And YADIS David Recordon Six Apart, Ltd. / LiveJournal.com / Danga Interactive, Inc. Parts of presentation stolen from Brad Fitzpatrick.

Slides:



Advertisements
Similar presentations
Yahoo! OpenID and OAuth 1 Allen Tom Yahoo! Membership Architect OpenID Foundation Board
Advertisements

22 May 2008IVOA Trieste: Grid & Web Services1 Alternate security mechanisms Matthew J. Graham (Caltech, NVO) T HE US N ATIONAL V IRTUAL O BSERVATORY.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Extending ForeFront beyond the limit TMGUAG ISAIAG AG Security Suite.
Brad Fitzpatrick Six Apart, Ltd. / LiveJournal / Danga August 2005.
Eric Raff. Usergroup up
Lecture 18 Page 1 CS 236 Online DNS Security The Domain Name Service (DNS) translates human-readable names to IP addresses –E.g., thesiger.cs.ucla.edu.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
By: Ansuya Chauhan.
Experimental OpenID Service for DOEGrids Summer Student Program 2008 Jan Durand ESnet 08/06/08.
IdM & OpenID Present by Fangli cai Prantap Bedi. The need for IdM &OpenID As the world of e-business gains global acceptance, the traditional processes.
Joseph Smarr Opening up the Social Web Joseph Smarr Chief Platform Architect, Plaxo 11/28/2007.
Copyright 2004 Monash University IMS5401 Web-based Systems Development Topic 2: Elements of the Web (g) Interactivity.
1 Higgins 1: a species of Tasmanian long-tailed mouse 2: the name of an open source collaboration of IBM, Novell, Oracle, Parity…
December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.
The Design and Implementation of an OpenID-Enabled PKI Kevin Bauer University of Colorado Supervisor: Dhiva Muruganantham.
OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.
Virtual Observatory Single Sign-on U.S. National Virtual Observatory National Center for Supercomputing Applications Ray Plante, Bill Baker.
Single Sign-on Writ Large. What is OpenID?  Open, Decentralized single sign on standard  Allows users to use a single digital identity across multiple.
INF 123 SW ARCH, DIST SYS & INTEROP LECTURE 16 Prof. Crista Lopes.
Security Jonathan Calazan December 12, 2005.
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
Creating an Online Portfolio Creating your Electronic Portfolio.
Digital Certificates. What is a Digital Certificate? A digital certificate is the equivalent of your business card in the e-commerce world. It says who.
HTML Comprehensive Concepts and Techniques Intro Project Introduction to HTML.
Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.
IDENTITY MANAGEMENT Hoang Huu Hanh (PhD), OST – Hue University hanh-at-hueuni.edu.vn.
Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam
NASA NEX & OpenID -- Observations -- Andreas Matheus Secure Dimensions.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
Identity Management in Education. Welcome Scott Johnson, NetProf, Inc. Creator of OmnID Identity Management for Education
Identity Management Report By Jean Carreon and Marlon Gonzales.
1 Addressing security challenges on a global scaleGeneva, 6-7 December 2010.
Wireless Network Authentication Regnauld / Büttrich, Edit: Sept 2011 Wireless Network Authentication Regnauld / Büttrich, Edit: Sept 2011.
IIW 2008b Report November , Mountain View Abbie Barbir Nortel OASIS IDtrust Steering.
SEAN WALLBRIDGE ITGROOVE AND SECTOR LEARNING SOLUTIONS SharePoint Users Group – March 12, 2009.
The Internet Identity Layer OpenID Connect Update for HIT Standards Committee’s Privacy and Security Workgroup Wednesday, March 12th from 10:00-2:45 PM.
Enforcement mechanisms for distributed authorization across domains in UMA – aka “UMA trust” Eve Maler | 22 Aug 2012 draft.
RSS Basics and Beyond RSS Basics and Beyond Tips and Tricks for Getting the Most out of Syndicated Content.
Teens and Library 2.0 How we mix the two and come up with great results! = !
An XML based Security Assertion Markup Language
Authority of Information Technology Application National Center of Digital Signature Authentication Ninh Binh, June 25, 2010.
Shibboleth: An Introduction
Semantic Web Technologies Research Topics and Projects discussion Brief Readings Discussion Research Presentations.
© 2008 by Matt Flaherty & Mary Ruddy; made available under the EPL v1.0 Security & Identity : From present to future Matt Flaherty, IBM Mary Ruddy, Meristic.
David Recordon IOS Vancouver 2006.
Extending ISA/IAG beyond the limit. AGAT Security suite - introduction AGAT Security suite is a set of unique components that allow extending ISA / IAG.
RUBRIC IP1 Ruben Botero Web Design III. The different approaches to accessing data in a database through client-side scripting languages. – On the client.
Peering: A Minimalist Approach Rohan Mahy IETF 66 — Speermint WG.
THE DEVIL IS IN THE (IMPLEMENTATION) DETAILS: AN EMPIRICAL ANALYSIS OF OAUTH SSO SYSTEMS SAN-TSAI SUN & KONSTANTIN BEZNOSOV PRESENTED BY: NAZISH KHAN COMPSCI.
Chapter 11 Working with Credit Card Methods of Processing Credit Cards Preparing for Cyber Cash Authoring a Credit card Transaction.
Dyalog’08. Conga, SSL and WebServices Morten Kromberg Dyalog’08 - Elsinore.
TRANSITIONING FULL TRUST CODE TO CLIENT APIS Architecting SharePoint For The Future Chris Domino December 10, 2015.
Web Services Security Patterns Alex Mackman CM Group Ltd
Upgrading the Web A Prospectus. Apology The Web.
Ben Robb MVP, SharePoint Server CTO, cScape Ltd Interoperability Overview: All Roads Lead to SharePoint.
Powered by Microsoft Azure, Auctori Is the Next Generation in Multilingual, Global, Search Engine Optimized Web Content Management Systems MICROSOFT AZURE.
Lecture 18 Page 1 CS 236, Spring 2008 DNS Security The Domain Name Service (DNS) translates human-readable names to IP addresses –E.g., thesiger.cs.ucla.edu.
+ Publishing Your First Post USING WORDPRESS. + A CMS (content management system) is an application that allows you to publish, edit, modify, organize,
Experiences Deploying OpenID for a Broad User Base Security and Usability Considerations Breno de Medeiros Identity Management 2009, September
Matt Bostrom, APCO Worldwide THE SIX ONLINE REPUTATIONAL DRIVERS.
Improving the Usability and Security of OpenID Mike Jones Microsoft Federated Identity Team
Uploading Web Page  It would be meaningful to share your web page with the rest of the net user.  Thus, we have to upload the web page to the web server.
General Overview of Various SSO Systems: Active Directory, Google & Facebook Antti Pyykkö Mikko Malinen Oskari Miettinen.
Lecture 10 Page 1 CS 236 Online Encryption and Network Security Cryptography is widely used to protect networks Relies on encryption algorithms and protocols.
(class #2) CLICK TO CONTINUE done by T Batchelor.
Analyn Policarpio Andrew Jazon Gupaal
Federation made simple
Communicate and Collaborate Wikis
Presentation transcript:

