Distributed Identity via OpenID

transcript

OPENID AND THE CASE OF

DISTRIBUTED IDENTITYEXPLORING THE PROBLEM OF DISTRIBUTED IDENTITY AND

OFFERING SOME SOLUTIONS

WHAT ARE WE TALKING ABOUT?

DIGITAL IDENTITY REFERS TO THE ASPECT O F D I G I T A L T E C H N O L O G Y T H A T I S CONCERNED WITH THE MEDIATION OF PEOPLE'S EXPERIENCE OF THEIR OWN IDENTITY AND THE IDENTITY OF OTHER PEOPLE AND THINGS.

“DIGITAL IDENTITY” ALSO HAS ANOTHER C O M M O N U S A G E A S T H E D I G I T A L REPRESENTATION OF A SET OF CLAIMS MADE BY ONE DIGITAL SUBJECT ABOUT ITSELF OR ANOTHER DIGITAL SUBJECT.

IDENTITY === AUTHENTICATION ?

IDENTITY == AUTHENTICATION

STANDARD AUTHENTICATION

A “USER” AGENT REQUESTS A “PAGE” RESOURCE

IS THE RESOURCE REQUESTED PUBLIC?

IF NOT, IS THE REQUESTING AGENT AUTHENTICATED?

IF NOT, IS THE REQUESTING AGENT REGISTERED?

IF “USER” IS REGISTERED

BUT NOT AUTHENTICATED,

THEN PRESENT THE

“LOGIN” FORM...

THEN PRESENT THE

“LOGIN” FORM...

IF “USER” IS NEITHER

AUTHENTICATED NOR

REGISTERED, THEN

PRESENT THE

“REGISTRATION” FORM...

THEN PRESENT THE

“LOGIN” FORM...

IF “USER” IS NEITHER

AUTHENTICATED NOR

REGISTERED, THEN

PRESENT THE

“REGISTRATION” FORM...

SIMILAR PROCESSING;

SUCCESS RETURNS TO THE

ORIGINAL REQUEST.

INPUT FILTERING TO

COMBAT SCRIPT

INJECTION

INPUT FILTERING TO

COMBAT SCRIPT

INJECTION

UNIQUENESS OF LOCAL

IDENTITY

INPUT FILTERING TO

COMBAT SCRIPT

INJECTION

UNIQUENESS OF LOCAL

IDENTITY

CREDENTIAL SECURITY

PASSWORD

STRENGTH

INPUT FILTERING TO

COMBAT SCRIPT

INJECTION

UNIQUENESS OF LOCAL

IDENTITY

CREDENTIAL SECURITY

PASSWORD

STRENGTH

DATA STORE

INPUT FILTERING TO

COMBAT SCRIPT

INJECTION

UNIQUENESS OF LOCAL

IDENTITY

CREDENTIAL SECURITY

PASSWORD

STRENGTH

DATA STORE

HEADACHE

INPUT FILTERING TO

COMBAT SCRIPT

INJECTION

UNIQUENESS OF LOCAL

IDENTITY

CREDENTIAL SECURITY

PASSWORD

STRENGTH

DATA STORE

HEADACHE

REPETITION!!!

INPUT FILTERING TO

COMBAT SCRIPT

INJECTION

UNIQUENESS OF LOCAL

IDENTITY

CREDENTIAL SECURITY

PASSWORD

STRENGTH

DATA STORE

HEADACHE

REPETITION!!!

FAIL!!!6

IDENTITY FEDERATIONWHY CAN’T SOMEBODY ELSE DO ALL THIS FOR ME?

INTRODUCING!

NOT NEW BUT

IMPROVED!

FEDERATED IDENTITY

HOW THIS IS SUPPOSED TO WORK...

FEDERATED IDENTITY

HOW THIS IS SUPPOSED TO WORK...

FEDERATION VIA OPENID

THAT SEEMS EASY...

EVEN EASIER WITH EXISTING LIBRARIES:

ZEND_OPENID FOR PHP5

RUBY-OPENID FOR RUBY

NET::OPENID FOR PERL

MOD_AUTH_OPENID FOR APACHE2

OPENID4JAVA FOR JAVA

CHECK THE OPENID.NET WIKI FOR MORE...!

def openid_consumer if @openid_consumer.blank? @openid_consumer = OpenID::Consumer.new(session, OpenID::Store::Filesystem.new("#{RAILS_ROOT}/tmp/openid")) end

return @openid_consumerend

def create # Get the OpenID parameter openid_url = params[:openid_url]

# Make sure we got something if openid_url.blank? flash[:error] = "No OpenID was entered; try again" redirect_to :back return end

# Get an OpenID response openid_response = openid_consumer.begin openid_url

home_url = url_for :controller => "openid", :action => "index" complete_url = url_for :controller => "openid", :action => "complete" openid_redirect_url = openid_response.redirect_url(home_url, complete_url) redirect_to openid_redirect_url

returnend

LET’S TRY IT OUT!

$> gem install ruby-openid$> script/generate controller openid new create complete openid_consumerviews/openid/new.html.erb:<html> <head> <title>Log in with OpenID</title> </head> <body> <% if not flash[:error].blank? %> <p><b><%= flash[:error] -%></b></p> <% end %>

<% form_tag "/openid/create" do %> <%= text_field_tag "openid_url" %> <%= submit_tag "Log in with OpenID" %> <% end %> </body></html>

def complete home_url = url_for :controller => "openid", :action => "index" complete_url = url_for :controller => "openid", :action => "complete"

openid_response = openid_consumer.complete(params, complete_url)

session[:openid] = openid_response.identity_url flash[:error] = "You have been logged in as '#{session[:openid]}'" redirect_to :action => "new" returnend

HTTP://WWW.LINUXJOURNAL.COM/ARTICLE/10104

returnend

LET’S TRY IT OUT!

returnend

LET’S TRY IT OUT!

returnend

LET’S TRY IT OUT!

returnend

LET’S TRY IT OUT!

TRANSMISSION COMPLETE

SOURCES AVAILABLE ON DEL.ICIO.US

Distributed Identity via OpenID

Technology