the identity problem of the web and how to solve it
TRANSCRIPT
![Page 1: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/1.jpg)
The Identity Problem of the Web and how to solve it
Bastian HofmannResearchGate GmbH
![Page 2: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/2.jpg)
![Page 3: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/3.jpg)
![Page 4: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/4.jpg)
![Page 5: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/5.jpg)
![Page 6: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/6.jpg)
![Page 7: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/7.jpg)
Questions? Ask!
![Page 9: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/9.jpg)
Only one identity?
![Page 10: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/10.jpg)
Identity is conveyed by communication
Identity is not fixed but recreated by every communication with your fellows
Expectations of different people result in different identities
Lothar Krappmann
![Page 11: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/11.jpg)
Paul Adamshttp://www.slideshare.net/padday/the-real-life-social-network-v2
![Page 12: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/12.jpg)
![Page 13: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/13.jpg)
![Page 14: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/14.jpg)
Sign up again and again
![Page 15: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/15.jpg)
Passwords are broken
Same password for more than one service
Names, birthdays, car brand, ...
Too short, too simple
Saved unsecurely in the browser
Disclosed to others
Sent over non encrypted connections
![Page 16: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/16.jpg)
Single Sign On
![Page 17: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/17.jpg)
Microsoft Live ID
Launched 1999 as .net Passport
![Page 18: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/18.jpg)
Facebook Connect
![Page 19: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/19.jpg)
![Page 20: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/20.jpg)
And there are much more
![Page 21: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/21.jpg)
Nascar problem
![Page 24: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/24.jpg)
The Client
![Page 26: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/26.jpg)
![Page 28: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/28.jpg)
http://bhofmann.myopenid.comHTTP POST
stackoverflow.com
![Page 29: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/29.jpg)
http://bhofmann.myopenid.comHTTP POST
stackoverflow.comHTTP GET
bhofmann.myopenid.com
![Page 30: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/30.jpg)
http://bhofmann.myopenid.comHTTP POST
stackoverflow.com
bhofmann.myopenid.com
<link rel="openid2.provider" href="http://www.myopenid.com/server" />
![Page 31: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/31.jpg)
http://bhofmann.myopenid.comHTTP POST
stackoverflow.com
myopenid.com/server
Establish shared secret(Diffie-Hellman)
![Page 32: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/32.jpg)
http://myopenid.com/server?openid.identity=http://bhofmann.myopenid.com&...
HTTP Redirect
stackoverflow.com
![Page 33: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/33.jpg)
HTTP GET
myopenid.com/server?
openid.identity=http://
bhofmann.myopenid.com&...
![Page 34: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/34.jpg)
Login
myopenid.com/server?
openid.identity=http://
bhofmann.myopenid.com&...
![Page 35: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/35.jpg)
Grant permission
myopenid.com/server?
openid.identity=http://
bhofmann.myopenid.com&...
![Page 36: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/36.jpg)
myopenid.com/server?
openid.identity=http://
bhofmann.myopenid.com&...
http://stackoverflow.com/?assertion...HTTP Redirect
![Page 37: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/37.jpg)
HTTP GET
stackoverflow.com
Verify assertion
![Page 38: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/38.jpg)
DEMO
http://stackoverflow.com/
https://www.myopenid.com/
![Page 39: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/39.jpg)
Who is the user?
Is this really user X?
Is X allowed to do something?
Does X have the permission?