and YADIS David Recordon Six Apart, Ltd. / LiveJournal.com / Danga Interactive, Inc. Parts of presentation stolen from Brad Fitzpatrick Informational Morning for Developers - December 12th 2005

What is OpenID? ● A URL based identity system – Proves that you have control over a URL ● One-time assertions with a digital signature ● Free, decentralized, and open protocol – Has open implementations in various languages ● Will survive even if a company goes out of business or turns evil ● Low barrier to entry – Works with static HTML pages – No SSL required – No browser plugins required

What OpenID isn't... ● A service or company ● A trust or reputation system – Spammers can/will/have setup OpenID servers – Trust/reputation providers on their way and require identity first ● 5+ companies working on this ● TrustRank ● A solution to all identity problems ● Perfectly secure – DNS spoofing – Man-in-the-middle (between some parts)

Why? ● Most blogs currently have no authentication when leaving comments – I can say I am anyone ● Foster Auth. Interoperability – LiveJournal, DeadJournal – TypePad, Movable Type – WordPress, Schtuff, MyOpenID, Videntity,... lame

Why URLs as identity? ● Already the convention – Comment by Matt at 7:23pm – Mouseover to see which Matt ● Users don't understand public keys ● Users don't understand namespaces ● Users do understand URLs – 10+ years of billboards and TV commercials ● You can click them – Tangible ● No new namespace or public keys (key revocation, etc...)

Chicken / Egg ● LiveJournal / TypePad / Movable Type – All are OpenID consumers ● TypeKey – Still speaks TypeKey. also speaks OpenID – An OpenID provider for people without their own ● 10M+ OpenID users who don't know it – Already: DeadJ/GreatestJ/LiveJ interop ● Has the largest deployed userbase of all REST-ful identity systems

Why should you use OpenID? ● Interoperate with others using OpenID – Your users can mark external users leaving comments as “trusted” or “friends” – Your users can bring their identity to other sites, thus advertising your service ● Not theoretical, already in use ● Can support OpenID + _______ in future – No reason to only support OpenID – YADIS ● Free ● Open libraries for most languages

What is YADIS? ● Lightweight URL based capability discovery protocol ● Uses a subset of the XRD services document ● Not just for identity – I am an Atom endpoint – I speak Flickr's protocol ● Architectural Assumptions – Fully decentralized, no one point of control – Let many (interoperable) flowers bloom – URLs as identifiers – REST-ful and easy to use for both developers and consumers

How does YADIS fit in? ● Not everyone wants to talk OpenID – Nor any one other one protocol ● OpenID does nothing other than SSO ● Using YADIS, you can define one of your Services as being OpenID SSO ● Your identity URL will now tell consumers (relying parties) that it speaks OpenID + others – Allows the RP to pick the best protocol for the task at hand ● Uses OpenID's method of delegation so other protocols can work on “Geocities” type hosting

Questions? ● OpenID – – – ● YADIS – ● Mailing lists –