Improving the Usability and Security of OpenID Mike Jones Microsoft Federated Identity Team

Slides:



Advertisements
Similar presentations
How is OpenID helping Google? Steven Bazyl Developer Advocate
Advertisements

Yahoo OpenID UI Updates Aanchal Gupta November 09.
22 May 2008IVOA Trieste: Grid & Web Services1 Alternate security mechanisms Matthew J. Graham (Caltech, NVO) T HE US N ATIONAL V IRTUAL O BSERVATORY.
Sign Contract FUTURE WITH NO LIMITS. Sign Contract Details 1- To get started you should click on The є-Sign Contract Service logo which exist on the web.
The quest to replace passwords Evangelos Markatos Based on a paper by Joseph Bonneau,Cormac Herley, Paul C. van Oorschot, and Frank Stajanod.
Member Access Registration & Login. 2 Registration Next, click on the Register Now button. To register for Member Access users should navigate to
Employees Set Up or Change “Forgot Your Password Help” And Work Address VIA “My System Profile” In EmpowHR Employees MUST set up their security question/answer.
Jason Rich CIS  The purpose of this project is to inform the audience about the act of phishing. Phishing is when fake websites are created.
By: Ansuya Chauhan.
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
Introduction to OpenID Huanxing Shen WHIM 2009Spring.
Fighting for the Future of the Social Web Selling Out and Opening Up Joseph Smarr Member of Technical Staff, Google Portland, OR – July 26 th, 2011
The Design and Implementation of an OpenID-Enabled PKI Kevin Bauer University of Colorado Supervisor: Dhiva Muruganantham.
Alcatel Identity Server Alcatel SEL AG. Alcatel Identity Server — 2 All rights reserved © 2004, Alcatel What is an Identity Provider?  
How to Establish a Blog. What is a Blog A blog is a collection of informational articles/ideas intended to update a viewer on new information associated.
Security Warnings TROPE: Teachers’ Resources for Online Privacy Education 1.
PASSWORD MANAGEMENT MADE EASY A Project Play Date - September 26, 2008 Beth Carpenter, Library Services Manager, Outagamie Waupaca Library System.
IDENTITY MANAGEMENT Hoang Huu Hanh (PhD), OST – Hue University hanh-at-hueuni.edu.vn.
NASA NEX & OpenID -- Observations -- Andreas Matheus Secure Dimensions.
Who are you? From Directories and Identity Silos to Ubiquitous User-Centric Identity Mike Jones, Microsoft and Dale Olds, Novell.
What makes users refuse web single sign-on? An empirical investigation of OpenID S.-T. Sun, E. Pospisil, I. Muslukhov, N. Dindar, K. Hawkey, and K. Beznosov.
Identity Management Report By Jean Carreon and Marlon Gonzales.
Gradebook Parent Portal. At Ray School, beginning with the second quarter of the school year, parents will have access to a web-based tool that.
External user invited This creates invitation in Access Request List Invitation sent to guest with invitation URL Guest clicks URL. Verification.
Milestone SAP Portal Learning at the Lakes August 12, 2009.
An Overview of Single Sign-On, Federation, Its Benefits, and Basic Procedures for Integrating Applications.
Authority of Information Technology Application National Center of Digital Signature Authentication Ninh Binh, June 25, 2010.
Registering for the SAT Online Course provided by Prince William County Schools.
The Social Web: An Implementer's Guide Google I/O May 2009 Google Moderator:
What Makes Users Refuse Web Single Sign-On? An Empirical Investigation of OpenID Daniel Smith.
Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Review Of Single Sign On Systems Mansee A. Mongia 05 th March,2008.
Yuchen Zhou and David Evans Presented by Simon du Preez Compsci 726 SSOScan: Automated Testing of Web Applications for Single Sign-On Vulnerabilities.
Student Experience It’s your education Type the web site address into the browser given to you by your junior high or high school Select “I am a student”
Session: MIX09-T27F. Web Developers Customizable identity UX Single Sign On Access to user data ISVs Federation for selling their applications to organizations.
Teach Me How to Diigo! Using Diigo to Create Bookmarking Groups and Share Favorite Websites By Shauna Ryan.
Morton Instructional Technology Team Edline Student Activation.
Twenty-Minute Tech Tips A presentation about Diigo and how it can increase your productivity! Beth Given 15 th November 2008.
Security Assertion Markup Language (SAML) Interoperability Demonstration.
1 Visalia Unified School District Principal & Area Administrator Service Request Approval Processing Using The SRTS November 16, 2005 Administrative Services.
Experiences Deploying OpenID for a Broad User Base Security and Usability Considerations Breno de Medeiros Identity Management 2009, September
By: Rathi Raja Section 1055, 005 About Internet Privacy  Should we have Internet Privacy? Why do we need it? Can having internet privacy help us and.
Slavko Kukrika MVP Connect Windows 10 to the Cloud – Cloud Join.
On-Line BankCard Center Presentation Cardholder Role During the Presentation click the mouse on this button to move back a slide During the Presentation.
Single Sign-on with stoneware Presented by:. Access Stoneware Visit the district home page. In the main menu, hover over LCS Employees and choose Stoneware.
05/03/2011Pomcor 1 Meeting the Privacy Goals of NSTIC in the Short Term Presentation at the 2011 Internet Identity Workshop Francisco Corella and Karen.
OpenID Certification June 7, 2016 Michael B. Jones Identity Standards Architect – Microsoft.
Client Certs -- the old-new thing CAcert The Community CA cacert.org.
How To Recover Cox Account?. Reset Your Cox Account You can reset your Cox Password or recover your Cox User ID with your address.
How to Enable Account Key Sign Instead Of Password In Yahoo? For more details:
Identity Standards Architect, Microsoft
Dr. Michael B. Jones Identity Standards Architect at Microsoft
The Student Classlink Dashboard
Federation made simple
Data Virtualization Tutorial… OAuth Example using Google Sheets
How to Check if a site's connection is secure ?
dCache, towards Federated Identities and Anonymized Delegation
NextGen Access Control Platform
OpenID Connect Working Group
The main cause for that are the famous phishing attacks, in which the attacker directs users to a fake web page identical to another one and steals the.
Student Experience It’s your education.
The Social Web: An Implementer's Guide
User Registration.
Building "One Size Fits All" Identity Systems Possible or Fantasy
WELCOME How to Setup Yahoo Account Key Feature in Browser? CONTACT US
D Guidance 26-Jun: Would like to see a refresh of this title slide
How to Stop All the Ads in Hotmail by Internet Explorer? | HOTMAIL SUPPORT PHONE NUMBER
Presentation transcript:

Improving the Usability and Security of OpenID Mike Jones Microsoft Federated Identity Team

What is OpenID? A Web Single-Sign-On (SSO) technology – Enables using account you have at one site to sign into others Originally designed for blog commenting – May become universal sign-on and sign-up system for Internet An OpenID is a URL referencing an account you control Example OpenIDs: – – – – – –

OpenID Flow OpenID Provider (OP) Web Site Relying Party (RP) Web Site 1. User visits RP site 2. User chooses an OpenID 3. RP redirects browser to OP 4. User signs into OP 5. OP redirects browser to RP 6. User signed into RP site with OpenID

Basic OpenID Demo Making a blog comment

“NASCAR” Experience Demo Clicking on logos instead of typing URLs

Phishing Demo Malicious site stealing my OpenID password

What have we seen so far? Basic OpenID UX requires remembering URLs – Doesn’t work for most people NASCAR experience easier, but only for providers with buttons – Doesn’t scale or facilitate choice Phishing easy to accomplish – And NASCAR logos actually make it worse

An Active Client for OpenID Remembers your identities – Instead of you having to remember URLs Brings your identities with you to the site – Instead of the site having to guess what they are Supervises identity interactions for you – Providing a defense against phishing sites

First Time Use Demo First time use of an Identity Selector (the active client) at an OpenID site – Plaxo one of sites we worked with on prototype – Site live on the Internet

Second Time Use Demo Second time use of an Identity Selector (the active client) at an OpenID site

Personal OpenID Usage Demo Using a personal OpenID, which is delegated to another OpenID Provider

Demo at Another Site Shows bringing my OpenIDs with me to site

What have we seen? Identity Selector improves usability of OpenID – Remembers my identities for me – Brings them with me to sites Identity Selector improves security of OpenID – Warns when using untrusted identity provider – Informs whether OpenIDs used at site before

Status and Future Work OpenID Identity Selector effort an incubation – No OpenID standards yet for active clients – Shown at OpenID Summit and Internet Identity Workshop (IIW) in November 2009 OpenID advocates considering active client specifications – Would go through OpenID standards process Part of OpenID v.Next work begun at IIW

For More Information See my blog – Especially on this workhttp://self-issued.info/?p=235 – And on the OpenID v.Next goalshttp://self-issued.info/?p=256 Contact me at

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.