VS
Client sites want more than just a unique identifier (Social Graph)
Authentication vs Authorization
![Page 40: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/40.jpg)
But there are Spec Extensions
![Page 41: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/41.jpg)
Additional parameters on the redirects
![Page 42: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/42.jpg)
Simple Registration
![Page 43: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/43.jpg)
openid.sreg.required=openid.sreg.fullname&openid.sreg.optional=openid.sreg.email,openid.sreg.gender
openid.sreg.fullname=Bastian&openid.sreg.gender=male
![Page 44: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/44.jpg)
Attribute Exchange
![Page 45: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/45.jpg)
penid.ns.ax=http://openid.net/srv/ax/1.0openid.ax.mode=fetch_requestopenid.ax.type.fname=http://example.com/schema/fullnameopenid.ax.type.gender=http://example.com/schema/genderopenid.ax.type.fav_dog=http://example.com/schema/favourite_dogopenid.ax.type.fav_movie=http://example.com/schema/favourite_movieopenid.ax.count.fav_movie=3openid.ax.required=fname,genderopenid.ax.if_available=fav_dog,fav_movieopenid.ax.update_url=http://idconsumer.com/update?transaction_id=a6b5c41
![Page 46: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/46.jpg)
openid.ns.ax=http://openid.net/srv/ax/1.0openid.ax.mode=fetch_responseopenid.ax.type.fname=http://example.com/schema/fullnameopenid.ax.type.gender=http://example.com/schema/genderopenid.ax.type.fav_dog=http://example.com/schema/favourite_dogopenid.ax.type.fav_movie=http://example.com/schema/favourite_movieopenid.ax.value.fname=John Smithopenid.ax.count.gender=0openid.ax.value.fav_dog=Spotopenid.ax.count.fav_movie=2openid.ax.value.fav_movie.1=Movie1openid.ax.value.fav_movie.2=Movie2openid.ax.update_url=http://idconsumer.com/update?transaction_id=a6b5c41
![Page 47: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/47.jpg)
openid.ns.ax=http://openid.net/srv/ax/1.0openid.ax.mode=store_requestopenid.ax.type.fname=http://example.com/schema/fullnameopenid.ax.value.fname=Bob Smithopenid.ax.type.fav_movie=http://example.com/schema/favourite_movieopenid.ax.count.fav_movie=2openid.ax.value.fav_movie.1=Movie1openid.ax.value.fav_movie.2=Movie2
![Page 48: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/48.jpg)
openid.ns.ax=http://openid.net/srv/ax/1.0openid.ax.mode=store_response_success
![Page 50: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/50.jpg)
lanyrd.com
twitter.com
Pre Registration of Client at Twitter:
- Shared Consumer Key- Shared Consumer Secret
![Page 51: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/51.jpg)
HTTP POSTConnect with Twitter
lanyrd.com
![Page 52: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/52.jpg)
twitter.com
HTTP POSTConnect with Twitter
HTTP GETConsumer KeyRedirect URISignature (Consumer Secret)
lanyrd.com
![Page 53: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/53.jpg)
twitter.com
HTTP POSTConnect with Twitter
Request TokenRequest Token Secret
lanyrd.com
![Page 54: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/54.jpg)
http://twitter.com/authorize?requestToken=...&consumerKey=...
HTTP Redirect
lanyrd.com
![Page 55: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/55.jpg)
HTTP GET
twitter.com/authorize
![Page 56: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/56.jpg)
Login
twitter.com/authorize
![Page 57: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/57.jpg)
Grant permission
twitter.com/authorize
Create verifier and bind it to User and Request Token
![Page 58: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/58.jpg)
Redirect URI?verifier=...&requestToken=..HTTP Redirect
twitter.com/authorize
![Page 59: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/59.jpg)
HTTP GET
lanyrd.com(RedirectURI?
verifier=...)
