SlideShare a Scribd company logo

The Implications of OpenID

Simon Willison
Simon Willison
Technology
1 of 178
Download to read offline
The implications of Simon Willison XTech, 18th May 2007
This talk is not about identity
“identity” implies lots of unanswered questions
I’m bored of unanswered questions
I’m going to answer as many questions as possible
(To keep things easy, I get to ask them)
Who here has used OpenID?
Who uses it regularly?
What is OpenID?
OpenID is a decentralised mechanism for Single Sign On
What problems does it solve?
“Too many passwords!”
“Someone else nabbed my username”
“My online profile is scattered across dozens of sites” (potentially, at least)
What is an OpenID?
An OpenID is a URL
http://swillison.livejournal.com/
http://simonw.myopenid.com/
http://simonwillison.net/
http://openid.aol.com/simonwillison/
What can you do with an OpenID?
You can claim that you own it
You can prove that claim
Why is that useful?
You can use it for authentication
“Who the heck are you?!”
“I’m simonwillison.net”
“prove it!”
(magic happens)
“OK, you’re in!”
So it’s a bit like Microsoft Passport, then?
Yes, but Microsoft don’t get to own your credentials
Who does get to own them, then?
You, the user, decide.
You pick a provider
(just like e-mail)
So I’m still giving someone the keys to my kingdom?
Yes, but it can be someone you trust
If you have the ability to run your own server software, you can do it for yourself.
OK, how do I use it?
So my users don’t have to sign up for an account?
Not necessarily
An OpenID tells you very little about a user
You don’t know their name
You don’t know their e-mail address
You don’t know if they’re a person or an evil robot
(or a dog)
Where do I get that information from?
You ask them!
OpenID can even help them answer
How can I tell if they’re an evil spambot?
Same as usual: challenge them with a CAPTCHA
botbouncer.com can tell you if their OpenID has passed a CAPTCHA before
(assuming you trust botbouncer.com)
So how does OpenID actually work?
<link rel=quot;openid.serverquot; href=quot;http://www.myopenid.com/serverquot; />
“I’m simonwillison.myopenid.com”
Site fetches HTML, discovers identity provider
Establishes shared secret with identity provider (Using Diffie-Hellman key exchange)
Redirects you to the identity provider
If you’re logged in there, you get redirected back
How does my identity provider know who I am?
OpenID deliberately doesn’t specify
username/password is common
But providers can use other methods if they want to
Client SSL certificates
Out of band authentication via SMS, e-mail or Jabber
IP based login restrictions
(one guy set that up using DynDNS)
SecurID keyfobs
No authentication at all (just say “Yes”)
Just say “yes”?
Yup. That’s the OpenID version of bugmenot.com
http://www.jkg.in/openid/
Users can give away their passwords today - this is just the OpenID equivalent
What if I decide I hate my provider?
Use your own domain name
Delegate to a provider you trust
<link rel=quot;openid.serverquot; href=quot;http://www.livejournal.com/openid/server.bmlquot;> <link rel=quot;openid.delegatequot; href=quot;http://swillison.livejournal.com/quot;>
Support for delegation is compulsory
Minimise lock in
So everyone will end up with one OpenID that they use for everything?
Probably not
(I have half a dozen OpenIDs already)
People like maintaining multiple online personas
professional social secret ...
OpenID makes it easier to manage multiple online personas
Different OpenIDs can express different things
My AOL OpenID proves my AIM screen name
A last.fm OpenID could incorporate my taste in music
My LiveJournal OpenID tells you where to find my blog
... and a FOAF file listing my friends
doxory.com uses this for contact imports
An OpenID from sun.com proves that someone is a current Sun employee
Why is OpenID worth implementing over all the other identity standards?
It’s simple
Unix philosophy: It solves one, tiny problem
It’s a dumb network
Many of the competing standards are now on board
Isn’t putting all my eggs in one basket a really bad idea?
Bad news: chances are you already do
“I forgot my password” means your e-mail account is already an SSO mechanism
OpenID just makes this a bit more obvious
What about phishing?
Phishing is a problem
I can has lolcats!? BETA Make your own lolcats! lol Sign in with your OpenID: OpenID: Sign in
Fake edition Your identity provider Username and password, please! Username: Password: Log in
Identity theft :(
An untrusted site redirects you to your trusted provider
Sound familiar?
That’s how Paypal works!
It still sucks though
One solution: don’t let the user log in on the identity provider “landing page”
Better solutions
CardSpace
Seat belt
Native browser support for OpenID
Competition between providers
How do I implement OpenID on my site?
As a consumer...
Grab an OpenID library for your chosen language or platform
www.openidenabled.com
Allow your existing users to associate their accounts with one or more OpenIDs
(make sure you authenticate the OpenIDs first)
Allow people to kick- start the registration process with their OpenID
Make passwords optional during signup if an OpenID has already been confirmed
As a provider...
Figure out your anti- phishing mechanism
Read the spec!
Why allow multiple OpenIDs per account?
People can still sign in if one of their providers is down
People can un-associate an OpenID without locking themselves out
You can take advantage of site-specific services around OpenID
Any other neat tricks?
Yes, lots!
Lightweight accounts
Pre-approved accounts
Social whitelists
OpenID and hCard
Decentralised social networks?
“People keep asking me to join the LinkedIn network, but I’m already part of a network, it’s called the Internet.” Gary McGraw, via Jon Udell, via Gavin Bell
What are the privacy implications?
Cross correlation of accounts
Don’t publish a user’s OpenID without explicit permission
The online equivalent of a credit reporting agency?
This could be built today by sites conspiring to share e-mail addresses
IANAL, but legal protections against this already exist
OpenID 2.0 makes it trivial to use a different OpenID for every site
Patents?
Sun have pre-announced a “patent covenant”
They won’t clobber OpenID with their patents
They’ll clobber anyone else who tries to
Who else is involved?
AOL - provider, full consumer by end of June
Microsoft: Bill Gates expressed their interest
(Mainly as good PR for CardSpace)
Sun: Patent Covenant, 33,000 employees
Six Apart
VeriSign
JanRain
You?
http://openid.net/ http://www.openidenabled.com/ http://simonwillison.net/tags/openid/
Thank you

