2. quot;Its definitely time to declare quot;OpenID is a protocol made
OpenID a winnerquot; for the public, by the public.
TechCrunch No one owns or controls your
login information:You do.quot;
37signals
quot;...sees great potential for OpenID's use
alongside enterprise-ready software
infrastructurequot;
Sun Microsystems
quot;taking the world by stormquot;
quot;this high profile announcement marks
Tim O'Reilly
the importance of single sign on identity
technology to the future of the Internetquot;
ReadWriteWeb
3. What is OpenID?
• Single sign-on for the web
• Simple and light-weight
(not going to replace your bank card pin)
• Easy to use and deploy
• Built upon proven existing technologies
(DNS, HTTP, SSL/TLS, Diffie-Hellman)
• Decentralized
(you don't have to ask anyone permission to implement it)
• Free!
4. An OpenID is a URI
• URLs are globally unique
and ubiquitous
• OpenID allows proving
ownership of an URI
• People already have
identity at URLs via
blogs, photos, MySpace,
FaceBook, etc
• People already describe
relationships via URLs
(e.g. links to my friends)
6. Benefits
• Reduces the number of usernames and
passwords
• Simplifies new account creation
• Allows for lightweight accounts
• Simplifies internal SSO
• Enables wide-spread benefit of strong
authentication
• Enables decentralized reputation
• Enables social network portability
17. Total Relying Parties (aka places you can login with OpenID)
6,000
4,500
3,000
1,500
0
ov
b
ay
ly
'06
ar
ne
ov
ay
ly
'05
ct
ec
r
g
ne
p
ec
'07
b
ct
ar
r
st
22
Ap
Ap
Au
Fe
Se
Fe
Ju
Ju
gu
O
O
M
M
M
M
D
D
Ju
Ju
N
N
p
p
Jan
Jan
Au
Se
Se
OpenID 1.1 - As viewed by MyOpenID.com
18. quot;So that's great there
are so many blogs, but
what about something
real?quot;
28. IE Team has posted a job
ad mentioning quot;OpenIDquot;
quot;Does the idea of redefining the role of the Internet browser appeal to you?
Do the terms HTTP, RSS, Microformats, and OpenID, excite you? If so, then
this just might be the opportunity for you.quot;
31. OpenID 2.0
• Cleans up the 1.1 specification
• Adds a few useful features
• Robust extensibility
• Enhanced service discovery
• quot;Directed identityquot;
• XRI
• About six independent library
implementations of final draft
33. Offer all employees
OpenIDs; open source
Enterprise SSO and
identity manager with
LDAP and OpenID
Internal SSO for bug
trackers and wikis
OpenID Provider with
plans to ship in enterprise
products this year
Shared OpenID Provider
for their businesses and
partners
Project management,
CRM, and billing for small
businesses
35. I come from E-stonia
• A small EU country with ~1.3M inhabitants
• Access to internet considered a “civil right”
• Had first parliament elections over the
internet in 2005
• 80%+ of the population have a digital ID-
card
37. ID-card is a...
• Photo ID like any other
• We are interested in Electronic ID:
• The chip contains your name, age, gender
and social security number
• Two PIN codes: one for authentication
and one for signing documents
38. Authentication
• Is about proving who you are.
• Available to any service that wants to use it
• Online banking
• Filing your taxes
• Various other services
51. Same Can be Different
• Bank: Martin Paljak, the account owner
• Forum: user who registered as “catluvr99”
• Blog: author of the comment
• http://open.id.ee/martin.paljak is Martin Paljak
52. Is the OpenID you
present the same as we
have in our database?
54. Solution: OpenID
• id.ee => open.id.ee
• OpenID service that uses ID-cards for
authentication
• Gives users more control over their private
data
• Is NOT a government enforced/controlled
service
55. Simplicity
• One privacy policy to check
• One trust decision to make
• One purpose for the OpenID service
• Encapsulate and protect users’ private
data
63. ID-card Sucks!
• Implementing support is difficult
• Technically challenging (SSL certificates
and such)
• Users don’t like ID-cards anyway as they
are often afraid of privacy issues
• Most sites don’t need so high security
• So... why bother?
64. I Forgot!
• Mobile-ID: same stuff inside your GSM SIM
card
• Same technology inside ...
• ... but totally different to implement ...
• ... AGAIN!!!
65. What is Mobile-ID?
• Smaller ID-card
• No hardware needed - your phone is
your card reader
• No need to install software to use it online
- websites have it
71. Benefits of OpenID
• Only one interface to implement
• And lots of expertise available globally
• If website uses open.id.ee service
exclusively, it has instant access to both
ID-cards and Mobile-ID authentication
• ... with privacy features included @ no cost
72. So ...
• Users get more control over their private
data and OpenID provides it
• Websites have a simple and easy way to
integrate newest authentication
technologies with OpenID
75. Anonymity
• Users want anonymity
• At least partial
• Remaining anonymous is a privilege
• Spam, death threats etc must be
punishable
76. The story
• Riots in Tallinn that leaded to cyber-attacks
• Petition letter to force a politician resign
collected almost 100k names and e-mails
• Including “George Bush”, “Rex the dog”
and “!@#$ you”
• Result: nothing.
77. OpenID 2.0
• New feature: identity selection
• You get to choose the OpenID sent to
the website
• Choose between open.id.ee/martin.paljak ...
79. Anonymous OpenID
• No (zero) personal data in the URL
• One anonymous URL per user per website
• The “account” problem mitigated
• Still a guarantee that the user behind the
OpenID is a real person
80.
81.
82. Extra Features
• Identity theft virtually impossible
• re-claiming is painless
• Some registration data is always true
• If user chooses to send it
• “Why do they need it?”
83. Why do I Care?
• I’m a user too!
• We export the ID technology of Estonia
• Online privacy issues are being discussed
• Verified anonymity contributes to
e-democracy
84. Why you should care!
• Implement OpenID - get access to our
technology
• Other EU countries deploying ID-cards
• Similar problems
• Similar solutions
• OpenID is designed for interoperability
• ID-cards are in theory
85. Thanks!
Questions?
http://openid.net/
https://open.id.ee/about/english
David Recordon Martin Paljak
davidrecordon.com http://ideelabor.ee
david@sixapart.com martin@ideelabor.ee