![Page 60: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/60.jpg)
HTTP GET
HTTP GETConsumer Key, RequestTokenVerifierSignature (Consumer & Request Token Secret)
twitter.com
lanyrd.com
![Page 61: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/61.jpg)
HTTP GET
Access TokenAccess Token Secret
twitter.com
lanyrd.com
![Page 62: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/62.jpg)
HTTP GET
API RequestConsumer Key, Access TokenSignature (Consumer & Access Token Secret)
twitter.com
lanyrd.com
![Page 63: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/63.jpg)
• Combines OpenID Authentication and OAuth authorization
openid.ns.oauth=http://specs.openid.net/extensions/oauth/1.0&openid.oauth.consumer=123456
openid.ns.oauth=http://specs.openid.net/extensions/oauth/1.0&openid.oauth.request_token=7890
OpenID + OAuth
![Page 64: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/64.jpg)
OpenID is dead
![Page 65: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/65.jpg)
„OpenID has been a burden on support since the day it was launched.“
„Fewer than 1% of all 37signals users are currently using OpenID.“
http://productblog.37signals.com/products/2011/01/well-be-retiring-our-support-of-openid-on-may-1.html
![Page 66: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/66.jpg)
„OpenID is the worst possible "solution" I have ever seen in my entire life to a problem that most people don't really have.“
Yishan Wong (Facebook)
http://www.quora.com/What-s-wrong-with-OpenID
![Page 67: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/67.jpg)
Failures of OpenID 2.0
Complex to implement
URL as identifier => Bad User Experience
Do you have an OpenID?
What is it?
No marketing
![Page 68: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/68.jpg)
Facebook Connect250,000,000 monthly users
![Page 69: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/69.jpg)
So let‘s all use Facebook?
![Page 70: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/70.jpg)
How to fix it?
![Page 71: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/71.jpg)
Easier to implement
More simple specification
Better user experience
wider adption
Built on top of OAuth 2.0
![Page 72: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/72.jpg)
What‘s wrong with OAuth?
Does not work well with non web or JavaScript based clients
The „Invalid Signature“ Problem
Complicated Flow, many requests
![Page 74: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/74.jpg)
http://tools.ietf.org/html/draft-ietf-oauth-v2
What‘s new in OAuth2? (Draft 10)
Different client profiles
No signatures
No Token Secrets
Cookie-like Bearer Token
No Request Tokens
Much more flexible regarding extensions
Mandatory TSL/SSL
![Page 75: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/75.jpg)
Web-Server Profile
![Page 76: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/76.jpg)
lanyrd.com
twitter.com
Pre Registration of Client at Twitter:
- Shared Client ID- Shared Client Secret- Redirect URI
![Page 77: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/77.jpg)
HTTP(S) POSTConnect with Twitter
lanyrd.com
![Page 78: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/78.jpg)
http://twitter.com/authorize?&clientId=...
HTTPS Redirect
lanyrd.com
![Page 79: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/79.jpg)
HTTPS GET
twitter.com/authorize
![Page 80: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/80.jpg)
Login
twitter.com/authorize
![Page 81: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/81.jpg)
Grant permission
twitter.com/authorize
Create authorization code and bind it to User and ClientID
![Page 82: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/82.jpg)
Redirect URI?authorizationCode=...HTTPS Redirect
twitter.com/authorize
![Page 83: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/83.jpg)
HTTPS GET
lanyrd.com(RedirectURI?
authorizationCode=...)
![Page 84: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/84.jpg)
HTTPS GET
HTTPS GETConsumer KeyAuthorization CodeConsumer Secret
twitter.com
lanyrd.com
![Page 85: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/85.jpg)
HTTPS GET
Access Token(Refresh Token)
twitter.com
lanyrd.com
![Page 86: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/86.jpg)
HTTPS GET
HTTPS API RequestAccess Token
twitter.com
lanyrd.com
![Page 87: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/87.jpg)
HTTPS GET
HTTPS GETConsumer KeyRefresh TokenConsumer Secret
twitter.com
lanyrd.com
![Page 88: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/88.jpg)
HTTPS GET
Access TokenRefresh Token
twitter.com
lanyrd.com
![Page 89: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/89.jpg)
User-Agent Profile
![Page 90: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/90.jpg)
http://twitter.com/authorize?&clientId=...
Open Popup
lanyrd.com
![Page 91: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/91.jpg)
http://twitter.com/authorize?&clientId=...
Open Popup
lanyrd.com
HTTPS GET
twitter.com/authorize
![Page 92: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/92.jpg)
http://twitter.com/authorize?&clientId=...
