technical background of vz-id
DESCRIPTION
TRANSCRIPT
![Page 1: Technical Background of VZ-ID](https://reader034.vdocument.in/reader034/viewer/2022052504/54859276b47959050d8b4ec9/html5/thumbnails/1.jpg)
VZ-ID The technical background
Bastian HofmannVZnet Netzwerke Ltd.
VZnet Netzwerke Ltd. -‐ Tuesday, December 7, 2010
![Page 2: Technical Background of VZ-ID](https://reader034.vdocument.in/reader034/viewer/2022052504/54859276b47959050d8b4ec9/html5/thumbnails/2.jpg)
VZnet Netzwerke Ltd. -‐ Tuesday, December 7, 2010
Agenda– Sharing• OExchange• OpenGraph
– Login• OpenID• OAuth & OAuth 2• OpenID Connect
– VZ-‐JavaScript Library
![Page 3: Technical Background of VZ-ID](https://reader034.vdocument.in/reader034/viewer/2022052504/54859276b47959050d8b4ec9/html5/thumbnails/3.jpg)
VZnet Netzwerke Ltd. -‐ Tuesday, December 7, 2010
Sharing
![Page 4: Technical Background of VZ-ID](https://reader034.vdocument.in/reader034/viewer/2022052504/54859276b47959050d8b4ec9/html5/thumbnails/4.jpg)
VZnet Netzwerke Ltd. -‐ Tuesday, December 7, 2010
OExchange• Common API for publishing sth. into social networks
http://www.example.com/share.php?url={URI}&title={title for the content}&description={short description of the content}&ctype=flash&swfurl={SWF URI}&height={preferred SWF height}&width={preferred swf width}&screenshot={screenshot URI}
hQp://www.oexchange.org/
![Page 5: Technical Background of VZ-ID](https://reader034.vdocument.in/reader034/viewer/2022052504/54859276b47959050d8b4ec9/html5/thumbnails/5.jpg)
VZnet Netzwerke Ltd. -‐ Tuesday, December 7, 2010
Discovery over XRD<?xml version='1.0' encoding='UTF-8'?><XRD xmlns="http://docs.oasis-open.org/ns/xri/xrd-1.0"> <Subject>http://www.example.com/linkeater</Subject> <Property type="http://www.oexchange.org/spec/0.8/prop/vendor"> Examples Inc.</Property> <Property type="http://www.oexchange.org/spec/0.8/prop/title"> A Link-Accepting Service</Property> <Link rel= "icon" href="http://www.example.com/favicon.ico" type="image/vnd.microsoft.icon" /> <Link rel= "http://www.oexchange.org/spec/0.8/rel/offer" href="http://www.example.com/linkeater/offer.php" type="text/html" /></XRD>
![Page 6: Technical Background of VZ-ID](https://reader034.vdocument.in/reader034/viewer/2022052504/54859276b47959050d8b4ec9/html5/thumbnails/6.jpg)
VZnet Netzwerke Ltd. -‐ Tuesday, December 7, 2010
OpenGraph
hQp://opengraphprotocol.org/
<meta property="og:title" content="title" /><meta property="og:description" content="description" /><meta property="og:site_name" content="your site name" /><meta property="og:image" content="http://example.com/thumbnail.jpg" />
Retrieves meta data through meta tags in shared page
![Page 7: Technical Background of VZ-ID](https://reader034.vdocument.in/reader034/viewer/2022052504/54859276b47959050d8b4ec9/html5/thumbnails/7.jpg)
VZnet Netzwerke Ltd. -‐ Tuesday, December 7, 2010
Sharing examples @VZ
hQp://developer.studivz.net/wiki/index.php/Sharing
http://platform-redirect.vz-modules.net/r/Link/Share/?url=http%3A%2F%2Fwww.example.com&description=descripton&title=title
http://www.studivz.net/Link/Share/?url=http%3A%2F%2Fwww.example.com&description=descripton&title=title
![Page 8: Technical Background of VZ-ID](https://reader034.vdocument.in/reader034/viewer/2022052504/54859276b47959050d8b4ec9/html5/thumbnails/8.jpg)
