SlideShare a Scribd company logo

Openid+Opensocial

Sebastiano Merlino (eTr), profile picture
Sebastiano Merlino (eTr)

The document details the integration of OpenID and OpenSocial, describing OpenID as a decentralized authentication standard allowing users to access multiple services with a single digital identity. It explains the technicalities of how OpenID functions, including the roles of identifiers, providers, and the login process. Additionally, it presents the capabilities of OpenSocial as a set of APIs designed for interoperability among web applications and social networks, highlighting the structure and implementation of gadgets within its framework.

Technology
1 of 33
Downloaded 63 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
OpenID + OpenSocial Integration between two “open” technologies Sebastiano Merlino aka eTr etr@pensieroartificiale.com Gtug Group - Catania - Italy July 10th, 2010 1 / 33
OpenID + OpenSocial What about OpenID? OpenID (now at version 2.0) is an open, decentralized standard for authenticating users that can be used for access control, allowing users to log on to different services with the same digital identity where these services trust the authentication body. Wikipedia, the free encyclopedia Who controls OpenID? OpenID is decentralized and not owned by anyone. Every person can choose to become an OpenID provider without having to register or to be approved by any organization. The OpenID Foundation was formed to assist the open source community working like a legal entity. 2 / 33
OpenID + OpenSocial The OpenID protocol Glossary End-User: the person who wants to log in. Identifier: the standard URI or XRI used to identify the End-User (also called OpenID). OpenID provider: a service provider that offers the possibility to register OpenID URLs and XRIs and providing OpenID authentication. Relying Party: The site that wants to verify the End-User identity. It is also called Service Provider. Server Agent: The server that verifies the End-User’s OpenID. It usually is the same of the OpenID provider. User Agent: The program used by the End-User to access to the provider or to the relying party. It usually is a browser. 3 / 33
OpenID + OpenSocial The OpenID protocol There are two types of identifiers allowed: URLs and XRIs. There are two ways to obtain an OpenID enabled URL that can be used to access to a relying party: 1 To use an existing URL under user control linking to a page which contains OpenID tags in the HTML or serves a Yadis document. 2 To register to an OpenID provider. They usually offer to register a third level domain URL configured with OpenID HTML tags. Some providers generate on request a Yadis document with details about the end-user. XRIs are a new type of internet identifier designed for cross-domain identification. XRIs come in two forms: i-names and i-numbers that are registered as synonims. I-names can be reassigned but an i-number is never reassigned. An i-name is immediatly translated to it synonim i-number that is stored as OpenID by the relying party. 4 / 33
OpenID + OpenSocial The OpenID protocol The Login 1 The user provides his OpenID to the relying party using the form on their page. It is supposed that the user has already registered an OpenID identifier with an OpenID provider. 2 The relying party normalizes the provided OpenID. If the OpenID is an URL, the relying party implementing OpenID 1.0 requests the web page located at that URL and reads the proper HTML Tag to discover the identity provider service URL or receive a Yadis document with informations. With OpenID 2.0 instead, the OpenID is a XRI and the relying party discovers the identity provider service URL by requesting a XRDS document (Yadis) following the path indicated by the XRI. 5 / 33
OpenID + OpenSocial The OpenID protocol The Login 3 At this point the communication starts. The relying party can communicate with the provider without interaction with the user (checkid immediate) or, like it is popular in web, notificating the user and using his browser (checkid setup). 4 Relying party and provider establish a shared secret (starting from a nonce and using a Diffie-Hellman). With checkid setup the relying party redirects the user to the OpenID provider. 5 The provider requires the user a permission for the relying party. 6 If the user declines, he is redirected to the relying party with an error message, instead, if the user confirms the relying party verifies the authentication validating the shared secret. 7 At this point if the validation is successful, the user is considered logged in. 6 / 33
OpenID + OpenSocial The OpenID protocol HTML with OpenID Tags An OpenID tagged HTML page must contains these two links: <link rel=‘‘openid2.provider openid.server’’ href=‘‘http://www.livejournal.com/openid/server.bml’’/> <link rel=‘‘openid2.local id openid.delegate’’ href=‘‘http://exampleuser.livejournal.com/’’/> XRIs An XRI (eXtensible Resource Identifier) is a scheme resolution protocol for abstract identifiers. If an XRI starts with “=” it identifies a person, if starts with “@” identify an organization an if starts with “+” indicates a generic concept. Every name (i-name) can be converted into an i-number. xri://=Sebastiano.Merlino xri://=!1000.aib3.c6f2 xri://+phone.number xri://+!1000.f4f5.c3f5 xri://mysite.it/(=Sebastiano.Merlino) xri://mysite.it/(=!1000.aib3.c6f2) 7 / 33
OpenID + OpenSocial The OpenID protocol Yadis Yadis is a communication protocol for discovery of services. A Yadis ID can be a URL or a XRI i-name that can be resolved to a URL. The Yadis protocol specifies how to retrieve a service descriptor called Yadis Resource Descriptor. This descriptor follows the XRDS format to connect to several services. < ?xml version=1.0 encoding=UTF-8?> <xrds:XRDS xmlns:xrds=xri://$xrds xmlns=xri://$xrd*($v*2.0) xmlns:openid=http://openid.net/xmlns/1.0} <XRD> <Service priority=50} <Type>http://openid.net/signon/1.0</Type> <URI>http://www.myopenid.com/server</URI> <openid:Delegate>http://smoker.myopenid.com/</openid:Delegate> </Service> </XRD> </xrds:XRDS> 8 / 33
OpenID + OpenSocial and...OAuth? OAuth and OpenID sounds like the same thing but they are really different. If OpenID exists to give access to multiple web sites, OAuth lets to authorize one website (called consumer) to access data from another web site (provider). The Open Authentication Google and Plaxo have released a hybrid protocol that combines OpenID with OAuth. Often, when a site wants to use services by another site, it requires login access details that the user may doesn’t want to condivide. To circumvent this problem has been created OAuth that drive the user to the provider, sending back him after the login. This technique can be improved with OpenID that can make this operation automatic. 9 / 33
OpenID + OpenSocial OpenID: Advantages and Disadvantages Advantages Accelerate SignUp process Reduce frustration of mantaining multiple Username and Password Minimize Password security risk Gain greater control over online identity Disadvantages The OpenID provider may track users’ habits. Third party authenticate your users. 10 / 33
