2. ~/ $ who am i
• Frank Louwers - frank@openminds.be
• Partner in Openminds & Metatale
• http://frank.be
• Openminds offers high-quality, high-
performance Internetsolutions
• Openminds launched the first Belgian
OpenID identity server
4. Quick Poll?
• Who uses same username / password for
every new account?
5. Quick Poll?
• Who uses same username / password for
every new account?
• Who loses usernames / passwords for
some sites?
6. Quick Poll?
• Who uses same username / password for
every new account?
• Who loses usernames / passwords for
some sites?
• Who has a blog?
7. Quick Poll?
• Who uses same username / password for
every new account?
• Who loses usernames / passwords for
some sites?
• Who has a blog?
• Who has OpenID? (Wordpress.com, AOL,
Typepad,Yahoo!, ...)
9. Morning workflow
• Read Mail
• Read RSS feeds
• Use company Intranet / wiki
• Write blogpost
• Comment on other blogs / wiki
10. Morning workflow
• Read Mail needs login
• Read RSS feeds
• Use company Intranet / wiki
• Write blogpost
• Comment on other blogs / wiki
11. Morning workflow
• Read Mail needs login
• Read RSS feeds needs login
• Use company Intranet / wiki
• Write blogpost
• Comment on other blogs / wiki
12. Morning workflow
• Read Mail needs login
• Read RSS feeds needs login
• Use company Intranet / wiki needs login
• Write blogpost
• Comment on other blogs / wiki
13. Morning workflow
• Read Mail needs login
• Read RSS feeds needs login
• Use company Intranet / wiki needs login
• Write blogpost needs login
• Comment on other blogs / wiki
14. Morning workflow
• Read Mail needs login
• Read RSS feeds needs login
• Use company Intranet / wiki needs login
• Write blogpost needs login
• Comment on other blogs / wiki needs login
19. Lazy solution
• Same password everywhere
• Not safe
• One site compromised, all sites
compromised
• When your mail-address changes, accounts
lost?
20. Solution: Single Sign On
• Previous attempts: Microsoft Passport.net
• Centralised (not everyone trusts MS)
• Expensive to integrate
• Not extendable
21. OpenID: KISS
• De-centralised
• Open Standards based
• easy, lightweight protocol
• providing Single Sign On
• Based on proven standards (dns and urls)
• A blog identifies a person
22. De-centralised
• You choose one of the many OpenID i-
providers (http://openid.openminds.be)
• You choose who you trust and why
• Even set-up your own OpenID server if
you want
• It’s the only place where your credentials
are stored
24. Login to OpenID sites
• Enter your OpenID identifier url as
“username”
• Site contacts your OpenID Server (based
on url)
• OpenID Server checks if you are logged in
• OpenID Server passes token to site
25.
26. Only the first time I login to an OpenID site that day.
Next time, only a confirmation is needed.
28. Wikitravel doesn’t have a local account for this OpenID.
Suggests me to create one. This happens only the first
time. It binds my OpenID (openid.openminds.be/frank) to
this new account.
29. Blog url as OpenID
• My OpenID: openid.openminds.be/frank
• My blog: frank.be
• Solution? Simple HTML tags!
30. Add html headers tags
No other plugins or code needed on your blog!
33. Plugins available for:
• Blog software (Wordpress, MT,
Mephisto, ...)
• Wiki software (MediaWiki, DokuWiki, ...)
• Almost all Web frameworks (Drupal, Ruby
on Rails, Joomla, Django, ...)
34. Add OpenID to your project
• Lower barrier (users don’t need to create
an account) eg: http://iusethis.com
• Simplifies account setup
• Specific hacks
• AIM integration
• Company Intranets or wiki’s and
Company OpenID
35. Problems?
• Google isn’t in, and won’t be in soon
• Login is slower (browser redirects ...)
• Vulnerable to Phishing
• risk actually less than with username /
password logins
• can be fixed with plugins (and FF3)
36. Future versions
• Exchange of more attributes
• Gravatars?
• Address (eg for shipping)
• Language / timezone settings
• Verified email address or not
• Security enhancements