Recommended

Implications Of OpenID (Google Tech Talk)
Implications Of OpenID (Google Tech Talk)Implications Of OpenID (Google Tech Talk)
Implications Of OpenID (Google Tech Talk)Simon Willison
 
Building the Social Web with OpenID
Building the Social Web with OpenIDBuilding the Social Web with OpenID
Building the Social Web with OpenIDSimon Willison
 
Simon Willison @ FOWA Feb 07
Simon Willison @ FOWA Feb 07Simon Willison @ FOWA Feb 07
Simon Willison @ FOWA Feb 07carsonsystems
 
The Next Big Thing is Web 3.0. Catch It If You Can
The Next Big Thing is Web 3.0. Catch It If You Can The Next Big Thing is Web 3.0. Catch It If You Can
The Next Big Thing is Web 3.0. Catch It If You Can Judy O'Connell
 
Web 3.0 explained with a stamp (pt I: the basics)
Web 3.0 explained with a stamp (pt I: the basics)Web 3.0 explained with a stamp (pt I: the basics)
Web 3.0 explained with a stamp (pt I: the basics)Freek Bijl
 
Foaf Openid Milan
Foaf Openid MilanFoaf Openid Milan
Foaf Openid MilanDan Brickley
 
Web 3.0 Intro
Web 3.0 IntroWeb 3.0 Intro
Web 3.0 IntroJustin Lee
 
The Social Semantic Web and Linked Data
The Social Semantic Web and Linked DataThe Social Semantic Web and Linked Data
The Social Semantic Web and Linked DataAlexandre Passant
 

Recommended

Implications Of OpenID (Google Tech Talk)
Implications Of OpenID (Google Tech Talk)Implications Of OpenID (Google Tech Talk)
Implications Of OpenID (Google Tech Talk)Simon Willison
 
Building the Social Web with OpenID
Building the Social Web with OpenIDBuilding the Social Web with OpenID
Building the Social Web with OpenIDSimon Willison
 
Simon Willison @ FOWA Feb 07
Simon Willison @ FOWA Feb 07Simon Willison @ FOWA Feb 07
Simon Willison @ FOWA Feb 07carsonsystems
 
The Next Big Thing is Web 3.0. Catch It If You Can
The Next Big Thing is Web 3.0. Catch It If You Can The Next Big Thing is Web 3.0. Catch It If You Can
The Next Big Thing is Web 3.0. Catch It If You Can Judy O'Connell
 
