home_url # @openid_consumer.blank? ifscript/generate controller openid new create completequot;indexquot; url_for :controller => quot;openidquot;, :action => openid_consumer openid_url = params[:openid_url] complete_url = url_for :controller => quot;openidquot;, :action => quot;completequot; @openid_consumer = <head> OpenID::Consumer.new(session, <title>Log in with OpenID</title> openid_response = something # Make sure we gotopenid_consumer.complete(params, complete_url) </head>OpenID::Store::Filesystem.new(quot;#{RAILS_ROOT}/tmp/openidquot;)) if <body> endopenid_url.blank? session[:openid]=flash[:error].blank? %> try againquot; flash[:error] =quot;No OpenID was entered; <% if not openid_response.identity_url flash[:error] :back flash[:error] -%></b></p> return @openid_consumer redirect_to = quot;You have been logged in as '#{session[:openid]}'quot; <p><b><%= endreturn end %> redirect_to :action => quot;newquot; <% return end { } end <% form_tag quot;/openid/createquot; do %> # Get an OpenID response <%= text_field_tag quot;openid_urlquot; %> openid_response = openid_consumer.begin openid_url <%= submit_tag quot;Log in with OpenIDquot; %> <% end %> home_url = url_for :controller => quot;openidquot;, :action => quot;indexquot; </body> </html> complete_url = url_for :controller => quot;openidquot;, :action => quot;completequot; openid_redirect_url = openid_response.redirect_url(home_url, complete_url) redirect_to openid_redirect_url return end HTTP://WWW.LINUXJOURNAL.COM/ARTICLE/10104 11
TRANSMISSION COMPLETE SOURCES AVAILABLE ON DEL.ICIO.US 12

Recomendados

Front End on Rails
Front End on RailsFront End on Rails
Front End on RailsJustin Halsall
 
Pervasive 2011 Talk on Situated Glyphs
Pervasive 2011 Talk on Situated GlyphsPervasive 2011 Talk on Situated Glyphs
Pervasive 2011 Talk on Situated GlyphsFahim Kawsar
 
Andela.php
Andela.phpAndela.php
Andela.phpwahdan131213
 
Questioning the status quo
Questioning the status quoQuestioning the status quo
Questioning the status quoIvano Pagano
 
Static Analysis and AST Transformations
Static Analysis and AST TransformationsStatic Analysis and AST Transformations
Static Analysis and AST TransformationsHamletDRC
 
View source epaper.sakshi
View source epaper.sakshiView source epaper.sakshi
View source epaper.sakshiDiwakara Reddy
 
2012 Enterprise Single Sign-On (IBM vs CA)
2012 Enterprise Single Sign-On (IBM vs CA)2012 Enterprise Single Sign-On (IBM vs CA)
2012 Enterprise Single Sign-On (IBM vs CA)Szymon Dowgwillowicz-Nowicki
 
Dcn data link_layer
Dcn data link_layerDcn data link_layer
Dcn data link_layermangal das
 

Recomendados

Front End on Rails
Front End on RailsFront End on Rails
Front End on RailsJustin Halsall
 
Pervasive 2011 Talk on Situated Glyphs
Pervasive 2011 Talk on Situated GlyphsPervasive 2011 Talk on Situated Glyphs
Pervasive 2011 Talk on Situated GlyphsFahim Kawsar
 
Andela.php
Andela.phpAndela.php
Andela.phpwahdan131213
 
Questioning the status quo
Questioning the status quoQuestioning the status quo
Questioning the status quoIvano Pagano
 
Static Analysis and AST Transformations
Static Analysis and AST TransformationsStatic Analysis and AST Transformations
Static Analysis and AST TransformationsHamletDRC
 
View source epaper.sakshi
View source epaper.sakshiView source epaper.sakshi
View source epaper.sakshiDiwakara Reddy
 
2012 Enterprise Single Sign-On (IBM vs CA)
2012 Enterprise Single Sign-On (IBM vs CA)2012 Enterprise Single Sign-On (IBM vs CA)
2012 Enterprise Single Sign-On (IBM vs CA)Szymon Dowgwillowicz-Nowicki
 
