Download Open_Id

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
Document related concepts

Wireless security wikipedia , lookup

Outlook.com wikipedia , lookup

Mobile security wikipedia , lookup

Next-Generation Secure Computing Base wikipedia , lookup

Security-focused operating system wikipedia , lookup

Cross-site scripting wikipedia , lookup

SAML 2.0 wikipedia , lookup

HTTPS wikipedia , lookup

Authentication wikipedia , lookup

3-D Secure wikipedia , lookup

OpenID wikipedia , lookup

Transcript 
By:
Ansuya Chauhan
What is Open ID???
• Single Sign-on System
• Simple to use
• Uses proven technologies like DNS,
HTTP,
• SSL/TLS and Diffie-Hellman
• It’s Decentralized
• It’s Free
History
•
•
•
•
2005
The original OpenID authentication protocol was developed in May
2005 by Brad Fitzpatrick, creator of popular community website LiveJournal,
while working at Six Apart.
2006
In March 2006, JanRain developed a Simple Registration Extension for
OpenID for primitive profile-exchange, and in April submitted a proposal to
formalize extensions to OpenID.
2007
On January 31, 2007, computer security company announced support
for OpenID in its Identity Initiative products and services.
2008
In mid-January 2008, Yahoo announced initial OpenID 2.0 support, both as
a provider and as a relying party, releasing the service by the end of the
month. In early February, Google, IBM, Microsoft, VeriSign, and Yahoo!
joined the OpenID Foundation as corporate board members.
Three Party System
Why OpenID?
•
•
•
•
•
Too many Usernames and Passwords
Someone took your desired Username
User profile is distributed
Account management is difficult
Get bored of filling long forms again and
again
With OpenId, you get to choose who
manages your identity
An OpenId is a URL
• URL are Globally unique.
• OpenId allows proving ownership of an
URL
• People already have identity at URLS via
blogs, photos, Myspace and Facebook Etc
Communication Modes
Direct Communication
Indirect Communication
Modes of Communication
There are two basic methods or modes of
communication between the consumer and
the identity provider depending upon how
consumer is configured.
• Dumb Mode
• Smart Mode
How OpenID works??
How openId works?
•
•
•
•
Site Fetches the HTML of my openID
Finds “ openid.server”
Establishes a shared secret with the provider
Redirects my browser to the provider where I
authenticate and allow the openId login
• Provider redirects my browser back to the site
with an openId response.
• Site verifies the signature and logs me in
How to Use OpenId?
• http://www.youtube.com/watch?v=Vq0R1Y1A2rE
Types of Messages
• Four basic types of messages
• The associate message
• The check_immediate message
• The check_setup message
The check_authentication message
Protocols and Security
• Authentication
Uses URL as the Identity of User
• OpenID 2.0 uses Yadis.
• Uses Diffie-Hellman Key Exchange Mechanism
at different level.
• Use Secured Socket Layer
• Generate strong MAC keys.
OpenID Support in different
Languages
• OpenID Is supported in many
programming languages and API’s are
available
• Java, PHP, Perl C/C++, C##, python ,cold
Fusion
Limitation of OpenID & Possible
Solutions.
• Phishing
• A distrusted site redirects you to your
trusted provider through a proxy.
Possible Solutions
• Trusted and Security features by OpenID provider
• Jabber
• Microsoft card space
• DynDNS
Advantages
• Globally unique & your URL is your Identity
• Few usernames and passwords to remember
• Many OpenID provider like AOL,
yahoo,verisignlabs, myOpenID
• Can put OpenID URL on your server also
• Profile data are stored at one place only.
• Control of sharing information.
• Can easily increase business
Future & Conclusion
• Future
• Email as OpenID
• Banking and E-commerce with strong
authentication
• Zero sign on
• High level security algorithm
Conclusion
OpenID as future web authentication
References
•
•
•
•
•
http://en.wikipedia.org/wiki/OpenID#History
http://www.livejournal.com/openid/
http://openid.net/
http://wiki.openid.net/OpenID_HTTP_Authentication
http://openidtrustbearer.wordpress.com/
• http://video.google.com/videoplay?docid=2288395847791059857
Related documents
Identity-Enabling Web Applications: Today`s Landscape
Identity-Enabling Web Applications: Today`s Landscape
Campus Networking Best Practices Session 5: Wireless LAN
Campus Networking Best Practices Session 5: Wireless LAN
Slide
Slide
The Internet - Mr. Rydalch
The Internet - Mr. Rydalch
Reliable Sources Worksheet
Reliable Sources Worksheet
Internet Overview - Data Service Center
Internet Overview - Data Service Center
Why should students learn how to use the Internet?
Why should students learn how to use the Internet?
Search Engine
Search Engine
Chapter 2 The Internet and Multimedia
Chapter 2 The Internet and Multimedia
Panel: Security and the World Wide Web
Panel: Security and the World Wide Web