Web 3.0 explained with a stamp (pt I: the basics)
Web 3.0 explained with a stamp (pt I: the basics)Web 3.0 explained with a stamp (pt I: the basics)
Web 3.0 explained with a stamp (pt I: the basics)Freek Bijl
 
Foaf Openid Milan
Foaf Openid MilanFoaf Openid Milan
Foaf Openid MilanDan Brickley
 
Web 3.0 Intro
Web 3.0 IntroWeb 3.0 Intro
Web 3.0 IntroJustin Lee
 
The Social Semantic Web and Linked Data
The Social Semantic Web and Linked DataThe Social Semantic Web and Linked Data
The Social Semantic Web and Linked DataAlexandre Passant
 
Web 1 2 3
Web 1 2 3Web 1 2 3
Web 1 2 3londoncall
 
Digital ASSETS: A PATH TO FIDUCIARY ACCESS - FALL 2014
Digital ASSETS: A PATH TO FIDUCIARY ACCESS - FALL 2014Digital ASSETS: A PATH TO FIDUCIARY ACCESS - FALL 2014
Digital ASSETS: A PATH TO FIDUCIARY ACCESS - FALL 2014gallowayandcollens
 
The Evolution of Web 3.0
The Evolution of Web 3.0The Evolution of Web 3.0
The Evolution of Web 3.0Marta Strickland
 
Our online identity
Our online identityOur online identity
Our online identityChris Messina
 
Web 3.0 :The Evolution of Web
Web 3.0 :The Evolution of WebWeb 3.0 :The Evolution of Web
Web 3.0 :The Evolution of WebNiharjyoti Sarangi
 
Web 2.0, Dansk IT 2007-10-25
Web 2.0, Dansk IT 2007-10-25Web 2.0, Dansk IT 2007-10-25
Web 2.0, Dansk IT 2007-10-25Anders Pollas
 
What is Web 3.0?
What is Web 3.0?What is Web 3.0?
What is Web 3.0?Johan Koren
 
How GoDaddy Brought Down Millions of Sites – and How to Avoid Being a DNS Out...
How GoDaddy Brought Down Millions of Sites – and How to Avoid Being a DNS Out...How GoDaddy Brought Down Millions of Sites – and How to Avoid Being a DNS Out...
How GoDaddy Brought Down Millions of Sites – and How to Avoid Being a DNS Out...Yottaa
 
Web 4.0 and beyond
Web 4.0 and beyondWeb 4.0 and beyond
Web 4.0 and beyondJohan Koren
 
Generations of web 1.0, 2.0 and 3.0
Generations of web 1.0, 2.0 and 3.0Generations of web 1.0, 2.0 and 3.0
Generations of web 1.0, 2.0 and 3.0ShamsReza2
 
Orizonturi Web (Web Horizons)
Orizonturi Web (Web Horizons)Orizonturi Web (Web Horizons)
Orizonturi Web (Web Horizons)Sabin Buraga
 
Roelof Temmingh FIRST07 slides
Roelof Temmingh FIRST07 slidesRoelof Temmingh FIRST07 slides
Roelof Temmingh FIRST07 slidesLeon Kuunders
 
What if Petraeus Was a Hacker?
What if Petraeus Was a Hacker?What if Petraeus Was a Hacker?
What if Petraeus Was a Hacker?Phil Cryer
 
Online policy primer – net303
Online policy primer – net303Online policy primer – net303
Online policy primer – net303atleeit
 
HSBC-IBA Case Competition 2016 Final Round
HSBC-IBA Case Competition 2016 Final RoundHSBC-IBA Case Competition 2016 Final Round
HSBC-IBA Case Competition 2016 Final RoundTeam Phoenix
 
Berkshire Hathaway New Strategy (McKinsey Case Championship)
Berkshire Hathaway New Strategy (McKinsey Case Championship)Berkshire Hathaway New Strategy (McKinsey Case Championship)
Berkshire Hathaway New Strategy (McKinsey Case Championship)Andrey Aliasov
 
GE Smart Energy Case Competition - 2013 MIT Sloan Submission
GE Smart Energy Case Competition - 2013 MIT Sloan SubmissionGE Smart Energy Case Competition - 2013 MIT Sloan Submission
GE Smart Energy Case Competition - 2013 MIT Sloan SubmissionAlexander Boutelle
 