Dcn data link_layer
Dcn data link_layerDcn data link_layer
Dcn data link_layermangal das
 
OpenID Overview - Seoul July 2007
OpenID Overview - Seoul July 2007OpenID Overview - Seoul July 2007
OpenID Overview - Seoul July 2007David Recordon
 
OSI Layer Security
OSI Layer SecurityOSI Layer Security
OSI Layer SecurityNurkholish Halim
 
OpenID vs OAuth - Identity on the Web
OpenID vs OAuth - Identity on the WebOpenID vs OAuth - Identity on the Web
OpenID vs OAuth - Identity on the WebRichard Metzler
 
Ccn unit-2- data link layer by prof.suresha v
Ccn unit-2- data link layer by prof.suresha vCcn unit-2- data link layer by prof.suresha v
Ccn unit-2- data link layer by prof.suresha vSURESHA V
 
OpenID Authentication by example
OpenID Authentication by exampleOpenID Authentication by example
OpenID Authentication by exampleChris Vertonghen
 
Single sign on using SAML
Single sign on using SAML Single sign on using SAML
Single sign on using SAML Programming Talents
 
Kerberos Authentication Protocol
Kerberos Authentication ProtocolKerberos Authentication Protocol
Kerberos Authentication ProtocolBibek Subedi
 
Kerberos
KerberosKerberos
KerberosSudeep Shouche
 
Kerberos : An Authentication Application
Kerberos : An Authentication ApplicationKerberos : An Authentication Application
Kerberos : An Authentication ApplicationVidulatiwari
 
Biometric Security advantages and disadvantages
Biometric Security advantages and disadvantagesBiometric Security advantages and disadvantages
Biometric Security advantages and disadvantagesPrabh Jeet
 
security in transport layer ssl
security in transport layer ssl security in transport layer ssl
security in transport layer sslSTUDENT
 
Network security
Network securityNetwork security
Network securityGichelle Amon
 
Biometric's final ppt
Biometric's final pptBiometric's final ppt
Biometric's final pptAnkita Vanage
 
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-onFast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-onCraig Dickson
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 
Securing the Web without site-specific passwords
Securing the Web without site-specific passwordsSecuring the Web without site-specific passwords
Securing the Web without site-specific passwordsFrancois Marier
 
iOS Provisioning : Running your app in an iOS device
iOS Provisioning : Running your app in an iOS deviceiOS Provisioning : Running your app in an iOS device
iOS Provisioning : Running your app in an iOS deviceMadusha Perera
 
4 GDPR Hacks to Mitigate Breach Risks Post GDPR
4 GDPR Hacks to Mitigate Breach Risks Post GDPR4 GDPR Hacks to Mitigate Breach Risks Post GDPR
4 GDPR Hacks to Mitigate Breach Risks Post GDPRTransUnion
 
Get cfml Into the Box 2018
Get cfml Into the Box 2018Get cfml Into the Box 2018
Get cfml Into the Box 2018Ortus Solutions, Corp
 
Your code are my tests
Your code are my testsYour code are my tests
Your code are my testsMichelangelo van Dam
 
resolvendo problemas de comunicação em equipes distribuídas com bdd
resolvendo problemas de comunicação em equipes distribuídas com bddresolvendo problemas de comunicação em equipes distribuídas com bdd
resolvendo problemas de comunicação em equipes distribuídas com bddRodrigo Urubatan
 
Automate iOS Deployment with Hamper and Schezhen
Automate iOS Deployment with Hamper and SchezhenAutomate iOS Deployment with Hamper and Schezhen
Automate iOS Deployment with Hamper and SchezhenKiran Panesar
 

Más contenido relacionado

Destacado

OpenID Overview - Seoul July 2007
OpenID Overview - Seoul July 2007OpenID Overview - Seoul July 2007
OpenID Overview - Seoul July 2007David Recordon
 
OpenID vs OAuth - Identity on the Web
OpenID vs OAuth - Identity on the WebOpenID vs OAuth - Identity on the Web
OpenID vs OAuth - Identity on the WebRichard Metzler
 
