Presentation is loading. Please wait.

Presentation is loading. Please wait.

Improving the Usability and Security of OpenID Mike Jones Microsoft Federated Identity Team

Published byMarylou Watson Modified over 8 years ago

Similar presentations

Presentation on theme: "Improving the Usability and Security of OpenID Mike Jones Microsoft Federated Identity Team"— Presentation transcript:

1 Improving the Usability and Security of OpenID Mike Jones Microsoft Federated Identity Team mbj@microsoft.com

2 What is OpenID? A Web Single-Sign-On (SSO) technology – Enables using account you have at one site to sign into others Originally designed for blog commenting – May become universal sign-on and sign-up system for Internet An OpenID is a URL referencing an account you control Example OpenIDs: – http://self-issued.info/ – https://mbj.signon.com/ – http://mbj.pip.verisignlabs.com/ – http://self-issued.myopenid.com/ – http://yahoo.com/ – https://www.google.com/accounts/o8/id

3 OpenID Flow OpenID Provider (OP) Web Site Relying Party (RP) Web Site 1. User visits RP site 2. User chooses an OpenID 3. RP redirects browser to OP 4. User signs into OP 5. OP redirects browser to RP 6. User signed into RP site with OpenID

4 Basic OpenID Demo Making a blog comment

5 “NASCAR” Experience Demo Clicking on logos instead of typing URLs

6 Phishing Demo Malicious site stealing my OpenID password

7 What have we seen so far? Basic OpenID UX requires remembering URLs – Doesn’t work for most people NASCAR experience easier, but only for providers with buttons – Doesn’t scale or facilitate choice Phishing easy to accomplish – And NASCAR logos actually make it worse

8 An Active Client for OpenID Remembers your identities – Instead of you having to remember URLs Brings your identities with you to the site – Instead of the site having to guess what they are Supervises identity interactions for you – Providing a defense against phishing sites

9 First Time Use Demo First time use of an Identity Selector (the active client) at an OpenID site – Plaxo one of sites we worked with on prototype – Site live on the Internet

10 Second Time Use Demo Second time use of an Identity Selector (the active client) at an OpenID site

11 Personal OpenID Usage Demo Using a personal OpenID, which is delegated to another OpenID Provider

12 Demo at Another Site Shows bringing my OpenIDs with me to site

13 What have we seen? Identity Selector improves usability of OpenID – Remembers my identities for me – Brings them with me to sites Identity Selector improves security of OpenID – Warns when using untrusted identity provider – Informs whether OpenIDs used at site before

14 Status and Future Work OpenID Identity Selector effort an incubation – No OpenID standards yet for active clients – Shown at OpenID Summit and Internet Identity Workshop (IIW) in November 2009 OpenID advocates considering active client specifications – Would go through OpenID standards process Part of OpenID v.Next work begun at IIW

15 For More Information See my blog http://self-issued.info/http://self-issued.info/ – Especially http://self-issued.info/?p=235 on this workhttp://self-issued.info/?p=235 – And http://self-issued.info/?p=256 on the OpenID v.Next goalshttp://self-issued.info/?p=256 Contact me at mbj@microsoft.commbj@microsoft.com

16

17

Download ppt "Improving the Usability and Security of OpenID Mike Jones Microsoft Federated Identity Team"

Similar presentations

How is OpenID helping Google? Steven Bazyl Developer Advocate

How is OpenID helping Google? Steven Bazyl Developer Advocate
Yahoo OpenID UI Updates Aanchal Gupta November 09.

Yahoo OpenID UI Updates Aanchal Gupta November 09.
22 May 2008IVOA Trieste: Grid & Web Services1 Alternate security mechanisms Matthew J. Graham (Caltech, NVO) T HE US N ATIONAL V IRTUAL O BSERVATORY.

22 May 2008IVOA Trieste: Grid & Web Services1 Alternate security mechanisms Matthew J. Graham (Caltech, NVO) T HE US N ATIONAL V IRTUAL O BSERVATORY.
Sign Contract FUTURE WITH NO LIMITS. Sign Contract Details 1- To get started you should click on The є-Sign Contract Service logo which exist on the web.