UHK - Mckinsey Case Study - Rivadávia - March 2013
UHK - Mckinsey Case Study - Rivadávia - March 2013UHK - Mckinsey Case Study - Rivadávia - March 2013
UHK - Mckinsey Case Study - Rivadávia - March 2013Rivadávia C. Drummond A. Neto,PhD
 
AIG/IBA M&A Case Competition Finalist Presentation
AIG/IBA M&A Case Competition Finalist PresentationAIG/IBA M&A Case Competition Finalist Presentation
AIG/IBA M&A Case Competition Finalist PresentationBenjamin Detemmerman
 
McKinsey case study - innovation in pharma
McKinsey case study - innovation in pharma McKinsey case study - innovation in pharma
McKinsey case study - innovation in pharma Michel DM
 
Presentation by National University of Singapore - Winners of CBS Case Compet...
Presentation by National University of Singapore - Winners of CBS Case Compet...Presentation by National University of Singapore - Winners of CBS Case Compet...
Presentation by National University of Singapore - Winners of CBS Case Compet...CBS Case Competition
 
IQ Work Hacks : Verbal communication
IQ Work Hacks : Verbal communication IQ Work Hacks : Verbal communication
IQ Work Hacks : Verbal communication InterQuest Group
 

More Related Content

What's hot

Digital ASSETS: A PATH TO FIDUCIARY ACCESS - FALL 2014
Digital ASSETS: A PATH TO FIDUCIARY ACCESS - FALL 2014Digital ASSETS: A PATH TO FIDUCIARY ACCESS - FALL 2014
Digital ASSETS: A PATH TO FIDUCIARY ACCESS - FALL 2014gallowayandcollens
 
Web 2.0, Dansk IT 2007-10-25
Web 2.0, Dansk IT 2007-10-25Web 2.0, Dansk IT 2007-10-25
Web 2.0, Dansk IT 2007-10-25Anders Pollas
 
What is Web 3.0?
What is Web 3.0?What is Web 3.0?
What is Web 3.0?Johan Koren
 
How GoDaddy Brought Down Millions of Sites – and How to Avoid Being a DNS Out...
How GoDaddy Brought Down Millions of Sites – and How to Avoid Being a DNS Out...How GoDaddy Brought Down Millions of Sites – and How to Avoid Being a DNS Out...
How GoDaddy Brought Down Millions of Sites – and How to Avoid Being a DNS Out...Yottaa
 
Web 4.0 and beyond
Web 4.0 and beyondWeb 4.0 and beyond
Web 4.0 and beyondJohan Koren
 
Generations of web 1.0, 2.0 and 3.0
Generations of web 1.0, 2.0 and 3.0Generations of web 1.0, 2.0 and 3.0
Generations of web 1.0, 2.0 and 3.0ShamsReza2
 
Orizonturi Web (Web Horizons)
Orizonturi Web (Web Horizons)Orizonturi Web (Web Horizons)
Orizonturi Web (Web Horizons)Sabin Buraga
 
Roelof Temmingh FIRST07 slides
Roelof Temmingh FIRST07 slidesRoelof Temmingh FIRST07 slides
Roelof Temmingh FIRST07 slidesLeon Kuunders
 
What if Petraeus Was a Hacker?
What if Petraeus Was a Hacker?What if Petraeus Was a Hacker?
What if Petraeus Was a Hacker?Phil Cryer
 
Online policy primer – net303
Online policy primer – net303Online policy primer – net303
Online policy primer – net303atleeit
 

What's hot (14)

Web 1 2 3
Web 1 2 3Web 1 2 3
Web 1 2 3
 
Digital ASSETS: A PATH TO FIDUCIARY ACCESS - FALL 2014
Digital ASSETS: A PATH TO FIDUCIARY ACCESS - FALL 2014Digital ASSETS: A PATH TO FIDUCIARY ACCESS - FALL 2014
Digital ASSETS: A PATH TO FIDUCIARY ACCESS - FALL 2014
 
The Evolution of Web 3.0
The Evolution of Web 3.0The Evolution of Web 3.0
The Evolution of Web 3.0
 
Our online identity
Our online identityOur online identity
Our online identity
 
Web 3.0 :The Evolution of Web
Web 3.0 :The Evolution of WebWeb 3.0 :The Evolution of Web
Web 3.0 :The Evolution of Web
 
Web 2.0, Dansk IT 2007-10-25
Web 2.0, Dansk IT 2007-10-25Web 2.0, Dansk IT 2007-10-25
Web 2.0, Dansk IT 2007-10-25
 
What is Web 3.0?
What is Web 3.0?What is Web 3.0?
What is Web 3.0?
 