OpenID + OpenSocial OpenID implementations Provider Community-ID (PHP) Relying Party Prarie (PHP) Poidsy (PHP) Masquerade (Ruby) Openid4Java (Java) DjangoID (Python) jopenid (Java) Packetizer OpenID Server (Perl) DotNetOpenAuth (.NET) DotNetOpenID (.NET) JOS (Java) 11 / 33
OpenID + OpenSocial OpenID provider: Community-ID Community-ID is an OpenID PHP implementation of a provider which is OpenID 2.0 compliant. Community-ID is totally free in use and is build 100% over Open Source software. This software is licensed under the BSD license. To use Community-ID, you have only to install it. For the installation the software requires a WebServer installed with support for PHP 5.2.4 or greater with the MySQLi installed. It is also required a MySQL database (version 4.1 or greater). These modules are required: php5-core php5-mysql php5-pdo mysql php5-gd php5-gmp. 12 / 33
OpenID + OpenSocial Relying Party: Poidsy Example <?php session start(); if (isset($ POST[’openid url’]) isset($ REQUEST[’openid mode’])) { if (isset($ POST[’openid type’]) && $ POST[’openid type’] != ’openid url’) { define(’OPENID URL’, $ POST[’openid type’]); } require(’../../processor.php’); //the poidsy validation script } else { [...some layout stuff...] if (isset($ SESSION[’openid’][’error’])) { unset($ SESSION[’openid’][’error’]); } else if (isset($ SESSION[’openid’][’validated’]) && $ SESSION[’openid’][’validated’]) { unset($ SESSION[’openid’][’validated’]); if (isset($ SESSION[’openid’][’sreg’])) { [...show data...] unset($ SESSION[’openid’][’sreg’]); } 13 / 33
OpenID + OpenSocial Relying Party: Poidsy Poidsy is a full functional set of PHP script that serves like OpenID relying party. The difference between Poidsy and other libraries is the ability of this implementation to not expose the OpenID logic. It can only be used without writing a single line of code. In the previous example, it is shown how to use the poidsy library. It is required to start a session where the library stores his values. If is passed to the page an OpenID url, the scripts requires the processor.php script to validate and authenticate the user. The same page is used to receive a response from the provider. If the response is an error, it is possible to print on the screen an error message, otherwise it is possible to read the response and use it like user data. 14 / 33
OpenID + OpenSocial Relying Party: Pigeon 32 valor medals were consigned to pigeons during the Second World War. Only 26 to dogs. 3 to horses. Only 1 to a cat. (What has he done? He has perhaps eaten a german pigeon?!?!) Remember: when the battle starts and the situation becomes chaotic with machine guns, artigliery and gas, we must trust the pigeons. Pigeon service was implemented by Dario Mazza, Sebastiano Merlino, Marco Messina, Davide Giuseppe Monaco, Paolo Pino and Eugenio Priscimone. It uses Openid4Java to realize a fully compatible relying party for OpenID verions: 1.0, 1.1 and 2.0. 15 / 33
OpenID + OpenSocial Relying Party: Pigeon Classes Pigeon consists in three classes: PigeonService, AuthenticationServlet, OIDResponseServlet. PigeonService implementation PigeonService consists in four methods: getConsumerManager : necessary to obtain the Openid4Java ConsumerManager. discoverOnIdentifier : used to obtain DiscoveryInformation necessary to the user’s effective authentication. createAuthRequest: method used to obtain the AuthRequest to send. processData: necessary to obtain an userID from the provider’s response. 16 / 33
OpenID + OpenSocial Relying Party: Pigeon getConsumerManager private static ConsumerManager getConsumerManager(){ if (consumerManager == null) { [...] consumerManager = new ConsumerManager(); consumerManager.setAssociations(new InMemoryConsumerAssociationStore()); consumerManager.setNonceVerifier(new InMemoryNonceVerifier(10000)); } [...] return consumerManager; } This method first initialize an empty ConsumerManager, then it decides what class is responsible to store the associations with providers. At the end the method sets a validity time for the nonce and returns the ConsumerManager. 17 / 33
OpenID + OpenSocial Relying Party: Pigeon discoverOnIdentifier public static DiscoveryInformation discoverOnIdentifier(String userSuppliedIdentifier){ DiscoveryInformation ret = null; ConsumerManager consumerManager = getConsumerManager(); [...] List discoveries = consumerManager.discover(userSuppliedIdentifier); ret = consumerManager.associate(discoveries); [...] return ret; } This method first initializes a null DiscoveryInformation and then using the ConsumerManager it discovers informations about the userSuppliedIdentifier. At the end the method returns the DiscoveryInformation. 18 / 33
OpenID + OpenSocial Relying Party: Pigeon createAuthRequest public static AuthRequest createAuthRequest(DiscoveryInformation discoveryInformation, String returnToAviary){ AuthRequest retValue = null; [..] retValue = getConsumerManager().authenticate(discoveryInformation, returnToAviary); SRegRequest req = SRegRequest.createFetchRequest(); retValue.addExtension(req); [..] return retValue; } This method uses the DiscoveryInformation to authenticate the user imposing to redirect to the url indicated in returnToAviary after the login. The method at the end returns the authRequest. 19 / 33
OpenID + OpenSocial Relying Party: Pigeon processData public static UserId processData(DiscoveryInformation discoveryInformation, ParameterList parameterList, String returnToAviary){ UserId ret = null; [...] VerificationResult verificationResult = getConsumerManager().verify(returnToAviary, parameterList, discoveryInformation); Identifier verifiedIdentifier = verificationResult.getVerifiedId(); if (verifiedIdentifier != null) { AuthSuccess authSuccess = (AuthSuccess) verificationResult.getAuthResponse(); ret = new UserId(UserId.Type.valueOf(me), verifiedIdentifier.getIdentifier()); } [...] return ret; } This method first verifies the idenitfier with the nonce and then stores it inside an UserID. 20 / 33
OpenID + OpenSocial Relying Party: Pigeon Authentication Servlet [...] DiscoveryInformation discoveryInformation = PigeonService.discoverOnIdentifier(userSuppliedIdentifier); req.getSession(true).setAttribute(“discoveryInformation”, discoveryInformation); AuthRequest authRequest = PigeonService.createAuthRequest(discoveryInformation, returnToUrl); res.sendRedirect(authRequest.getDestinationUrl(true)); [...] OIDResponseServlet [...] UserId uid = PigeonService.processData((DiscoveryInformation) req.getSession(true).getAttribute(“discoveryInformation”), new ParameterList(req.getParameterMap()), returnToUrl); UserHelper.setSessionUid(req,uid.getUserId()); UserHelper.setSessionUserHash(req,uid.hashCode()); AuthenticationResponse ar = new AuthenticationResponse(uid.getUserId()); [...] 21 / 33
OpenID + OpenSocial Relying Party: Pigeon These two servlet respectively requires authentication to the provider and receives his response. It could be seen how the servlet have only to use the methods implemented by the class Pigeon. Like can be seen in the previous slides is really simple to implement a relying party also using the java api Openid4Java. In this case, unlike Poidsy, we are not blind in front of the software implementation, so we need to have a knowledge of OpenID specification to make general at all our implementation. 22 / 33