VZnet Netzwerke Ltd. -‐ Tuesday, December 7, 2010
Login
![Page 9: Technical Background of VZ-ID](https://reader034.vdocument.in/reader034/viewer/2022052504/54859276b47959050d8b4ec9/html5/thumbnails/9.jpg)
VZnet Netzwerke Ltd. -‐ Tuesday, December 7, 2010
Iden@@es in real life
![Page 10: Technical Background of VZ-ID](https://reader034.vdocument.in/reader034/viewer/2022052504/54859276b47959050d8b4ec9/html5/thumbnails/10.jpg)
VZnet Netzwerke Ltd. -‐ Tuesday, December 7, 2010
Do you have really only one iden@ty?Lothar Krappmann:
-‐ IdenVty is conveyed by communicaVon
-‐ IdenVty is not fixed but recreated by every communicaVon with your fellows
-‐ ExpectaVons of different people result in different idenVVes
![Page 11: Technical Background of VZ-ID](https://reader034.vdocument.in/reader034/viewer/2022052504/54859276b47959050d8b4ec9/html5/thumbnails/11.jpg)
VZnet Netzwerke Ltd. -‐ Tuesday, December 7, 2010
Example:
Paul AdamshQp://www.slideshare.net/padday/the-‐real-‐life-‐social-‐network-‐v2
![Page 12: Technical Background of VZ-ID](https://reader034.vdocument.in/reader034/viewer/2022052504/54859276b47959050d8b4ec9/html5/thumbnails/12.jpg)
VZnet Netzwerke Ltd. -‐ Tuesday, December 7, 2010
Iden@@es in the Web
![Page 13: Technical Background of VZ-ID](https://reader034.vdocument.in/reader034/viewer/2022052504/54859276b47959050d8b4ec9/html5/thumbnails/13.jpg)
VZnet Netzwerke Ltd. -‐ Tuesday, December 7, 2010
Register, Register, Register, ...
![Page 14: Technical Background of VZ-ID](https://reader034.vdocument.in/reader034/viewer/2022052504/54859276b47959050d8b4ec9/html5/thumbnails/14.jpg)
VZnet Netzwerke Ltd. -‐ Tuesday, December 7, 2010
Single Sign on
ul_Marga
![Page 15: Technical Background of VZ-ID](https://reader034.vdocument.in/reader034/viewer/2022052504/54859276b47959050d8b4ec9/html5/thumbnails/15.jpg)
VZnet Netzwerke Ltd. -‐ Tuesday, December 7, 2010
MicrosoK Passport / Live ID
• Windows Live ID• Launched 1999 as .net Passport• Used mainly for Microso] Services but not much outside
• OpenID Provider since 2008
![Page 16: Technical Background of VZ-ID](https://reader034.vdocument.in/reader034/viewer/2022052504/54859276b47959050d8b4ec9/html5/thumbnails/16.jpg)
VZnet Netzwerke Ltd. -‐ Tuesday, December 7, 2010
Facebook Connect
![Page 17: Technical Background of VZ-ID](https://reader034.vdocument.in/reader034/viewer/2022052504/54859276b47959050d8b4ec9/html5/thumbnails/17.jpg)
VZnet Netzwerke Ltd. -‐ Tuesday, December 7, 2010
TwiSer @Anywhere
![Page 18: Technical Background of VZ-ID](https://reader034.vdocument.in/reader034/viewer/2022052504/54859276b47959050d8b4ec9/html5/thumbnails/18.jpg)
VZnet Netzwerke Ltd. -‐ Tuesday, December 7, 2010
And there are much, much more
![Page 19: Technical Background of VZ-ID](https://reader034.vdocument.in/reader034/viewer/2022052504/54859276b47959050d8b4ec9/html5/thumbnails/19.jpg)
VZnet Netzwerke Ltd. -‐ Tuesday, December 7, 2010
Vaguely Artistic
Nascar problem
![Page 20: Technical Background of VZ-ID](https://reader034.vdocument.in/reader034/viewer/2022052504/54859276b47959050d8b4ec9/html5/thumbnails/20.jpg)
VZnet Netzwerke Ltd. -‐ Tuesday, December 7, 2010
How to fix it?