Ccn unit-2- data link layer by prof.suresha v
Ccn unit-2- data link layer by prof.suresha vCcn unit-2- data link layer by prof.suresha v
Ccn unit-2- data link layer by prof.suresha vSURESHA V
 
OpenID Authentication by example
OpenID Authentication by exampleOpenID Authentication by example
OpenID Authentication by exampleChris Vertonghen
 
Kerberos Authentication Protocol
Kerberos Authentication ProtocolKerberos Authentication Protocol
Kerberos Authentication ProtocolBibek Subedi
 
Kerberos : An Authentication Application
Kerberos : An Authentication ApplicationKerberos : An Authentication Application
Kerberos : An Authentication ApplicationVidulatiwari
 
Biometric Security advantages and disadvantages
Biometric Security advantages and disadvantagesBiometric Security advantages and disadvantages
Biometric Security advantages and disadvantagesPrabh Jeet
 
security in transport layer ssl
security in transport layer ssl security in transport layer ssl
security in transport layer sslSTUDENT
 
Biometric's final ppt
Biometric's final pptBiometric's final ppt
Biometric's final pptAnkita Vanage
 
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-onFast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-onCraig Dickson
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 

Destacado (15)

OpenID Overview - Seoul July 2007
OpenID Overview - Seoul July 2007OpenID Overview - Seoul July 2007
OpenID Overview - Seoul July 2007
 
OSI Layer Security
OSI Layer SecurityOSI Layer Security
OSI Layer Security
 
OpenID vs OAuth - Identity on the Web
OpenID vs OAuth - Identity on the WebOpenID vs OAuth - Identity on the Web
OpenID vs OAuth - Identity on the Web
 
Ccn unit-2- data link layer by prof.suresha v
Ccn unit-2- data link layer by prof.suresha vCcn unit-2- data link layer by prof.suresha v
Ccn unit-2- data link layer by prof.suresha v
 
OpenID Authentication by example
OpenID Authentication by exampleOpenID Authentication by example
OpenID Authentication by example
 
Single sign on using SAML
Single sign on using SAML Single sign on using SAML
Single sign on using SAML
 
Kerberos Authentication Protocol
Kerberos Authentication ProtocolKerberos Authentication Protocol
Kerberos Authentication Protocol
 
Kerberos
KerberosKerberos
Kerberos
 
Kerberos : An Authentication Application
Kerberos : An Authentication ApplicationKerberos : An Authentication Application
Kerberos : An Authentication Application
 
Biometric Security advantages and disadvantages
Biometric Security advantages and disadvantagesBiometric Security advantages and disadvantages
Biometric Security advantages and disadvantages
 
security in transport layer ssl
security in transport layer ssl security in transport layer ssl
security in transport layer ssl
 
Network security
Network securityNetwork security
Network security
 
Biometric's final ppt
Biometric's final pptBiometric's final ppt
Biometric's final ppt
 
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-onFast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
 

Similar a Distributed Identity via OpenID

Securing the Web without site-specific passwords
Securing the Web without site-specific passwordsSecuring the Web without site-specific passwords
Securing the Web without site-specific passwordsFrancois Marier
 
iOS Provisioning : Running your app in an iOS device
iOS Provisioning : Running your app in an iOS deviceiOS Provisioning : Running your app in an iOS device
iOS Provisioning : Running your app in an iOS deviceMadusha Perera
 
4 GDPR Hacks to Mitigate Breach Risks Post GDPR
4 GDPR Hacks to Mitigate Breach Risks Post GDPR4 GDPR Hacks to Mitigate Breach Risks Post GDPR
4 GDPR Hacks to Mitigate Breach Risks Post GDPRTransUnion
 
resolvendo problemas de comunicação em equipes distribuídas com bdd
resolvendo problemas de comunicação em equipes distribuídas com bddresolvendo problemas de comunicação em equipes distribuídas com bdd
resolvendo problemas de comunicação em equipes distribuídas com bddRodrigo Urubatan
 
Automate iOS Deployment with Hamper and Schezhen
Automate iOS Deployment with Hamper and SchezhenAutomate iOS Deployment with Hamper and Schezhen
Automate iOS Deployment with Hamper and SchezhenKiran Panesar
 