Open Popup
lanyrd.com
Login
twitter.com/authorize
![Page 93: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/93.jpg)
http://twitter.com/authorize?&clientId=...
Open Popup
lanyrd.com
Grant Permission
twitter.com/authorize
![Page 94: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/94.jpg)
lanyrd.com
HTTPS RedirectRedirectURI#acces
sToken
twitter.com/authorize
RedirectURI#accessToken
lanyrd.com
![Page 95: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/95.jpg)
lanyrd.com
RedirectURI#accessToken
Parse Access Token from FragmentSend it to opening window
Close popup lanyrd.com
![Page 96: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/96.jpg)
Same Origin Policy
![Page 97: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/97.jpg)
lanyrd.com
HTTPS Ajax Request to APIAccess Token
twitter.com
![Page 98: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/98.jpg)
Same Origin Policy
![Page 99: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/99.jpg)
JSONP
![Page 100: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/100.jpg)
Cross Origin Request Sharing (CORS)
![Page 101: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/101.jpg)
Backendapi.twitter.com
Client lanyrd.com
AJAX
Access-Control-Allow-Origin: *
http://www.w3.org/TR/cors/
![Page 102: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/102.jpg)
What happend to signatures?
Bearer Tokens are fine over secure connection
Vulnerable if discovery is introduced
Or if TSL/SSL is not possible
So OAuth 1.0 signatures alternatively available
![Page 103: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/103.jpg)
Scopes
Optional parameter for provider specific implementations
Additional return values
Access Control
![Page 104: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/104.jpg)
http://openidconnect.com/
Scope: „openid“
With access token additional values are returned
UserID: URL to Portable Contacts endpoint
TimestampSignature
![Page 105: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/105.jpg)
http://opensocial-demo.vz-modules.net/vzid/index.php
https://github.com/vznet/vz_id_democlient
![Page 106: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/106.jpg)
DEMO
![Page 107: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/107.jpg)
OpenID Connect Discovery
Get Identifier of user
Look for a link pointing to the OpenID Connect endpoints in the returned LRDD
Call /.well-‐known/host-‐meta file at the domain of the user‘s provider
![Page 108: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/108.jpg)
http://example.com/.well-known/host-meta
http://tools.ietf.org/html/draft-nottingham-site-meta
![Page 109: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/109.jpg)
http://code.google.com/p/webfinger/
![Page 111: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/111.jpg)
Phishing
![Page 112: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/112.jpg)
E-mail address equals identity?
@
![Page 113: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/113.jpg)
Can the browser help?
![Page 114: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/114.jpg)
http://esw.w3.org/Foaf%2Bssl
FOAF+SSL (WebID)
![Page 115: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/115.jpg)
DEMO
http://trunk.ontowiki.net/
http://www.w3.org/wiki/Foaf%2Bssl/IDP
![Page 116: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/116.jpg)
Bad browser UI
Syncing between different computers?
More than one user on the same computer?
![Page 117: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/117.jpg)
Mozilla UX Mockups
![Page 119: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/119.jpg)
DEMO
http://myfavoritebeer.org/
https://addons.mozilla.org/en-US/firefox/addon/browser-sign-in/
![Page 120: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/120.jpg)
• We need a single sign on system for the web
• Proprietary solutions are bad for users, site owners and developers
• OpenID is cool, but has some problems
• A new more simple and flexible spec is coming up
• Browser vendors are working to solve this problem in the browser
Summing it up
![Page 122: The Identity Problem of the Web and how to solve it](https://reader033.vdocument.in/reader033/viewer/2022060109/55538db4b4c905ba078b49f7/html5/thumbnails/122.jpg)
h"p://twi"er.com/Bas2anHofmannh"ps://profiles.google.com/bashofmannh"p://lanyrd.com/people/Bas2anHofmann/h"p://slideshare.net/bashofmann