Moff
![Page 21: Technical Background of VZ-ID](https://reader034.vdocument.in/reader034/viewer/2022052504/54859276b47959050d8b4ec9/html5/thumbnails/21.jpg)
VZnet Netzwerke Ltd. -‐ Tuesday, December 7, 2010
Aggrega@on: Janrain
hQp://www.janrain.com/
![Page 22: Technical Background of VZ-ID](https://reader034.vdocument.in/reader034/viewer/2022052504/54859276b47959050d8b4ec9/html5/thumbnails/22.jpg)
VZnet Netzwerke Ltd. -‐ Tuesday, December 7, 2010
OpenID
• Open decentralized user authenVcaVon
hQp://openid.net/
![Page 23: Technical Background of VZ-ID](https://reader034.vdocument.in/reader034/viewer/2022052504/54859276b47959050d8b4ec9/html5/thumbnails/23.jpg)
VZnet Netzwerke Ltd. -‐ Tuesday, December 7, 2010
![Page 24: Technical Background of VZ-ID](https://reader034.vdocument.in/reader034/viewer/2022052504/54859276b47959050d8b4ec9/html5/thumbnails/24.jpg)
VZnet Netzwerke Ltd. -‐ Tuesday, December 7, 2010
Connec@on Flow
![Page 25: Technical Background of VZ-ID](https://reader034.vdocument.in/reader034/viewer/2022052504/54859276b47959050d8b4ec9/html5/thumbnails/25.jpg)
VZnet Netzwerke Ltd. -‐ Tuesday, December 7, 2010
Authen@ca@on vs Authoriza@onWho is the user?
Is this really user X?
Is X allowed to do something?
Does X have the permission?
VS
Client sites want more than just a unique identifier (Social Graph)
![Page 26: Technical Background of VZ-ID](https://reader034.vdocument.in/reader034/viewer/2022052504/54859276b47959050d8b4ec9/html5/thumbnails/26.jpg)
VZnet Netzwerke Ltd. -‐ Tuesday, December 7, 2010
But there are Spec Extensions
decafinata
![Page 27: Technical Background of VZ-ID](https://reader034.vdocument.in/reader034/viewer/2022052504/54859276b47959050d8b4ec9/html5/thumbnails/27.jpg)
VZnet Netzwerke Ltd. -‐ Tuesday, December 7, 2010
OpenID + OAuth
• Combines OpenID AuthenVcaVon and OAuth authorizaVon
openid.ns.oauth=http://specs.openid.net/extensions/oauth/1.0&openid.oauth.consumer=123456
openid.ns.oauth=http://specs.openid.net/extensions/oauth/1.0&openid.oauth.request_token=7890
![Page 28: Technical Background of VZ-ID](https://reader034.vdocument.in/reader034/viewer/2022052504/54859276b47959050d8b4ec9/html5/thumbnails/28.jpg)
VZnet Netzwerke Ltd. -‐ Tuesday, December 7, 2010
OAuth 1.0a Flow +----------+ +---------------+ | -+----(B)-- Request Token -------->| | | End-user | | Authorization | | at |<---(C)-- User authenticates --->| Server | | Browser | | | | -+----(D)-- Verifier -------------<| | +-|----|---+ +---------------+ | | ^ v (B) (D) | | | | | | ^ v | | +---------+ | | | |>---(A)-- Redirect URL ---------------| | | Web |<---(A)-- Request Token + Secret -----| | | Client |>---(E)-- Request Token, Verifier ----' | | |<---(E)-- Access Token + Secret -------------' +---------+
Every Request: Client Credentials, Nonce, Timestamp, Signature
hQp://oauth.net/
![Page 29: Technical Background of VZ-ID](https://reader034.vdocument.in/reader034/viewer/2022052504/54859276b47959050d8b4ec9/html5/thumbnails/29.jpg)
VZnet Netzwerke Ltd. -‐ Tuesday, December 7, 2010
Failures of OpenID 2.0
• Complex to implement
• No markeVng– Do you have an OpenID?–What is it?