OpenID + OpenSocial OpenSocial It’s open, it’s social, it’s up to you OpenSocial is a set of web API designed by Google, MySpace and many others web organizations with the objective to make interoperable every application implementing it with any social network system that supports them. It’s a set of two APIs, for javascript and REST. The javascript API are designed for “web gadgets” written in Google’s gadgets architecture. The REST API is for other apps: desktop, mobile and server. Gadgets are written using the Gadgets API. Any site that can host gadgets is called container. 23 / 33
OpenID + OpenSocial OpenSocial: Gadgets Structure of a Gadget <?xml version=‘‘1.0’’ encoding=‘‘UTF-8’’ ?> <Module> <ModulePrefs title=‘‘Hello World!’’> <Require feature=‘‘opensocial-0.8’’ /> </ModulePrefs> <Content type=‘‘html’’> <![CDATA[ Hello, world! ]]> </Content> </Module> <Module> indicates that this XML contains a gadget. <ModulePrefs> contains information about the gadget. <Require feature=“opensocial-0.8” /> denotes a required feature of the gadget. <Content type=“html”> indicates that the gadget’s content type is HTML. 24 / 33
OpenID + OpenSocial OpenSocial: Container Apache Shindig The reference implementation for an OpenSocial Container is Apache Shindig. An OpenSocial container is not merely a box designed to contains gadget but it also involves in the creation of a social infrastructure between members of the site implementing the API. There are two implementation for the Shindig Container: Java and PHP; these two versions have 3 major server side components: Persistent Data Loading Mechanism; Gadget Rendering Infrastructure OpenSocial server-side Implementation 25 / 33
OpenID + OpenSocial OpenSocial: Container Some features are client side, like: The real gadget container (in javascript) The OpenSocial container JSon, Restful and Caja support OpenSocial APIs OpenSocial’s API implemented are: OpenSocial REST : for Server-to-Server communications OpenSocial JSON-RPC : for Gadget-to-Server communications Javascript: for Gadgets implementation 26 / 33
OpenID + OpenSocial OpenSocial: Container Implementation Shindig Installation The shindig installation system is really simple. It just consists in extracting the downloaded archive to the directory where you wish install Apache Shindig. For the J2EE version the installation consists in copying the WAR file to $TOMCAT HOME/webapps if the server used is Tomcat. Building from source requires Java 1.5 or later with JAVA HOME environment variable set and Apache Maven already installed. For the PHP version you have just to copy shindig-php into a directory in /var/www obviously intending you have installed an Apache PHP server. Prerequisites are PHP 5.2.x with mod rewrite enabled with the json, simplexml, mcrypt and curl extensions enabled. 27 / 33
OpenID + OpenSocial OpenSocial: Container Implementation To personalize your container (client-side in js) you have to override methods from the default implementation changing functionalities to resemble what you want. Usually you have rewrite the main funcion renderGadgets. M4P2 M4P2 is an extension of the javascript client-side shindig container adding to it some functionalities using jQuery library. It has been realized by Dario Mazza, Sebastiano Merlino, Marco Messina, Davide Giuseppe Monaco, Paolo Pino and Eugenio Priscimone. It just consists in a single js script that can be used like container for OpenSocial Gadgets. 28 / 33
OpenID + OpenSocial OpenSocial: Container Implementation function renderGadgets(incoming, enable cb, disable cb) { enable sorting=(typeof(enable cb)==’function’) ? enable cb : function() {}; disable sorting=(typeof(disable cb)==’function’) ? disable cb : function() {}; [...] eval(var json data = + incoming); var ids = []; var urls = []; for (var el in json data) } ids.push(json data[el].id); var buffer = gadgets.container.createGadget(}specUrl: json data[el].url{); gadgets.container.addGadget(buffer); urls.push(buffer); } gadgets.container.layoutManager.setGadgetChromeIds(ids); for (var el in urls) { gadgets.container.renderGadget(urls[el]); var gadgetIframe = document.getElementById(urls[el].getIframeId()); gadgetIframe.setAttribute(’style’, ’width: 100%; max-height: 400px;’); } gadgets.container.refreshGadgets(); } 29 / 33
OpenID + OpenSocial OpenSocial: Container Implementation M4P2 In the previous slide is presented a piece of code from the overriding of the function renderGadgets. This function accepts three params: incoming, enable cb, disable cb. The first parameter is a string in JSON format: [{’id’:’gadget-chrome-x’,’url’: ’gadgets/Login/Login.xml’},{ ’id’:’gadget-chrome-y’, ’url’:’http://localhost:8080/examples/getFriendsHasApp.xml’ }] “id” indicates the name of the div that has to contain the gadget. “url” is the path to reach the gadget. The block that follows registers the gadget and renderizes it. 30 / 33
OpenID + OpenSocial A final merge <?xml version=“1.0” encoding=“UTF-8”?> <Module> <ModulePrefs title=“OpenSocial - Login utente” height=“250”> </ModulePrefs> <Content type=“html”> <![CDATA[ [...javascript inclusions...] [...do some stuff to print layout...] function accesso(){ var parametri = document.getElementById(“logstring”).value.split(“-”); var username = parametri[0]; var opname = parametri[1]; if(username==none){ window.location = “http://www.example.com:8080/openid/auth?op=” + opname; } else { var uid = document.getElementById(“userid”).value; window.location = “http://www.example.com:8080/openid/auth?op=” + opname + “&uid=” + uid; } [...do some stuff to fill form...] } ]]> </Content> </Module> 31 / 33
OpenID + OpenSocial A final merge An OpenID gadget In the previous slide it can be seen an example of a OpenID login gadget. In this example have been used a modified shindig container (M4P2) that uses a relying party “Pigeon” developed on openid4java connecting with a huge number of provider. At this point we have realized our global authentication tool that using OpenID makes easy the life of the user. In addiction to this, we can distribute our gadget to any site implementing OpenSocial containers and that wants to use it. Supposing we want to start our OpenID provider it could be an extremely interessant example of software distribution as advertisement. An interessant plan for the future could be to implement support also to OAuth allowing easy data exchange and creating an automatic site ring. 32 / 33
OpenID + OpenSocial Links... openid.net/developers/specs/ - to read about OpenID specifications. - article and step2.googlecode.com/svn/spec/openid oauth extension/latest/ specifications about the OAuth extension of OpenID. wiki.openid.net/Run-your-own-identity-server - A link to a collection of library to realize an OpenID provider. code.google.com/intl/it-IT/apis/opensocial/ - The official OpenSocial project page. shindig.apache.org/ - Shindig official web page. 33 / 33