Sign Contract FUTURE WITH NO LIMITS. Sign Contract Details 1- To get started you should click on The є-Sign Contract Service logo which exist on the web.
The quest to replace passwords Evangelos Markatos Based on a paper by Joseph Bonneau,Cormac Herley, Paul C. van Oorschot, and Frank Stajanod.

The quest to replace passwords Evangelos Markatos Based on a paper by Joseph Bonneau,Cormac Herley, Paul C. van Oorschot, and Frank Stajanod.
Member Access Registration & Login. 2 Registration Next, click on the Register Now button. To register for Member Access users should navigate to www.rotary.org.

Member Access Registration & Login. 2 Registration Next, click on the Register Now button. To register for Member Access users should navigate to
Employees Set Up or Change “Forgot Your Password Help” And Work Email Address VIA “My System Profile” In EmpowHR Employees MUST set up their security question/answer.

Employees Set Up or Change “Forgot Your Password Help” And Work Address VIA “My System Profile” In EmpowHR Employees MUST set up their security question/answer.
Jason Rich CIS - 158 1.  The purpose of this project is to inform the audience about the act of phishing. Phishing is when fake websites are created.

Jason Rich CIS  The purpose of this project is to inform the audience about the act of phishing. Phishing is when fake websites are created.
By: Ansuya Chauhan.

By: Ansuya Chauhan.
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
Introduction to OpenID Huanxing Shen WHIM 2009Spring.

Introduction to OpenID Huanxing Shen WHIM 2009Spring.
Fighting for the Future of the Social Web Selling Out and Opening Up Joseph Smarr Member of Technical Staff, Google Portland, OR – July 26 th, 2011

Fighting for the Future of the Social Web Selling Out and Opening Up Joseph Smarr Member of Technical Staff, Google Portland, OR – July 26 th, 2011
The Design and Implementation of an OpenID-Enabled PKI Kevin Bauer University of Colorado Supervisor: Dhiva Muruganantham.

The Design and Implementation of an OpenID-Enabled PKI Kevin Bauer University of Colorado Supervisor: Dhiva Muruganantham.
Alcatel Identity Server Alcatel SEL AG. Alcatel Identity Server — 2 All rights reserved © 2004, Alcatel What is an Identity Provider?  

Alcatel Identity Server Alcatel SEL AG. Alcatel Identity Server — 2 All rights reserved © 2004, Alcatel What is an Identity Provider?  
How to Establish a Blog. What is a Blog A blog is a collection of informational articles/ideas intended to update a viewer on new information associated.

How to Establish a Blog. What is a Blog A blog is a collection of informational articles/ideas intended to update a viewer on new information associated.
Security Warnings TROPE: Teachers’ Resources for Online Privacy Education www.teachingprivacy.org 1.

Security Warnings TROPE: Teachers’ Resources for Online Privacy Education 1.
PASSWORD MANAGEMENT MADE EASY A Project Play Date - September 26, 2008 Beth Carpenter, Library Services Manager, Outagamie Waupaca Library System.

PASSWORD MANAGEMENT MADE EASY A Project Play Date - September 26, 2008 Beth Carpenter, Library Services Manager, Outagamie Waupaca Library System.
IDENTITY MANAGEMENT Hoang Huu Hanh (PhD), OST – Hue University hanh-at-hueuni.edu.vn.

IDENTITY MANAGEMENT Hoang Huu Hanh (PhD), OST – Hue University hanh-at-hueuni.edu.vn.
NASA NEX & OpenID -- Observations -- Andreas Matheus Secure Dimensions.

NASA NEX & OpenID -- Observations -- Andreas Matheus Secure Dimensions.
Who are you? From Directories and Identity Silos to Ubiquitous User-Centric Identity Mike Jones, Microsoft and Dale Olds, Novell.

Who are you? From Directories and Identity Silos to Ubiquitous User-Centric Identity Mike Jones, Microsoft and Dale Olds, Novell.

Similar presentations

Ads by Google