How GoDaddy Brought Down Millions of Sites – and How to Avoid Being a DNS Out...
How GoDaddy Brought Down Millions of Sites – and How to Avoid Being a DNS Out...How GoDaddy Brought Down Millions of Sites – and How to Avoid Being a DNS Out...
How GoDaddy Brought Down Millions of Sites – and How to Avoid Being a DNS Out...
 
Web 4.0 and beyond
Web 4.0 and beyondWeb 4.0 and beyond
Web 4.0 and beyond
 
Generations of web 1.0, 2.0 and 3.0
Generations of web 1.0, 2.0 and 3.0Generations of web 1.0, 2.0 and 3.0
Generations of web 1.0, 2.0 and 3.0
 
Orizonturi Web (Web Horizons)
Orizonturi Web (Web Horizons)Orizonturi Web (Web Horizons)
Orizonturi Web (Web Horizons)
 
Roelof Temmingh FIRST07 slides
Roelof Temmingh FIRST07 slidesRoelof Temmingh FIRST07 slides
Roelof Temmingh FIRST07 slides
 
What if Petraeus Was a Hacker?
What if Petraeus Was a Hacker?What if Petraeus Was a Hacker?
What if Petraeus Was a Hacker?
 
Online policy primer – net303
Online policy primer – net303Online policy primer – net303
Online policy primer – net303
 

Viewers also liked

HSBC-IBA Case Competition 2016 Final Round
HSBC-IBA Case Competition 2016 Final RoundHSBC-IBA Case Competition 2016 Final Round
HSBC-IBA Case Competition 2016 Final RoundTeam Phoenix
 
Berkshire Hathaway New Strategy (McKinsey Case Championship)
Berkshire Hathaway New Strategy (McKinsey Case Championship)Berkshire Hathaway New Strategy (McKinsey Case Championship)
Berkshire Hathaway New Strategy (McKinsey Case Championship)Andrey Aliasov
 
GE Smart Energy Case Competition - 2013 MIT Sloan Submission
GE Smart Energy Case Competition - 2013 MIT Sloan SubmissionGE Smart Energy Case Competition - 2013 MIT Sloan Submission
GE Smart Energy Case Competition - 2013 MIT Sloan SubmissionAlexander Boutelle
 
AIG/IBA M&A Case Competition Finalist Presentation
AIG/IBA M&A Case Competition Finalist PresentationAIG/IBA M&A Case Competition Finalist Presentation
AIG/IBA M&A Case Competition Finalist PresentationBenjamin Detemmerman
 
McKinsey case study - innovation in pharma
McKinsey case study - innovation in pharma McKinsey case study - innovation in pharma
McKinsey case study - innovation in pharma Michel DM
 
Presentation by National University of Singapore - Winners of CBS Case Compet...
Presentation by National University of Singapore - Winners of CBS Case Compet...Presentation by National University of Singapore - Winners of CBS Case Compet...
Presentation by National University of Singapore - Winners of CBS Case Compet...CBS Case Competition
 
IQ Work Hacks : Verbal communication
IQ Work Hacks : Verbal communication IQ Work Hacks : Verbal communication
IQ Work Hacks : Verbal communication InterQuest Group
 
Deloitte Case Competition 2013
Deloitte Case Competition 2013Deloitte Case Competition 2013
Deloitte Case Competition 2013ryanamenges
 

Viewers also liked (11)

HSBC-IBA Case Competition 2016 Final Round
HSBC-IBA Case Competition 2016 Final RoundHSBC-IBA Case Competition 2016 Final Round
HSBC-IBA Case Competition 2016 Final Round
 
Berkshire Hathaway New Strategy (McKinsey Case Championship)
Berkshire Hathaway New Strategy (McKinsey Case Championship)Berkshire Hathaway New Strategy (McKinsey Case Championship)
Berkshire Hathaway New Strategy (McKinsey Case Championship)
 
GE Smart Energy Case Competition - 2013 MIT Sloan Submission
GE Smart Energy Case Competition - 2013 MIT Sloan SubmissionGE Smart Energy Case Competition - 2013 MIT Sloan Submission
GE Smart Energy Case Competition - 2013 MIT Sloan Submission
 