• URL as idenVfier => Bad User Experience
![Page 30: Technical Background of VZ-ID](https://reader034.vdocument.in/reader034/viewer/2022052504/54859276b47959050d8b4ec9/html5/thumbnails/30.jpg)
VZnet Netzwerke Ltd. -‐ Tuesday, December 7, 2010
OpenID Connect
• Goals:– Easier to implement–More simple specificaVon– BeQer user experience
• => wider adpVon• Built on top of OAuth 2.0
![Page 31: Technical Background of VZ-ID](https://reader034.vdocument.in/reader034/viewer/2022052504/54859276b47959050d8b4ec9/html5/thumbnails/31.jpg)
VZnet Netzwerke Ltd. -‐ Tuesday, December 7, 2010
What‘s wrong with OAuth?
• Does not work well with non web or JavaScript based clients
• The „Invalid Signature“ Problem
• Complicated Flow, many requests
![Page 32: Technical Background of VZ-ID](https://reader034.vdocument.in/reader034/viewer/2022052504/54859276b47959050d8b4ec9/html5/thumbnails/32.jpg)
VZnet Netzwerke Ltd. -‐ Tuesday, December 7, 2010
What‘s new in OAuth2? (DraK 10)
• Different client profiles• No signatures• No Token Secrets• Cookie-‐like Bearer Token• Mandatory TSL/SSL• No Request Tokens• Much more flexible regarding extensions
hQp://tools.iej.org/html/dra]-‐iej-‐oauth-‐v2
![Page 33: Technical Background of VZ-ID](https://reader034.vdocument.in/reader034/viewer/2022052504/54859276b47959050d8b4ec9/html5/thumbnails/33.jpg)
VZnet Netzwerke Ltd. -‐ Tuesday, December 7, 2010
Web-‐Server Profile +----------+ Client Identifier +---------------+ | -+----(A)--- & Redirect URI ------>| | | End-user | | Authorization | | at |<---(B)-- User authenticates --->| Server | | Browser | | | | -+----(C)-- Authorization Code ---<| | +-|----|---+ +---------------+ | | ^ v (A) (C) | | | | | | ^ v | | +---------+ | | | |>---(D)-- Client Credentials, --------' | | Web | Authorization Code, | | Client | & Redirect URI | | | | | |<---(E)----- Access Token -------------------' +---------+ (w/ Optional Refresh Token)
![Page 34: Technical Background of VZ-ID](https://reader034.vdocument.in/reader034/viewer/2022052504/54859276b47959050d8b4ec9/html5/thumbnails/34.jpg)
VZnet Netzwerke Ltd. -‐ Tuesday, December 7, 2010
User-‐Agent Profile +----------+ Client Identifier +----------------+ | |>---(A)-- & Redirection URI --->| | | | | | End <--+ - - - +----(B)-- User authenticates -->| Authorization | User | | | Server | | |<---(C)--- Redirect URI -------<| | | Client | with Access Token | | | in | in Fragment +----------------+ | Browser | | | +----------------+ | |>---(D)--- Redirect URI ------->| | | | without Fragment | Web Server | | | | with Client | | (F) |<---(E)--- Web Page with ------<| Resource | | Access | Script | | | Token | +----------------+ +----------+
![Page 35: Technical Background of VZ-ID](https://reader034.vdocument.in/reader034/viewer/2022052504/54859276b47959050d8b4ec9/html5/thumbnails/35.jpg)
VZnet Netzwerke Ltd. -‐ Tuesday, December 7, 2010
What happend to signatures?