More Related Content

PDF
OpenID Connect - An Emperor or Just New Cloths?
Oliver Pfaff
 
PPTX
NextGenPSD2 OAuth SCA Mode Security Recommendations
Torsten Lodderstedt
 
PPT
Understanding OpenID
Prabath Siriwardena
 
PPTX
OpenID Connect 1.0 Explained
Eugene Siow
 
PDF
OpenID Connect 4 SSI (DIFCon F2F)
Torsten Lodderstedt
 
PDF
OAuth Base Camp
Oliver Pfaff
 
PDF
Full stack security
DPC Consulting Ltd
 
PDF
Introduction to OpenID Connect
Nat Sakimura
 
OpenID Connect - An Emperor or Just New Cloths?
Oliver Pfaff
 
NextGenPSD2 OAuth SCA Mode Security Recommendations
Torsten Lodderstedt
 
Understanding OpenID
Prabath Siriwardena
 
OpenID Connect 1.0 Explained
Eugene Siow
 
OpenID Connect 4 SSI (DIFCon F2F)
Torsten Lodderstedt
 
OAuth Base Camp
Oliver Pfaff
 
Full stack security
DPC Consulting Ltd
 
Introduction to OpenID Connect
Nat Sakimura
 

What's hot (10)

PPTX
OpenID Connect: An Overview
Pat Patterson
 
PDF
Open ID Connect
Mustafa Göksever
 
PDF
OpenID Connect 4 SSI (at EIC 2021)
Torsten Lodderstedt
 
PDF
OpenID Connect 4 SSI
Torsten Lodderstedt
 
PPTX
Mit 2014 introduction to open id connect and o-auth 2
Justin Richer
 
PDF
CIS14: Working with OAuth and OpenID Connect
CloudIDSummit
 
PDF
OpenID Connect vs. OpenID 1 & 2
Mike Schwartz
 
PPTX
Comprehensive overview FAPI 1 and FAPI 2
Torsten Lodderstedt
 
PDF
Open id connect claims idcon mini vol1
Ryo Ito
 
PDF
Comment ça marche: OpenID Connect fournisseur d’identité universel de Google ...
Leonard Moustacchis
 
OpenID Connect: An Overview
Pat Patterson
 
Open ID Connect
Mustafa Göksever
 
OpenID Connect 4 SSI (at EIC 2021)
Torsten Lodderstedt
 
OpenID Connect 4 SSI
Torsten Lodderstedt
 
Mit 2014 introduction to open id connect and o-auth 2
Justin Richer
 
CIS14: Working with OAuth and OpenID Connect
CloudIDSummit
 
OpenID Connect vs. OpenID 1 & 2
Mike Schwartz
 
Comprehensive overview FAPI 1 and FAPI 2
Torsten Lodderstedt
 
Open id connect claims idcon mini vol1
Ryo Ito
 
Comment ça marche: OpenID Connect fournisseur d’identité universel de Google ...
Leonard Moustacchis
 
Ad

Viewers also liked (20)

PDF
Linux & Open Source - Lezione 1
Sebastiano Merlino (eTr)
 
PPTX
Amsterdam may13 v3_picconi
Francesco Picconi (MSc,Dr)
 
PPT
Fabricounsel Intro 04.09
martin young
 
PPTX
Ada it#09 pengunaan pdf
azlipaat
 
PPTX
Ada it#04 enjin pencari
azlipaat
 
PPT
Jmc Marketing Linked In
Tremont
 
PDF
Cinemaadvantage Email
FulleC01
 
PPT
Time Management
forumpembemgunan
 
PDF
Owl S Restricted
Sebastiano Merlino (eTr)
 
PPT
Human Resources Services
mjarquin
 
PPT
Rally 2
Ingurugiro Etxea Fundazioa
 
DOCX
Formato plano 10th week5_complex_sent
Evelin Peña
 
PPT
HyEnergy Theoretical Concept for a Retail Consumer Model
Dorina M. Morcan
 
PDF
Energiak etorkizunean izango duen eraginaren aurreikuspena ingurugiroetxea ne...
Ingurugiro Etxea Fundazioa
 
PDF
Lezione Uno Pratica
Sebastiano Merlino (eTr)
 
PPTX
Updated Value of Volunteering
Brandi Mahurin-Wright
 
PPT
Ereiten proiektuaren aurkezpena
Ingurugiro Etxea Fundazioa
 
PPTX
Galeria Rammstein Slides
NATALIA LAVERDE
 
PPTX
Ada it#03 browser
azlipaat
 
PPTX
Ada it#05 laman blog
azlipaat
 
Linux & Open Source - Lezione 1
Sebastiano Merlino (eTr)
 
Amsterdam may13 v3_picconi
Francesco Picconi (MSc,Dr)
 
Fabricounsel Intro 04.09
martin young
 
Ada it#09 pengunaan pdf
azlipaat
 
Ada it#04 enjin pencari
azlipaat
 
Jmc Marketing Linked In
Tremont
 
Cinemaadvantage Email
FulleC01
 
Time Management
forumpembemgunan
 
Owl S Restricted
Sebastiano Merlino (eTr)
 
Human Resources Services
mjarquin
 
Rally 2
Ingurugiro Etxea Fundazioa
 
Formato plano 10th week5_complex_sent
Evelin Peña
 
HyEnergy Theoretical Concept for a Retail Consumer Model
Dorina M. Morcan
 
Energiak etorkizunean izango duen eraginaren aurreikuspena ingurugiroetxea ne...
Ingurugiro Etxea Fundazioa
 
Lezione Uno Pratica
Sebastiano Merlino (eTr)
 
Updated Value of Volunteering
Brandi Mahurin-Wright
 
Ereiten proiektuaren aurkezpena
Ingurugiro Etxea Fundazioa
 
Galeria Rammstein Slides
NATALIA LAVERDE
 
Ada it#03 browser
azlipaat
 
Ada it#05 laman blog
azlipaat
 
Ad

Similar to Openid+Opensocial (20)

