2007 Barcelona Drupalcon: OpenID

supported in core...

now what?

questions?

answers!

explanation

what is OpenID?

“OpenID is an open, decentralized, free

framework for user-centric digital

identity.”

“OpenID is an open, decentralized, free

framework for user-centric digital identity.”

what is identity?

who you are

who am I?

“walkah”

James Ransom Walker

yes... “Ransom”

July 10, 1977

29

30

over 19

over 21

over 25

under 65

who you are

how does it work?

Who is involved?

• Users - OpenID Identifier

• Relying Party (RP) - aka “consumer”

• Wants your information

• OpenID Provider (OP) - aka “ID provider”

• Has your information

User provides identity (URL) to Relying Party

Relying Party performs discovery

Re-directs to OpenID Provider

... with choices

User authenticates

User receives signedauthentication response

Redirected to RP

Relying party verifies this

response

access granted!

what’s the point?

too many usernames &

passwords

single sign-on

registration headaches

real world

photo ID

what is an OpenID identifier?

not an account

URL

globally unique

identifier

... like your passport number

isn’t that a bad idea?

what if someone steals my identity!?

“OpenID is an open, decentralized, free

framework for user-centric digital

identity.”

choice of:OpenID Provider

get a couple!

multiple personas

choice of: authentication

method

choice of:released data

(including not presenting ID)

user decides

where do i get one?

how do i use it?

is it secure?

you don’t give your credentials to

anyone but your OpenID provider

(unlike drupal.module)

what’s next?

OpenID provider

DRUPAL-4-7--2

5 & 6 soon!

in core?

attribute exchange

key-value pairs

keys are URLs

(also globally unique)

http://pants.com/pants/status => off

not necessarily from your provider

cached by your provider

can be digitally signed by attribute

provider

we can achieve true digital identity

more questions?