RefCard RESTful API Design
RefCard RESTful API DesignRefCard RESTful API Design
RefCard RESTful API DesignOCTO Technology
 
Make Everyone a Tester: Natural Language Acceptance Testing
Make Everyone a Tester: Natural Language Acceptance TestingMake Everyone a Tester: Natural Language Acceptance Testing
Make Everyone a Tester: Natural Language Acceptance TestingViget Labs
 
OpenID Connect 101 @ OpenID TechNight vol.11
OpenID Connect 101 @ OpenID TechNight vol.11OpenID Connect 101 @ OpenID TechNight vol.11
OpenID Connect 101 @ OpenID TechNight vol.11Nov Matake
 
Privacy in Social Network Sites
Privacy in Social Network SitesPrivacy in Social Network Sites
Privacy in Social Network Sitesdariphagen
 
OpenID Tutorials
OpenID TutorialsOpenID Tutorials
OpenID TutorialsNao Haida
 
Ruby on Rails For Java Programmers
Ruby on Rails For Java ProgrammersRuby on Rails For Java Programmers
Ruby on Rails For Java Programmerselliando dias
 
REST API: A Real Case Scenario
REST API: A Real Case ScenarioREST API: A Real Case Scenario
REST API: A Real Case Scenariociacchi
 
5 Reasons To Love CodeIgniter
5 Reasons To Love CodeIgniter5 Reasons To Love CodeIgniter
5 Reasons To Love CodeIgniternicdev
 
Developing on the aloashbei platform
Developing on the aloashbei platformDeveloping on the aloashbei platform
Developing on the aloashbei platformpycharmer
 
Enterprise Single Sign On
Enterprise Single Sign On Enterprise Single Sign On
Enterprise Single Sign On WSO2
 
How OAuth and portable data can revolutionize your web app - Chris Messina
How OAuth and portable data can revolutionize your web app - Chris MessinaHow OAuth and portable data can revolutionize your web app - Chris Messina
How OAuth and portable data can revolutionize your web app - Chris MessinaCarsonified Team
 
Green Light for the Apps with Calaba.sh - DroidCon Paris 2014
Green Light for the Apps with Calaba.sh - DroidCon Paris 2014Green Light for the Apps with Calaba.sh - DroidCon Paris 2014
Green Light for the Apps with Calaba.sh - DroidCon Paris 2014Jean-Loup Yu
 

Similar a Distributed Identity via OpenID (20)

Securing the Web without site-specific passwords
Securing the Web without site-specific passwordsSecuring the Web without site-specific passwords
Securing the Web without site-specific passwords
 
iOS Provisioning : Running your app in an iOS device
iOS Provisioning : Running your app in an iOS deviceiOS Provisioning : Running your app in an iOS device
iOS Provisioning : Running your app in an iOS device
 
4 GDPR Hacks to Mitigate Breach Risks Post GDPR
4 GDPR Hacks to Mitigate Breach Risks Post GDPR4 GDPR Hacks to Mitigate Breach Risks Post GDPR
4 GDPR Hacks to Mitigate Breach Risks Post GDPR
 
Get cfml Into the Box 2018
Get cfml Into the Box 2018Get cfml Into the Box 2018
Get cfml Into the Box 2018
 
Your code are my tests
Your code are my testsYour code are my tests
Your code are my tests
 
resolvendo problemas de comunicação em equipes distribuídas com bdd
resolvendo problemas de comunicação em equipes distribuídas com bddresolvendo problemas de comunicação em equipes distribuídas com bdd
resolvendo problemas de comunicação em equipes distribuídas com bdd
 
Automate iOS Deployment with Hamper and Schezhen
Automate iOS Deployment with Hamper and SchezhenAutomate iOS Deployment with Hamper and Schezhen
Automate iOS Deployment with Hamper and Schezhen
 
RefCard RESTful API Design
RefCard RESTful API DesignRefCard RESTful API Design
RefCard RESTful API Design
 