PPT
Open ID
diwanshu.joshi
 
PDF
Review on OpenID Authentication Framework
ijsrd.com
 
PPTX
Open id & OAuth
Paul Fryer
 
PDF
OpenID Tutorials
Nao Haida
 
PDF
OSCON 2018 Getting Started with Hyperledger Indy
Tracy Kuhrt
 
PDF
Open ID Explained
Karthik Ethirajan
 
PPTX
Holt "Working with Scholarly APIs: A NISO Training Series, Session Two: ORCID"
National Information Standards Organization (NISO)
 
PPT
Implementing OpenID for Your Social Networking Site
David Keener
 
PDF
OpenID and OAuth
Andrea Chiodoni
 
ODP
OpenID in the Fedora Services
Patrick Uiterwijk
 
PDF
2010 - Fédération des identités et OpenID
Cyber Security Alliance
 
PDF
Geneva Application Security Forum: Vers une authentification plus forte dans ...
Sylvain Maret
 
PDF
OpenID Connect Explained
Vladimir Dzhuvinov
 
PPT
Decentralized Social Networking
Pascal Van Hecke
 
PPTX
RSA Europe: Future of Cloud Identity
Mike Schwartz
 
PDF
What is the ORCID API and what you can do with it? (R. Peters)
ORCID, Inc
 
PDF
OAuth 2.0 and OpenID Connect
Jacob Combs
 
PPTX
Lecture 20101124
Anderson Liang
 
PDF
open id & o-auth
Paul Fryer
 
PPTX
SWXG 2010.6.9 v2
Paul Trevithick
 
Open ID
diwanshu.joshi
 
Review on OpenID Authentication Framework
ijsrd.com
 
Open id & OAuth
Paul Fryer
 
OpenID Tutorials
Nao Haida
 
OSCON 2018 Getting Started with Hyperledger Indy
Tracy Kuhrt
 
Open ID Explained
Karthik Ethirajan
 
Holt "Working with Scholarly APIs: A NISO Training Series, Session Two: ORCID"
National Information Standards Organization (NISO)
 
Implementing OpenID for Your Social Networking Site
David Keener
 
OpenID and OAuth
Andrea Chiodoni
 
OpenID in the Fedora Services
Patrick Uiterwijk
 
2010 - Fédération des identités et OpenID
Cyber Security Alliance
 
Geneva Application Security Forum: Vers une authentification plus forte dans ...
Sylvain Maret
 
OpenID Connect Explained
Vladimir Dzhuvinov
 
Decentralized Social Networking
Pascal Van Hecke
 
RSA Europe: Future of Cloud Identity
Mike Schwartz
 
What is the ORCID API and what you can do with it? (R. Peters)
ORCID, Inc
 
OAuth 2.0 and OpenID Connect
Jacob Combs
 
Lecture 20101124
Anderson Liang
 
open id & o-auth
Paul Fryer
 
SWXG 2010.6.9 v2
Paul Trevithick
 

More from Sebastiano Merlino (eTr) (20)

PDF
How to build SOLID code
Sebastiano Merlino (eTr)
 
PDF
Multithreading, multiprocessing e Asincronia
Sebastiano Merlino (eTr)
 
PDF
Asterisk
Sebastiano Merlino (eTr)
 
PPTX
Biomeccatronica
Sebastiano Merlino (eTr)
 
PDF
Bash programming
Sebastiano Merlino (eTr)
 
PDF
Lezione Tre Pratica
Sebastiano Merlino (eTr)
 
PDF
Lezione tre
Sebastiano Merlino (eTr)
 
PDF
Lezione Quattro
Sebastiano Merlino (eTr)
 
PDF
Lezione Due Pratica
Sebastiano Merlino (eTr)
 
PDF
Lezione Cinque
Sebastiano Merlino (eTr)
 
PDF
Lezione uno
Sebastiano Merlino (eTr)
 
PDF
Lezione due
Sebastiano Merlino (eTr)
 
PDF
Wsmo Restricted
Sebastiano Merlino (eTr)
 
PDF
Sawsdl Restriced
Sebastiano Merlino (eTr)
 
PDF
Owl Guide Resticted
Sebastiano Merlino (eTr)
 
PDF
Fast Wsdl Tutorial
Sebastiano Merlino (eTr)
 
PDF
Lezione Tre
Sebastiano Merlino (eTr)
 
PDF
Linux & Open Source - Alternative Software
Sebastiano Merlino (eTr)
 
PDF
Linux & Open Source - Lezione 2 Supporto
Sebastiano Merlino (eTr)
 
PDF
Linux & Open Source - Lezione 2
Sebastiano Merlino (eTr)
 
How to build SOLID code
Sebastiano Merlino (eTr)
 
Multithreading, multiprocessing e Asincronia
Sebastiano Merlino (eTr)
 
Asterisk
Sebastiano Merlino (eTr)
 
Biomeccatronica
Sebastiano Merlino (eTr)
 
Bash programming
Sebastiano Merlino (eTr)
 
Lezione Tre Pratica
Sebastiano Merlino (eTr)
 
Lezione tre
Sebastiano Merlino (eTr)
 
Lezione Quattro
Sebastiano Merlino (eTr)
 
Lezione Due Pratica
Sebastiano Merlino (eTr)
 
Lezione Cinque
Sebastiano Merlino (eTr)
 
Lezione uno
Sebastiano Merlino (eTr)
 
Lezione due
Sebastiano Merlino (eTr)
 
Wsmo Restricted
Sebastiano Merlino (eTr)
 
Sawsdl Restriced
Sebastiano Merlino (eTr)
 
Owl Guide Resticted
Sebastiano Merlino (eTr)
 
Fast Wsdl Tutorial
Sebastiano Merlino (eTr)
 
Lezione Tre
Sebastiano Merlino (eTr)
 
Linux & Open Source - Alternative Software
Sebastiano Merlino (eTr)
 
Linux & Open Source - Lezione 2 Supporto
Sebastiano Merlino (eTr)
 
Linux & Open Source - Lezione 2
Sebastiano Merlino (eTr)
 

Recently uploaded (20)

PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PDF
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
KodekX | Application Modernization Development
KodekX
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
A Presentation on Artificial Intelligence
memembruh336
 
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
KodekX | Application Modernization Development
KodekX
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Approach and Philosophy of On baking technology
30anthuong17
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Teaching material agriculture food technology
LiaRayya
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 

