• Too many Usernames and Passwords • Someone took your desired Username • User profile is distributed • Account management is difficult • Get bored of filling long forms again and again.
Trang 1OPEN ID
Associate Professor, Dr: Trần Minh Triết
Presenter: Trần Tiên Tín
Võ Văn Mỹ
1
Trang 2• Too many Usernames and Passwords
• Someone took your desired Username
• User profile is distributed
• Account management is difficult
• Get bored of filling long forms again and again
Trang 33
With OpenId, you get to choose who manages your identity
Trang 4• “ OpenID (OID) is an open standard and
decentralized protocol by the non-profit OpenID
Foundation that allows users to be authenticated by
certain co-operating sites (known as Relying Parties
or RP) using a third party service ”
Trang 55
Trang 65/2005 - Brad Fitzpatrick creator of popular community
website LiveJournal, while working at Six Apart
2006 - Submitted a proposal to
formalize extensions to OpenID
2007 – Computer security
company announced support for OpenID in its Identity Initiative products and service
02/2014 – OpenID Connect
2008 - Yahoo announced initial OpenID 2.0 support, both as a provider and
as a relying party, releasing the service by the end of the month In early
February, Google, IBM, Microsoft, VeriSign, and Yahoo! joined the
OpenID Foundation as corporate board members
2009, 2013…
Trang 7HOW OPENID WORK ?
7
Trang 8HOW OPENID WORK ?
• Site Fetches the HTML of my openID
• Finds “ openid.server”
• Establishes a shared secret with the provider
• Redirects my browser to the provider where I
authenticate and allow the openId login
• Provider redirects my browser back to the site with an openId response
• Site verifies the signature and logs me in
Trang 9PROTOCOLS AND SECURITY
• Authentication
Uses URL as the Identity of User
• OpenID 2.0 uses Yadis
• Uses Diffie-Hellman Key Exchange Mechanism at different level
• Use Secured Socket Layer
• Generate strong MAC keys
9
Trang 10PROTOCOLS AND SECURITY
• Authentication bugs
• Phishing
• Privacy / Trust Issue
• Authentication Hijacking in Unsecured Connection
Trang 11• Globally unique & your URL is your Identity
• Few usernames and passwords to remember
• Many OpenID provider like AOL, yahoo,verisignlabs,
myOpenID
• Can put OpenID URL on your app also
• Profile data are stored at one place only.
• Control of sharing information.
• Can easily increase business
11
Trang 12DEMO
Trang 13• Ansuya Chauhan, OPENID.
• http://openid.net/
• http://en.wikipedia.org/wiki/OpenID
• http://
konstantin.beznosov.net/professional/archives/ 241
• http://www.cnet.com/news/serious-security-fla
w-in-oauth-and-openid-discovered
/
13