1 / 9

OpenID: An Identity Revolution for the Web

OpenID is a free, simple identity system, not owned by any company, designed to combat authentication issues like comment spam. Its design goals include a low barrier to entry, no central server, and using URLs for identity. OpenID isn't a trust system but works as a verification tool. Many major platforms already support it, with trust/reputation providers coming soon. Users can bring their identity across websites. It is a practical solution in use today, with potential for growth and development.

rparker
Download Presentation

OpenID: An Identity Revolution for the Web

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Brad Fitzpatrick brad@danga.com Six Apart, Ltd. / LiveJournal / Danga August 2005

  2. What is OpenID? • an identity system • all the rage lately • a protocol • gratis, libre • not a service or company • not Passport • not TypeKey • not Sxip • survives if companies turn evil or go out of business

  3. Why? lame • no authentication way too common • comment spam • auth interop • LiveJournal • TypePad • Movable Type • DeadJournal, WordPress, TextPattern, .....

  4. Design Goals • low barrier to entry • works with static HTML pages • no registration (no central server) • understandable identity (a URL) • no new namespace • no public keys (key revocation, etc...) • no SSL required • no browser plugins • most simple protocol possible • other needs layered atop

  5. What OpenID isn't... • a trust system • need identity before you can have trust • a solution for all identity problems • perfectly secure • DNS spoofing • man-in-the-middle • between some parts

  6. How's it work? • proves “who” you are • one-time assertions w/ digital signature • see openid.net for specs • not that you're a good person • spammers can/will/have setup OpenID servers • better than state of email today • Trust/reputation providers on their way • 5+ companies working on this • TrustRank

  7. Chicken / Egg • LiveJournal / TypePad / Movable Type • all support OpenID server • OpenID consumer in LJ/MT • TypePad soon enough • TypeKey • still speaks TypeKey. also speaks OpenID • an OpenID provider for people without their own • 10M+ OpenID users who don't know it • already: DeadJ/GreatestJ/LiveJ interop

  8. Why URLs as identity? • already the convention • Comment by Matt at 7:23pm • mouseover to see which Matt • users don't understand public keys • users don't understand namespaces • users do understand URLs • 10+ years of billboards and TV commercials • you can click them • tangible

  9. Why should you use OpenID? • interop with others using OpenID • your users can mark external users leaving comments as “trusted” or “friends” • your users can bring their identity to other sites, thus advertising your service • not theoretical, already in use • can support OpenID + _______ in future • no reason to only support OpenID • free • open libraries for most languages

More Related