Make Everyone a Tester: Natural Language Acceptance Testing
Make Everyone a Tester: Natural Language Acceptance TestingMake Everyone a Tester: Natural Language Acceptance Testing
Make Everyone a Tester: Natural Language Acceptance Testing
 
OpenID Connect 101 @ OpenID TechNight vol.11
OpenID Connect 101 @ OpenID TechNight vol.11OpenID Connect 101 @ OpenID TechNight vol.11
OpenID Connect 101 @ OpenID TechNight vol.11
 
Privacy in Social Network Sites
Privacy in Social Network SitesPrivacy in Social Network Sites
Privacy in Social Network Sites
 
OpenID Tutorials
OpenID TutorialsOpenID Tutorials
OpenID Tutorials
 
Ruby on Rails For Java Programmers
Ruby on Rails For Java ProgrammersRuby on Rails For Java Programmers
Ruby on Rails For Java Programmers
 
REST API: A Real Case Scenario
REST API: A Real Case ScenarioREST API: A Real Case Scenario
REST API: A Real Case Scenario
 
5 Reasons To Love CodeIgniter
5 Reasons To Love CodeIgniter5 Reasons To Love CodeIgniter
5 Reasons To Love CodeIgniter
 
Developing on the aloashbei platform
Developing on the aloashbei platformDeveloping on the aloashbei platform
Developing on the aloashbei platform
 
Enterprise Single Sign On
Enterprise Single Sign On Enterprise Single Sign On
Enterprise Single Sign On
 
OAuth FTW
OAuth FTWOAuth FTW
OAuth FTW
 
How OAuth and portable data can revolutionize your web app - Chris Messina
How OAuth and portable data can revolutionize your web app - Chris MessinaHow OAuth and portable data can revolutionize your web app - Chris Messina
How OAuth and portable data can revolutionize your web app - Chris Messina
 
Green Light for the Apps with Calaba.sh - DroidCon Paris 2014
Green Light for the Apps with Calaba.sh - DroidCon Paris 2014Green Light for the Apps with Calaba.sh - DroidCon Paris 2014
Green Light for the Apps with Calaba.sh - DroidCon Paris 2014
 

Último

Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 

Último (20)

Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 

Distributed Identity via OpenID

  • 1. OPENID AND THE CASE OF DISTRIBUTED IDENTITY EXPLORING THE PROBLEM OF DISTRIBUTED IDENTITY AND OFFERING SOME SOLUTIONS 1
  • 2. WHAT ARE WE TALKING ABOUT? IDENTITY === AUTHENTICATION ? DIGITAL IDENTITY REFERS TO THE ASPECT OF DIGITAL TECHNOLOGY THAT IS CONCERNED WITH THE MEDIATION OF PEOPLE'S EXPERIENCE OF THEIR OWN IDENTITY AND THE IDENTITY OF OTHER PEOPLE AND THINGS. “DIGITAL IDENTITY” ALSO HAS ANOTHER COMMON USAGE AS THE DIGITAL REPRESENTATION OF A SET OF CLAIMS MADE BY ONE DIGITAL SUBJECT ABOUT ITSELF OR ANOTHER DIGITAL SUBJECT. IDENTITY == AUTHENTICATION 2
  • 4. STANDARD AUTHENTICATION A “USER” AGENT REQUESTS A “PAGE” RESOURCE 4
  • 5. STANDARD AUTHENTICATION A “USER” AGENT REQUESTS A “PAGE” RESOURCE IS THE RESOURCE REQUESTED PUBLIC? 4
  • 6. STANDARD AUTHENTICATION A “USER” AGENT REQUESTS A “PAGE” RESOURCE IS THE RESOURCE REQUESTED PUBLIC? IF NOT, IS THE REQUESTING AGENT AUTHENTICATED? 4
  • 7. STANDARD AUTHENTICATION A “USER” AGENT REQUESTS A “PAGE” RESOURCE IS THE RESOURCE REQUESTED PUBLIC? IF NOT, IS THE REQUESTING AGENT AUTHENTICATED? IF NOT, IS THE REQUESTING AGENT REGISTERED? 4
  • 8. STANDARD AUTHENTICATION IF “USER” IS REGISTERED BUT NOT AUTHENTICATED, THEN PRESENT THE “LOGIN” FORM... 5
  • 9. STANDARD AUTHENTICATION IF “USER” IS REGISTERED BUT NOT AUTHENTICATED, THEN PRESENT THE “LOGIN” FORM... IF “USER” IS NEITHER AUTHENTICATED NOR REGISTERED, THEN PRESENT THE “REGISTRATION” FORM... 5
  • 10. STANDARD AUTHENTICATION IF “USER” IS REGISTERED BUT NOT AUTHENTICATED, THEN PRESENT THE “LOGIN” FORM... IF “USER” IS NEITHER AUTHENTICATED NOR REGISTERED, THEN PRESENT THE “REGISTRATION” FORM... SIMILAR PROCESSING; SUCCESS RETURNS TO THE ORIGINAL REQUEST. 5
  • 11. STANDARD AUTHENTICATION INPUT FILTERING TO COMBAT SCRIPT INJECTION 6
  • 12. STANDARD AUTHENTICATION INPUT FILTERING TO COMBAT SCRIPT INJECTION UNIQUENESS OF LOCAL IDENTITY 6
  • 13. STANDARD AUTHENTICATION INPUT FILTERING TO COMBAT SCRIPT INJECTION UNIQUENESS OF LOCAL IDENTITY CREDENTIAL SECURITY PASSWORD STRENGTH 6
  • 14. STANDARD AUTHENTICATION INPUT FILTERING TO COMBAT SCRIPT INJECTION UNIQUENESS OF LOCAL IDENTITY CREDENTIAL SECURITY PASSWORD STRENGTH DATA STORE 6
  • 15. STANDARD AUTHENTICATION INPUT FILTERING TO COMBAT SCRIPT ! !! INJECTION C UNIQUENESS OF LOCAL A HE S D IDENTITY H E A CREDENTIAL SECURITY PASSWORD STRENGTH DATA STORE 6
  • 16. REP ETIT STANDARD AUTHENTICATION INPUT FILTERING TO ION !!! COMBAT SCRIPT ! !! INJECTION C UNIQUENESS OF LOCAL A HE S D IDENTITY H E A CREDENTIAL SECURITY PASSWORD STRENGTH DATA STORE 6
  • 17. REP ETIT STANDARD AUTHENTICATION INPUT FILTERING TO ION !!! COMBAT SCRIPT ! !! INJECTION C UNIQUENESS OF LOCAL A HE S D IDENTITY A H E FAIL!!! CREDENTIAL SECURITY PASSWORD STRENGTH DATA STORE 6
  • 18. INT RODUCI NG ! IDENTITY FEDERATION WHY CAN’T SOMEBODY ELSE DO ALL THIS FOR ME? BUT T NE W ! NO IM P R OVED 7
  • 19. FEDERATED IDENTITY HOW THIS IS SUPPOSED TO WORK... 8
  • 20. FEDERATED IDENTITY HOW THIS IS SUPPOSED TO WORK... 8
  • 22. THAT SEEMS EASY... EVEN EASIER WITH EXISTING LIBRARIES: ZEND_OPENID FOR PHP5 RUBY-OPENID FOR RUBY NET::OPENID FOR PERL MOD_AUTH_OPENID FOR APACHE2 OPENID4JAVA FOR JAVA CHECK THE OPENID.NET WIKI FOR MORE...! 10
  • 23. LET’S TRY IT OUT! views/openid/new.html.erb: $> openid_consumer defgem install ruby-openid complete create <html> $> Get the=OpenID parameter home_url # @openid_consumer.blank? ifscript/generate controller openid new create completequot;indexquot; url_for :controller => quot;openidquot;, :action => openid_consumer openid_url = params[:openid_url] complete_url = url_for :controller => quot;openidquot;, :action => quot;completequot; @openid_consumer = <head> OpenID::Consumer.new(session, <title>Log in with OpenID</title> openid_response = something # Make sure we