UHK - Mckinsey Case Study - Rivadávia - March 2013
UHK - Mckinsey Case Study - Rivadávia - March 2013UHK - Mckinsey Case Study - Rivadávia - March 2013
UHK - Mckinsey Case Study - Rivadávia - March 2013
 
AIG/IBA M&A Case Competition Finalist Presentation
AIG/IBA M&A Case Competition Finalist PresentationAIG/IBA M&A Case Competition Finalist Presentation
AIG/IBA M&A Case Competition Finalist Presentation
 
McKinsey case study - innovation in pharma
McKinsey case study - innovation in pharma McKinsey case study - innovation in pharma
McKinsey case study - innovation in pharma
 
Presentation by National University of Singapore - Winners of CBS Case Compet...
Presentation by National University of Singapore - Winners of CBS Case Compet...Presentation by National University of Singapore - Winners of CBS Case Compet...
Presentation by National University of Singapore - Winners of CBS Case Compet...
 
IQ Work Hacks : Verbal communication
IQ Work Hacks : Verbal communication IQ Work Hacks : Verbal communication
IQ Work Hacks : Verbal communication
 
The Hierarchy of Engagement
The Hierarchy of EngagementThe Hierarchy of Engagement
The Hierarchy of Engagement
 
Deloitte Case Competition 2013
Deloitte Case Competition 2013Deloitte Case Competition 2013
Deloitte Case Competition 2013
 
The AI Rush
The AI RushThe AI Rush
The AI Rush
 

Similar to The Implications of OpenID

OpenID and decentralised social networks
OpenID and decentralised social networksOpenID and decentralised social networks
OpenID and decentralised social networksSimon Willison
 
Identity 2.0 - OpenID And User Centric Identity
Identity 2.0 - OpenID And User Centric IdentityIdentity 2.0 - OpenID And User Centric Identity
Identity 2.0 - OpenID And User Centric IdentityMartin Strandbygaard
 
openid-pres
openid-presopenid-pres
openid-presxlight
 
FOSSwire3 + OpenID
FOSSwire3 + OpenIDFOSSwire3 + OpenID
FOSSwire3 + OpenIDcvanp
 
Open id & OAuth
Open id & OAuthOpen id & OAuth
Open id & OAuthPaul Fryer
 
An Introduction to OpenID
An Introduction to OpenIDAn Introduction to OpenID
An Introduction to OpenIDMax Manders
 
Implementing OpenID for Your Social Networking Site
Implementing OpenID for Your Social Networking SiteImplementing OpenID for Your Social Networking Site
Implementing OpenID for Your Social Networking SiteDavid Keener
 
Things that go bump on the web - Web Application Security
Things that go bump on the web - Web Application SecurityThings that go bump on the web - Web Application Security
Things that go bump on the web - Web Application SecurityChristian Heilmann
 
Transacting PPT.pptx
Transacting PPT.pptxTransacting PPT.pptx
Transacting PPT.pptxLyndaWillett
 
OpenID Tutorials
OpenID TutorialsOpenID Tutorials
OpenID TutorialsNao Haida
 
How to Make An Anonymous Blog PDF (2022)
How to Make An Anonymous Blog PDF (2022)How to Make An Anonymous Blog PDF (2022)
How to Make An Anonymous Blog PDF (2022)abdolrauf
 
Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon Kaliya "Identity Woman" Young
 
OpenID: An Executive Briefing
OpenID: An Executive BriefingOpenID: An Executive Briefing
OpenID: An Executive BriefingDavid Leip
 
DEFCON 23 - Mark Ryan Talabis - The Bieber Project
DEFCON 23 - Mark Ryan Talabis - The Bieber ProjectDEFCON 23 - Mark Ryan Talabis - The Bieber Project
DEFCON 23 - Mark Ryan Talabis - The Bieber ProjectFelipe Prado
 
Geneva Application Security Forum: Vers une authentification plus forte dans ...
Geneva Application Security Forum: Vers une authentification plus forte dans ...Geneva Application Security Forum: Vers une authentification plus forte dans ...
Geneva Application Security Forum: Vers une authentification plus forte dans ...Sylvain Maret
 

Similar to The Implications of OpenID (20)

OpenID and decentralised social networks
OpenID and decentralised social networksOpenID and decentralised social networks
OpenID and decentralised social networks
 