Openid+Opensocial

  • 1. OpenID + OpenSocial Integration between two “open” technologies Sebastiano Merlino aka eTr etr@pensieroartificiale.com Gtug Group - Catania - Italy July 10th, 2010 1 / 33
  • 2. OpenID + OpenSocial What about OpenID? OpenID (now at version 2.0) is an open, decentralized standard for authenticating users that can be used for access control, allowing users to log on to different services with the same digital identity where these services trust the authentication body. Wikipedia, the free encyclopedia Who controls OpenID? OpenID is decentralized and not owned by anyone. Every person can choose to become an OpenID provider without having to register or to be approved by any organization. The OpenID Foundation was formed to assist the open source community working like a legal entity. 2 / 33
  • 3. OpenID + OpenSocial The OpenID protocol Glossary End-User: the person who wants to log in. Identifier: the standard URI or XRI used to identify the End-User (also called OpenID). OpenID provider: a service provider that offers the possibility to register OpenID URLs and XRIs and providing OpenID authentication. Relying Party: The site that wants to verify the End-User identity. It is also called Service Provider. Server Agent: The server that verifies the End-User’s OpenID. It usually is the same of the OpenID provider. User Agent: The program used by the End-User to access to the provider or to the relying party. It usually is a browser. 3 / 33
  • 4. OpenID + OpenSocial The OpenID protocol There are two types of identifiers allowed: URLs and XRIs. There are two ways to obtain an OpenID enabled URL that can be used to access to a relying party: 1 To use an existing URL under user control linking to a page which contains OpenID tags in the HTML or serves a Yadis document. 2 To register to an OpenID provider. They usually offer to register a third level domain URL configured with OpenID HTML tags. Some providers generate on request a Yadis document with details about the end-user. XRIs are a new type of internet identifier designed for cross-domain identification. XRIs come in two forms: i-names and i-numbers that are registered as synonims. I-names can be reassigned but an i-number is never reassigned. An i-name is immediatly translated to it synonim i-number that is stored as OpenID by the relying party. 4 / 33
  • 5. OpenID + OpenSocial The OpenID protocol The Login 1 The user provides his OpenID to the relying party using the form on their page. It is supposed that the user has already registered an OpenID identifier with an OpenID provider. 2 The relying party normalizes the provided OpenID. If the OpenID is an URL, the relying party implementing OpenID 1.0 requests the web page located at that URL and reads the proper HTML Tag to discover the identity provider service URL or receive a Yadis document with informations. With OpenID 2.0 instead, the OpenID is a XRI and the relying party discovers the identity provider service URL by requesting a XRDS document (Yadis) following the path indicated by the XRI. 5 / 33
  • 6. OpenID + OpenSocial The OpenID protocol The Login 3 At this point the communication starts. The relying party can communicate with the provider without interaction with the user (checkid immediate) or, like it is popular in web, notificating the user and using his browser (checkid setup). 4 Relying party and provider establish a shared secret (starting from a nonce and using a Diffie-Hellman). With checkid setup the relying party redirects the user to the OpenID provider. 5 The provider requires the user a permission for the relying party. 6 If the user declines, he is redirected to the relying party with an error message, instead, if the user confirms the relying party verifies the authentication validating the shared secret. 7 At this point if the validation is successful, the user is considered logged in. 6 / 33
  • 7. OpenID + OpenSocial The OpenID protocol HTML with OpenID Tags An OpenID tagged HTML page must contains these two links: <link rel=‘‘openid2.provider openid.server’’ href=‘‘http://www.livejournal.com/openid/server.bml’’/> <link rel=‘‘openid2.local id openid.delegate’’ href=‘‘http://exampleuser.livejournal.com/’’/> XRIs An XRI (eXtensible Resource Identifier) is a scheme resolution protocol for abstract identifiers. If an XRI starts with “=” it identifies a person, if starts with “@” identify an organization an if starts with “+” indicates a generic concept. Every name (i-name) can be converted into an i-number. xri://=Sebastiano.Merlino xri://=!1000.aib3.c6f2 xri://+phone.number xri://+!1000.f4f5.c3f5 xri://mysite.it/(=Sebastiano.Merlino) xri://mysite.it/(=!1000.aib3.c6f2) 7 / 33
  • 8. OpenID + OpenSocial The OpenID protocol Yadis Yadis is a communication protocol for discovery of services. A Yadis ID can be a URL or a XRI i-name that can be resolved to a URL. The Yadis protocol specifies how to retrieve a service descriptor called Yadis Resource Descriptor. This descriptor follows the XRDS format to connect to several services. < ?xml version=1.0 encoding=UTF-8?> <xrds:XRDS xmlns:xrds=xri://$xrds xmlns=xri://$xrd*($v*2.0) xmlns:openid=http://openid.net/xmlns/1.0} <XRD> <Service priority=50} <Type>http://openid.net/signon/1.0</Type> <URI>http://www.myopenid.com/server</URI> <openid:Delegate>http://smoker.myopenid.com/</openid:Delegate> </Service> </XRD> </xrds:XRDS> 8 / 33
  • 9. OpenID + OpenSocial and...OAuth? OAuth and OpenID sounds like the same thing but they are really different. If OpenID exists to give access to multiple web sites, OAuth lets to authorize one website (called consumer) to access data from another web site (provider). The Open Authentication Google and Plaxo have released a hybrid protocol that combines OpenID with OAuth. Often, when a site wants to use services by another site, it requires login access details that the user may doesn’t want to condivide. To circumvent this problem has been created OAuth that drive the user to the provider, sending back him after the login. This technique can be improved with OpenID that can make this operation automatic. 9 / 33
  • 10. OpenID + OpenSocial OpenID: Advantages and Disadvantages Advantages Accelerate SignUp process Reduce frustration of mantaining multiple Username and Password Minimize Password security risk Gain greater control over online identity Disadvantages The OpenID provider may track users’ habits. Third party authenticate your users. 10 / 33
  • 11. OpenID + OpenSocial OpenID implementations Provider Community-ID (PHP) Relying Party Prarie (PHP) Poidsy (PHP) Masquerade (Ruby) Openid4Java (Java) DjangoID (Python) jopenid (Java) Packetizer OpenID Server (Perl) DotNetOpenAuth (.NET) DotNetOpenID (.NET) JOS (Java) 11 / 33