gotopenid_consumer.complete(params, complete_url) </head>OpenID::Store::Filesystem.new(quot;#{RAILS_ROOT}/tmp/openidquot;)) if <body> endopenid_url.blank? session[:openid]=flash[:error].blank? %> try againquot; flash[:error] =quot;No OpenID was entered; <% if not openid_response.identity_url flash[:error] :back flash[:error] -%></b></p> return @openid_consumer redirect_to = quot;You have been logged in as '#{session[:openid]}'quot; <p><b><%= endreturn end %> redirect_to :action => quot;newquot; <% return end { } end <% form_tag quot;/openid/createquot; do %> # Get an OpenID response <%= text_field_tag quot;openid_urlquot; %> openid_response = openid_consumer.begin openid_url <%= submit_tag quot;Log in with OpenIDquot; %> <% end %> home_url = url_for :controller => quot;openidquot;, :action => quot;indexquot; </body> </html> complete_url = url_for :controller => quot;openidquot;, :action => quot;completequot; openid_redirect_url = openid_response.redirect_url(home_url, complete_url) redirect_to openid_redirect_url return end HTTP://WWW.LINUXJOURNAL.COM/ARTICLE/10104 11
  • 24. LET’S TRY IT OUT! views/openid/new.html.erb: $> openid_consumer defgem install ruby-openid complete create <html> $> Get the=OpenID parameter home_url # @openid_consumer.blank? ifscript/generate controller openid new create completequot;indexquot; url_for :controller => quot;openidquot;, :action => openid_consumer openid_url = params[:openid_url] complete_url = url_for :controller => quot;openidquot;, :action => quot;completequot; @openid_consumer = <head> OpenID::Consumer.new(session, <title>Log in with OpenID</title> openid_response = something # Make sure we gotopenid_consumer.complete(params, complete_url) </head>OpenID::Store::Filesystem.new(quot;#{RAILS_ROOT}/tmp/openidquot;)) if <body> endopenid_url.blank? session[:openid]=flash[:error].blank? %> try againquot; flash[:error] =quot;No OpenID was entered; <% if not openid_response.identity_url flash[:error] :back flash[:error] -%></b></p> return @openid_consumer redirect_to = quot;You have been logged in as '#{session[:openid]}'quot; <p><b><%= endreturn end %> redirect_to :action => quot;newquot; <% return end { } end <% form_tag quot;/openid/createquot; do %> # Get an OpenID response <%= text_field_tag quot;openid_urlquot; %> openid_response = openid_consumer.begin openid_url <%= submit_tag quot;Log in with OpenIDquot; %> <% end %> home_url = url_for :controller => quot;openidquot;, :action => quot;indexquot; </body> </html> complete_url = url_for :controller => quot;openidquot;, :action => quot;completequot; openid_redirect_url = openid_response.redirect_url(home_url, complete_url) redirect_to openid_redirect_url return end HTTP://WWW.LINUXJOURNAL.COM/ARTICLE/10104 11
  • 25. LET’S TRY IT OUT! views/openid/new.html.erb: $> openid_consumer defgem install ruby-openid complete create <html> $> Get the=OpenID parameter home_url # @openid_consumer.blank? ifscript/generate controller openid new create completequot;indexquot; url_for :controller => quot;openidquot;, :action => openid_consumer openid_url = params[:openid_url] complete_url = url_for :controller => quot;openidquot;, :action => quot;completequot; @openid_consumer = <head> OpenID::Consumer.new(session, <title>Log in with OpenID</title> openid_response = something # Make sure we gotopenid_consumer.complete(params, complete_url) </head>OpenID::Store::Filesystem.new(quot;#{RAILS_ROOT}/tmp/openidquot;)) if <body> endopenid_url.blank? session[:openid]=flash[:error].blank? %> try againquot; flash[:error] =quot;No OpenID was entered; <% if not openid_response.identity_url flash[:error] :back flash[:error] -%></b></p> return @openid_consumer redirect_to = quot;You have been logged in as '#{session[:openid]}'quot; <p><b><%= endreturn end %> redirect_to :action => quot;newquot; <% return end { } end <% form_tag quot;/openid/createquot; do %> # Get an OpenID response <%= text_field_tag quot;openid_urlquot; %> openid_response = openid_consumer.begin openid_url <%= submit_tag quot;Log in with OpenIDquot; %> <% end %> home_url = url_for :controller => quot;openidquot;, :action => quot;indexquot; </body> </html> complete_url = url_for :controller => quot;openidquot;, :action => quot;completequot; openid_redirect_url = openid_response.redirect_url(home_url, complete_url) redirect_to openid_redirect_url return end HTTP://WWW.LINUXJOURNAL.COM/ARTICLE/10104 11