Identity 2.0 - OpenID And User Centric Identity
Identity 2.0 - OpenID And User Centric IdentityIdentity 2.0 - OpenID And User Centric Identity
Identity 2.0 - OpenID And User Centric Identity
 
Open ID
Open IDOpen ID
Open ID
 
Risks With OpenID
Risks With OpenIDRisks With OpenID
Risks With OpenID
 
openid-pres
openid-presopenid-pres
openid-pres
 
FOSSwire3 + OpenID
FOSSwire3 + OpenIDFOSSwire3 + OpenID
FOSSwire3 + OpenID
 
Open id & OAuth
Open id & OAuthOpen id & OAuth
Open id & OAuth
 
An Introduction to OpenID
An Introduction to OpenIDAn Introduction to OpenID
An Introduction to OpenID
 
Implementing OpenID for Your Social Networking Site
Implementing OpenID for Your Social Networking SiteImplementing OpenID for Your Social Networking Site
Implementing OpenID for Your Social Networking Site
 
Identity toolkit
Identity toolkitIdentity toolkit
Identity toolkit
 
Openid Fossconf
Openid FossconfOpenid Fossconf
Openid Fossconf
 
Things that go bump on the web - Web Application Security
Things that go bump on the web - Web Application SecurityThings that go bump on the web - Web Application Security
Things that go bump on the web - Web Application Security
 
Transacting PPT.pptx
Transacting PPT.pptxTransacting PPT.pptx
Transacting PPT.pptx
 
OpenID Tutorials
OpenID TutorialsOpenID Tutorials
OpenID Tutorials
 
How to Make An Anonymous Blog PDF (2022)
How to Make An Anonymous Blog PDF (2022)How to Make An Anonymous Blog PDF (2022)
How to Make An Anonymous Blog PDF (2022)
 
Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon
 
OpenID: An Executive Briefing
OpenID: An Executive BriefingOpenID: An Executive Briefing
OpenID: An Executive Briefing
 
DEFCON 23 - Mark Ryan Talabis - The Bieber Project
DEFCON 23 - Mark Ryan Talabis - The Bieber ProjectDEFCON 23 - Mark Ryan Talabis - The Bieber Project
DEFCON 23 - Mark Ryan Talabis - The Bieber Project
 
Lecture 20101124
Lecture 20101124Lecture 20101124
Lecture 20101124
 
Geneva Application Security Forum: Vers une authentification plus forte dans ...
Geneva Application Security Forum: Vers une authentification plus forte dans ...Geneva Application Security Forum: Vers une authentification plus forte dans ...
Geneva Application Security Forum: Vers une authentification plus forte dans ...
 

More from Simon Willison

Cheap tricks for startups
Cheap tricks for startupsCheap tricks for startups
Cheap tricks for startupsSimon Willison
 
The Django Web Framework (EuroPython 2006)
The Django Web Framework (EuroPython 2006)The Django Web Framework (EuroPython 2006)
The Django Web Framework (EuroPython 2006)Simon Willison
 
How we bootstrapped Lanyrd using Twitter's social graph
How we bootstrapped Lanyrd using Twitter's social graphHow we bootstrapped Lanyrd using Twitter's social graph
How we bootstrapped Lanyrd using Twitter's social graphSimon Willison
 
Web Services for Fun and Profit
Web Services for Fun and ProfitWeb Services for Fun and Profit
Web Services for Fun and ProfitSimon Willison
 
Tricks & challenges developing a large Django application
Tricks & challenges developing a large Django applicationTricks & challenges developing a large Django application
Tricks & challenges developing a large Django applicationSimon Willison
 
Advanced Aspects of the Django Ecosystem: Haystack, Celery & Fabric
Advanced Aspects of the Django Ecosystem: Haystack, Celery & FabricAdvanced Aspects of the Django Ecosystem: Haystack, Celery & Fabric
Advanced Aspects of the Django Ecosystem: Haystack, Celery & FabricSimon Willison
 
How Lanyrd uses Twitter
How Lanyrd uses TwitterHow Lanyrd uses Twitter
How Lanyrd uses TwitterSimon Willison
 
Building Things Fast - and getting approval
Building Things Fast - and getting approvalBuilding Things Fast - and getting approval
Building Things Fast - and getting approvalSimon Willison
 