  • 12. OpenID + OpenSocial OpenID provider: Community-ID Community-ID is an OpenID PHP implementation of a provider which is OpenID 2.0 compliant. Community-ID is totally free in use and is build 100% over Open Source software. This software is licensed under the BSD license. To use Community-ID, you have only to install it. For the installation the software requires a WebServer installed with support for PHP 5.2.4 or greater with the MySQLi installed. It is also required a MySQL database (version 4.1 or greater). These modules are required: php5-core php5-mysql php5-pdo mysql php5-gd php5-gmp. 12 / 33
  • 13. OpenID + OpenSocial Relying Party: Poidsy Example <?php session start(); if (isset($ POST[’openid url’]) isset($ REQUEST[’openid mode’])) { if (isset($ POST[’openid type’]) && $ POST[’openid type’] != ’openid url’) { define(’OPENID URL’, $ POST[’openid type’]); } require(’../../processor.php’); //the poidsy validation script } else { [...some layout stuff...] if (isset($ SESSION[’openid’][’error’])) { unset($ SESSION[’openid’][’error’]); } else if (isset($ SESSION[’openid’][’validated’]) && $ SESSION[’openid’][’validated’]) { unset($ SESSION[’openid’][’validated’]); if (isset($ SESSION[’openid’][’sreg’])) { [...show data...] unset($ SESSION[’openid’][’sreg’]); } 13 / 33
  • 14. OpenID + OpenSocial Relying Party: Poidsy Poidsy is a full functional set of PHP script that serves like OpenID relying party. The difference between Poidsy and other libraries is the ability of this implementation to not expose the OpenID logic. It can only be used without writing a single line of code. In the previous example, it is shown how to use the poidsy library. It is required to start a session where the library stores his values. If is passed to the page an OpenID url, the scripts requires the processor.php script to validate and authenticate the user. The same page is used to receive a response from the provider. If the response is an error, it is possible to print on the screen an error message, otherwise it is possible to read the response and use it like user data. 14 / 33
  • 15. OpenID + OpenSocial Relying Party: Pigeon 32 valor medals were consigned to pigeons during the Second World War. Only 26 to dogs. 3 to horses. Only 1 to a cat. (What has he done? He has perhaps eaten a german pigeon?!?!) Remember: when the battle starts and the situation becomes chaotic with machine guns, artigliery and gas, we must trust the pigeons. Pigeon service was implemented by Dario Mazza, Sebastiano Merlino, Marco Messina, Davide Giuseppe Monaco, Paolo Pino and Eugenio Priscimone. It uses Openid4Java to realize a fully compatible relying party for OpenID verions: 1.0, 1.1 and 2.0. 15 / 33
  • 16. OpenID + OpenSocial Relying Party: Pigeon Classes Pigeon consists in three classes: PigeonService, AuthenticationServlet, OIDResponseServlet. PigeonService implementation PigeonService consists in four methods: getConsumerManager : necessary to obtain the Openid4Java ConsumerManager. discoverOnIdentifier : used to obtain DiscoveryInformation necessary to the user’s effective authentication. createAuthRequest: method used to obtain the AuthRequest to send. processData: necessary to obtain an userID from the provider’s response. 16 / 33
  • 17. OpenID + OpenSocial Relying Party: Pigeon getConsumerManager private static ConsumerManager getConsumerManager(){ if (consumerManager == null) { [...] consumerManager = new ConsumerManager(); consumerManager.setAssociations(new InMemoryConsumerAssociationStore()); consumerManager.setNonceVerifier(new InMemoryNonceVerifier(10000)); } [...] return consumerManager; } This method first initialize an empty ConsumerManager, then it decides what class is responsible to store the associations with providers. At the end the method sets a validity time for the nonce and returns the ConsumerManager. 17 / 33
  • 18. OpenID + OpenSocial Relying Party: Pigeon discoverOnIdentifier public static DiscoveryInformation discoverOnIdentifier(String userSuppliedIdentifier){ DiscoveryInformation ret = null; ConsumerManager consumerManager = getConsumerManager(); [...] List discoveries = consumerManager.discover(userSuppliedIdentifier); ret = consumerManager.associate(discoveries); [...] return ret; } This method first initializes a null DiscoveryInformation and then using the ConsumerManager it discovers informations about the userSuppliedIdentifier. At the end the method returns the DiscoveryInformation. 18 / 33
  • 19. OpenID + OpenSocial Relying Party: Pigeon createAuthRequest public static AuthRequest createAuthRequest(DiscoveryInformation discoveryInformation, String returnToAviary){ AuthRequest retValue = null; [..] retValue = getConsumerManager().authenticate(discoveryInformation, returnToAviary); SRegRequest req = SRegRequest.createFetchRequest(); retValue.addExtension(req); [..] return retValue; } This method uses the DiscoveryInformation to authenticate the user imposing to redirect to the url indicated in returnToAviary after the login. The method at the end returns the authRequest. 19 / 33
  • 20. OpenID + OpenSocial Relying Party: Pigeon processData public static UserId processData(DiscoveryInformation discoveryInformation, ParameterList parameterList, String returnToAviary){ UserId ret = null; [...] VerificationResult verificationResult = getConsumerManager().verify(returnToAviary, parameterList, discoveryInformation); Identifier verifiedIdentifier = verificationResult.getVerifiedId(); if (verifiedIdentifier != null) { AuthSuccess authSuccess = (AuthSuccess) verificationResult.getAuthResponse(); ret = new UserId(UserId.Type.valueOf(me), verifiedIdentifier.getIdentifier()); } [...] return ret; } This method first verifies the idenitfier with the nonce and then stores it inside an UserID. 20 / 33
  • 21. OpenID + OpenSocial Relying Party: Pigeon Authentication Servlet [...] DiscoveryInformation discoveryInformation = PigeonService.discoverOnIdentifier(userSuppliedIdentifier); req.getSession(true).setAttribute(“discoveryInformation”, discoveryInformation); AuthRequest authRequest = PigeonService.createAuthRequest(discoveryInformation, returnToUrl); res.sendRedirect(authRequest.getDestinationUrl(true)); [...] OIDResponseServlet [...] UserId uid = PigeonService.processData((DiscoveryInformation) req.getSession(true).getAttribute(“discoveryInformation”), new ParameterList(req.getParameterMap()), returnToUrl); UserHelper.setSessionUid(req,uid.getUserId()); UserHelper.setSessionUserHash(req,uid.hashCode()); AuthenticationResponse ar = new AuthenticationResponse(uid.getUserId()); [...] 21 / 33
  • 22. OpenID + OpenSocial Relying Party: Pigeon These two servlet respectively requires authentication to the provider and receives his response. It could be seen how the servlet have only to use the methods implemented by the class Pigeon. Like can be seen in the previous slides is really simple to implement a relying party also using the java api Openid4Java. In this case, unlike Poidsy, we are not blind in front of the software implementation, so we need to have a knowledge of OpenID specification to make general at all our implementation. 22 / 33