  • 26. LET’S TRY IT OUT! views/openid/new.html.erb: $> openid_consumer defgem install ruby-openid complete create <html> $> Get the=OpenID parameter home_url # @openid_consumer.blank? ifscript/generate controller openid new create completequot;indexquot; url_for :controller => quot;openidquot;, :action => openid_consumer openid_url = params[:openid_url] complete_url = url_for :controller => quot;openidquot;, :action => quot;completequot; @openid_consumer = <head> OpenID::Consumer.new(session, <title>Log in with OpenID</title> openid_response = something # Make sure we gotopenid_consumer.complete(params, complete_url) </head>OpenID::Store::Filesystem.new(quot;#{RAILS_ROOT}/tmp/openidquot;)) if <body> endopenid_url.blank? session[:openid]=flash[:error].blank? %> try againquot; flash[:error] =quot;No OpenID was entered; <% if not openid_response.identity_url flash[:error] :back flash[:error] -%></b></p> return @openid_consumer redirect_to = quot;You have been logged in as '#{session[:openid]}'quot; <p><b><%= endreturn end %> redirect_to :action => quot;newquot; <% return end { } end <% form_tag quot;/openid/createquot; do %> # Get an OpenID response <%= text_field_tag quot;openid_urlquot; %> openid_response = openid_consumer.begin openid_url <%= submit_tag quot;Log in with OpenIDquot; %> <% end %> home_url = url_for :controller => quot;openidquot;, :action => quot;indexquot; </body> </html> complete_url = url_for :controller => quot;openidquot;, :action => quot;completequot; openid_redirect_url = openid_response.redirect_url(home_url, complete_url) redirect_to openid_redirect_url return end HTTP://WWW.LINUXJOURNAL.COM/ARTICLE/10104 11
  • 27. LET’S TRY IT OUT! views/openid/new.html.erb: $> openid_consumer defgem install ruby-openid complete create <html> $> Get the=OpenID parameter home_url # @openid_consumer.blank? ifscript/generate controller openid new create completequot;indexquot; url_for :controller => quot;openidquot;, :action => openid_consumer openid_url = params[:openid_url] complete_url = url_for :controller => quot;openidquot;, :action => quot;completequot; @openid_consumer = <head> OpenID::Consumer.new(session, <title>Log in with OpenID</title> openid_response = something # Make sure we gotopenid_consumer.complete(params, complete_url) </head>OpenID::Store::Filesystem.new(quot;#{RAILS_ROOT}/tmp/openidquot;)) if <body> endopenid_url.blank? session[:openid]=flash[:error].blank? %> try againquot; flash[:error] =quot;No OpenID was entered; <% if not openid_response.identity_url flash[:error] :back flash[:error] -%></b></p> return @openid_consumer redirect_to = quot;You have been logged in as '#{session[:openid]}'quot; <p><b><%= endreturn end %> redirect_to :action => quot;newquot; <% return end { } end <% form_tag quot;/openid/createquot; do %> # Get an OpenID response <%= text_field_tag quot;openid_urlquot; %> openid_response = openid_consumer.begin openid_url <%= submit_tag quot;Log in with OpenIDquot; %> <% end %> home_url = url_for :controller => quot;openidquot;, :action => quot;indexquot; </body> </html> complete_url = url_for :controller => quot;openidquot;, :action => quot;completequot; openid_redirect_url = openid_response.redirect_url(home_url, complete_url) redirect_to openid_redirect_url return end HTTP://WWW.LINUXJOURNAL.COM/ARTICLE/10104 11
  • 28. TRANSMISSION COMPLETE SOURCES AVAILABLE ON DEL.ICIO.US 12