Rediscovering JavaScript: The Language Behind The Libraries
Rediscovering JavaScript: The Language Behind The LibrariesRediscovering JavaScript: The Language Behind The Libraries
Rediscovering JavaScript: The Language Behind The LibrariesSimon Willison
 
Building crowdsourcing applications
Building crowdsourcing applicationsBuilding crowdsourcing applications
Building crowdsourcing applicationsSimon Willison
 
Evented I/O based web servers, explained using bunnies
Evented I/O based web servers, explained using bunniesEvented I/O based web servers, explained using bunnies
Evented I/O based web servers, explained using bunniesSimon Willison
 
Cowboy development with Django
Cowboy development with DjangoCowboy development with Django
Cowboy development with DjangoSimon Willison
 
Crowdsourcing with Django
Crowdsourcing with DjangoCrowdsourcing with Django
Crowdsourcing with DjangoSimon Willison
 
Class-based views with Django
Class-based views with DjangoClass-based views with Django
Class-based views with DjangoSimon Willison
 
Web App Security Horror Stories
Web App Security Horror StoriesWeb App Security Horror Stories
Web App Security Horror StoriesSimon Willison
 
Web Security Horror Stories
Web Security Horror StoriesWeb Security Horror Stories
Web Security Horror StoriesSimon Willison
 

More from Simon Willison (20)

How Lanyrd does Geo
How Lanyrd does GeoHow Lanyrd does Geo
How Lanyrd does Geo
 
Cheap tricks for startups
Cheap tricks for startupsCheap tricks for startups
Cheap tricks for startups
 
The Django Web Framework (EuroPython 2006)
The Django Web Framework (EuroPython 2006)The Django Web Framework (EuroPython 2006)
The Django Web Framework (EuroPython 2006)
 
Building Lanyrd
Building LanyrdBuilding Lanyrd
Building Lanyrd
 
How we bootstrapped Lanyrd using Twitter's social graph
How we bootstrapped Lanyrd using Twitter's social graphHow we bootstrapped Lanyrd using Twitter's social graph
How we bootstrapped Lanyrd using Twitter's social graph
 
Web Services for Fun and Profit
Web Services for Fun and ProfitWeb Services for Fun and Profit
Web Services for Fun and Profit
 
Tricks & challenges developing a large Django application
Tricks & challenges developing a large Django applicationTricks & challenges developing a large Django application
Tricks & challenges developing a large Django application
 
Advanced Aspects of the Django Ecosystem: Haystack, Celery & Fabric
Advanced Aspects of the Django Ecosystem: Haystack, Celery & FabricAdvanced Aspects of the Django Ecosystem: Haystack, Celery & Fabric
Advanced Aspects of the Django Ecosystem: Haystack, Celery & Fabric
 
How Lanyrd uses Twitter
How Lanyrd uses TwitterHow Lanyrd uses Twitter
How Lanyrd uses Twitter
 
ScaleFail
ScaleFailScaleFail
ScaleFail
 
Building Things Fast - and getting approval
Building Things Fast - and getting approvalBuilding Things Fast - and getting approval
Building Things Fast - and getting approval
 
Rediscovering JavaScript: The Language Behind The Libraries
Rediscovering JavaScript: The Language Behind The LibrariesRediscovering JavaScript: The Language Behind The Libraries
Rediscovering JavaScript: The Language Behind The Libraries
 
Building crowdsourcing applications
Building crowdsourcing applicationsBuilding crowdsourcing applications
Building crowdsourcing applications
 
Evented I/O based web servers, explained using bunnies
Evented I/O based web servers, explained using bunniesEvented I/O based web servers, explained using bunnies
Evented I/O based web servers, explained using bunnies
 
Cowboy development with Django
Cowboy development with DjangoCowboy development with Django
Cowboy development with Django
 
Crowdsourcing with Django
Crowdsourcing with DjangoCrowdsourcing with Django
Crowdsourcing with Django
 
Django Heresies
Django HeresiesDjango Heresies
Django Heresies
 
Class-based views with Django
Class-based views with DjangoClass-based views with Django
Class-based views with Django
 
Web App Security Horror Stories
Web App Security Horror StoriesWeb App Security Horror Stories
Web App Security Horror Stories
 
Web Security Horror Stories
Web Security Horror StoriesWeb Security Horror Stories
Web Security Horror Stories
 

Recently uploaded

Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...itnewsafrica
 

Recently uploaded (20)

Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
 

The Implications of OpenID