  • 23. OpenID + OpenSocial OpenSocial It’s open, it’s social, it’s up to you OpenSocial is a set of web API designed by Google, MySpace and many others web organizations with the objective to make interoperable every application implementing it with any social network system that supports them. It’s a set of two APIs, for javascript and REST. The javascript API are designed for “web gadgets” written in Google’s gadgets architecture. The REST API is for other apps: desktop, mobile and server. Gadgets are written using the Gadgets API. Any site that can host gadgets is called container. 23 / 33
  • 24. OpenID + OpenSocial OpenSocial: Gadgets Structure of a Gadget <?xml version=‘‘1.0’’ encoding=‘‘UTF-8’’ ?> <Module> <ModulePrefs title=‘‘Hello World!’’> <Require feature=‘‘opensocial-0.8’’ /> </ModulePrefs> <Content type=‘‘html’’> <![CDATA[ Hello, world! ]]> </Content> </Module> <Module> indicates that this XML contains a gadget. <ModulePrefs> contains information about the gadget. <Require feature=“opensocial-0.8” /> denotes a required feature of the gadget. <Content type=“html”> indicates that the gadget’s content type is HTML. 24 / 33
  • 25. OpenID + OpenSocial OpenSocial: Container Apache Shindig The reference implementation for an OpenSocial Container is Apache Shindig. An OpenSocial container is not merely a box designed to contains gadget but it also involves in the creation of a social infrastructure between members of the site implementing the API. There are two implementation for the Shindig Container: Java and PHP; these two versions have 3 major server side components: Persistent Data Loading Mechanism; Gadget Rendering Infrastructure OpenSocial server-side Implementation 25 / 33
  • 26. OpenID + OpenSocial OpenSocial: Container Some features are client side, like: The real gadget container (in javascript) The OpenSocial container JSon, Restful and Caja support OpenSocial APIs OpenSocial’s API implemented are: OpenSocial REST : for Server-to-Server communications OpenSocial JSON-RPC : for Gadget-to-Server communications Javascript: for Gadgets implementation 26 / 33
  • 27. OpenID + OpenSocial OpenSocial: Container Implementation Shindig Installation The shindig installation system is really simple. It just consists in extracting the downloaded archive to the directory where you wish install Apache Shindig. For the J2EE version the installation consists in copying the WAR file to $TOMCAT HOME/webapps if the server used is Tomcat. Building from source requires Java 1.5 or later with JAVA HOME environment variable set and Apache Maven already installed. For the PHP version you have just to copy shindig-php into a directory in /var/www obviously intending you have installed an Apache PHP server. Prerequisites are PHP 5.2.x with mod rewrite enabled with the json, simplexml, mcrypt and curl extensions enabled. 27 / 33
  • 28. OpenID + OpenSocial OpenSocial: Container Implementation To personalize your container (client-side in js) you have to override methods from the default implementation changing functionalities to resemble what you want. Usually you have rewrite the main funcion renderGadgets. M4P2 M4P2 is an extension of the javascript client-side shindig container adding to it some functionalities using jQuery library. It has been realized by Dario Mazza, Sebastiano Merlino, Marco Messina, Davide Giuseppe Monaco, Paolo Pino and Eugenio Priscimone. It just consists in a single js script that can be used like container for OpenSocial Gadgets. 28 / 33
  • 29. OpenID + OpenSocial OpenSocial: Container Implementation function renderGadgets(incoming, enable cb, disable cb) { enable sorting=(typeof(enable cb)==’function’) ? enable cb : function() {}; disable sorting=(typeof(disable cb)==’function’) ? disable cb : function() {}; [...] eval(var json data = + incoming); var ids = []; var urls = []; for (var el in json data) } ids.push(json data[el].id); var buffer = gadgets.container.createGadget(}specUrl: json data[el].url{); gadgets.container.addGadget(buffer); urls.push(buffer); } gadgets.container.layoutManager.setGadgetChromeIds(ids); for (var el in urls) { gadgets.container.renderGadget(urls[el]); var gadgetIframe = document.getElementById(urls[el].getIframeId()); gadgetIframe.setAttribute(’style’, ’width: 100%; max-height: 400px;’); } gadgets.container.refreshGadgets(); } 29 / 33
  • 30. OpenID + OpenSocial OpenSocial: Container Implementation M4P2 In the previous slide is presented a piece of code from the overriding of the function renderGadgets. This function accepts three params: incoming, enable cb, disable cb. The first parameter is a string in JSON format: [{’id’:’gadget-chrome-x’,’url’: ’gadgets/Login/Login.xml’},{ ’id’:’gadget-chrome-y’, ’url’:’http://localhost:8080/examples/getFriendsHasApp.xml’ }] “id” indicates the name of the div that has to contain the gadget. “url” is the path to reach the gadget. The block that follows registers the gadget and renderizes it. 30 / 33
  • 31. OpenID + OpenSocial A final merge <?xml version=“1.0” encoding=“UTF-8”?> <Module> <ModulePrefs title=“OpenSocial - Login utente” height=“250”> </ModulePrefs> <Content type=“html”> <![CDATA[ [...javascript inclusions...] [...do some stuff to print layout...] function accesso(){ var parametri = document.getElementById(“logstring”).value.split(“-”); var username = parametri[0]; var opname = parametri[1]; if(username==none){ window.location = “http://www.example.com:8080/openid/auth?op=” + opname; } else { var uid = document.getElementById(“userid”).value; window.location = “http://www.example.com:8080/openid/auth?op=” + opname + “&uid=” + uid; } [...do some stuff to fill form...] } ]]> </Content> </Module> 31 / 33
  • 32. OpenID + OpenSocial A final merge An OpenID gadget In the previous slide it can be seen an example of a OpenID login gadget. In this example have been used a modified shindig container (M4P2) that uses a relying party “Pigeon” developed on openid4java connecting with a huge number of provider. At this point we have realized our global authentication tool that using OpenID makes easy the life of the user. In addiction to this, we can distribute our gadget to any site implementing OpenSocial containers and that wants to use it. Supposing we want to start our OpenID provider it could be an extremely interessant example of software distribution as advertisement. An interessant plan for the future could be to implement support also to OAuth allowing easy data exchange and creating an automatic site ring. 32 / 33
  • 33. OpenID + OpenSocial Links... openid.net/developers/specs/ - to read about OpenID specifications. - article and step2.googlecode.com/svn/spec/openid oauth extension/latest/ specifications about the OAuth extension of OpenID. wiki.openid.net/Run-your-own-identity-server - A link to a collection of library to realize an OpenID provider. code.google.com/intl/it-IT/apis/opensocial/ - The official OpenSocial project page. shindig.apache.org/ - Shindig official web page. 33 / 33