Presentation is loading. Please wait.

Presentation is loading. Please wait.

REFEDS. Rome, October 2009 The OpenID Case Why It’s Not a Bad Idea to Play with The Big Guys.

Similar presentations


Presentation on theme: "REFEDS. Rome, October 2009 The OpenID Case Why It’s Not a Bad Idea to Play with The Big Guys."— Presentation transcript:

1 REFEDS. Rome, October 2009 The OpenID Case Why It’s Not a Bad Idea to Play with The Big Guys

2 REFEDS. Rome, October 2009 The OpenID Advent Simple to understand  You are your URL  Discovery is transparent Simple to extend  JSON-style mechanisms  Can allocate almost anything Embraced by (some of) The Big Guys  And some governments Well aligned with other protocols  Mostly, OAuth And that means opportunities for us

3 REFEDS. Rome, October 2009 The OpenID LoA OpenID-The-Current-Infrastructure  Accept an OpenID as long as it is backed by the basic protocol  Most OpenIDs coming from Internet services with (very) few enrolment requirements  Therefore, very low LoA on identity OpenID-The-Protocol  Supports (or does not forbid) additional checks  Restricting acceptance to well-behaved OPs An example: yo.rediris.es  Requires an identity in a SIR IdP  Equivalent LoA to any SAML AuthN assertion

4 REFEDS. Rome, October 2009 OpenID-The-Protocol SP checks for trusted IdP IdP checks for trusted SP Mutual authentication possible

5 REFEDS. Rome, October 2009 OpenIDs and NameIDs IdP discovery is an integral part of the OpenID protocol  OpenID v2 allows users to express non-unique IDs  yo.rediris.es -> Initial attributes can be forwarded as well  Push-model for IdP-asserted attributes OpenIDs are DNs/NameIDs/SubjectDNs/…  Once expanded and validated can be used as subject identifier in any further query  Aggregate attributes retrieved via OAuth SAML LDAP VOMS...

6 REFEDS. Rome, October 2009 CTX: Full-fledged OpenID

7 REFEDS. Rome, October 2009 CTX: Full-fledged OpenID

8 REFEDS. Rome, October 2009 The Identity Golden Rule Digital identities are more valuable as they are more widely assertable Adoption/use of OpenID is a wise move Policies (and technologies) to define  What makes an OP reliable  What makes an OpenID usable  How to express metadata related to OP An algebra for attributes and LoAs


Download ppt "REFEDS. Rome, October 2009 The OpenID Case Why It’s Not a Bad Idea to Play with The Big Guys."

Similar presentations


Ads by Google