• Ongoing controvers discussion
• Bearer Tokens are fine over secure connecVon
• Vulnerable if discovery is introduced
• Or TSL/SSL is not possible
![Page 36: Technical Background of VZ-ID](https://reader034.vdocument.in/reader034/viewer/2022052504/54859276b47959050d8b4ec9/html5/thumbnails/36.jpg)
VZnet Netzwerke Ltd. -‐ Tuesday, December 7, 2010
Scopes
• OpVonal parameter for provider specific implementaVons
• For example– AddiVonal return values– Access Control
![Page 37: Technical Background of VZ-ID](https://reader034.vdocument.in/reader034/viewer/2022052504/54859276b47959050d8b4ec9/html5/thumbnails/37.jpg)
VZnet Netzwerke Ltd. -‐ Tuesday, December 7, 2010
OpenID Connect?
• Scope: „openid“
• With access token addiVonal values are returned– UserID: URL to Portable Contacts endpoint– Signature– Timestamp
hQp://openidconnect.com/
![Page 38: Technical Background of VZ-ID](https://reader034.vdocument.in/reader034/viewer/2022052504/54859276b47959050d8b4ec9/html5/thumbnails/38.jpg)
VZnet Netzwerke Ltd. -‐ Tuesday, December 7, 2010
OpenID Connect Discovery
• Get IdenVfier of user
• Call /.well-‐know/host-‐meta file at the domain of the user‘s provider
• Look for a link poinVng to the OpenID Connect endpoints in the returned LRDD
![Page 39: Technical Background of VZ-ID](https://reader034.vdocument.in/reader034/viewer/2022052504/54859276b47959050d8b4ec9/html5/thumbnails/39.jpg)
VZnet Netzwerke Ltd. -‐ Tuesday, December 7, 2010
OpenID Connect @VZ
• Available now
• But without the discovery part– No discovering clients– No discoverable enVVes
![Page 40: Technical Background of VZ-ID](https://reader034.vdocument.in/reader034/viewer/2022052504/54859276b47959050d8b4ec9/html5/thumbnails/40.jpg)
VZnet Netzwerke Ltd. -‐ Tuesday, December 7, 2010
VZ-‐JavaScript Library
hQp://developer.studivz.net/wiki/index.php/JS-‐Library
<script src="http://static.pe.studivz.net/Js/id/v3/library.js" data-authority="platform-redirect.vz-modules.net/r"data-authorityssl="platform-redirect.vz-modules.net/r" type="text/javascript"></script>
<script type="vz/share"> id: shareButton title: title of your site description : a description</script>
![Page 41: Technical Background of VZ-ID](https://reader034.vdocument.in/reader034/viewer/2022052504/54859276b47959050d8b4ec9/html5/thumbnails/41.jpg)
VZnet Netzwerke Ltd. -‐ Tuesday, December 7, 2010
<script type="text/javascript">function callbackMethod(c) { if (c.error) { return; } var url = c.user_id; vz.id.login.callApi(url, function(data) { console.log(data.entry.displayName); });}</script><script type="vz/login"> client_id : 1234567890abcdef redirect_uri : http://example.com/callback.html callback : callbackMethod fields : name,emails</script>
Login widget
hQp://developer.studivz.net/wiki/index.php/JS-‐Library
![Page 42: Technical Background of VZ-ID](https://reader034.vdocument.in/reader034/viewer/2022052504/54859276b47959050d8b4ec9/html5/thumbnails/42.jpg)
VZnet Netzwerke Ltd. -‐ Tuesday, December 7, 2010
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html> <head> <title></title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> </head> <body> <script type="text/javascript"> opener.vz.id.authStorage.setAuthParameterHash(location.hash.substr(1)); window.close(); </script> </body></html>
Callback.html
![Page 43: Technical Background of VZ-ID](https://reader034.vdocument.in/reader034/viewer/2022052504/54859276b47959050d8b4ec9/html5/thumbnails/43.jpg)
VZnet Netzwerke Ltd. -‐ Tuesday, December 7, 2010
Thank you
hQp://twiQer.com/BasVanHofmannhQp://studivz.net/basVanhQp://slideshare.net/[email protected]
hQp://developer.studivz.net