SlideShare a Scribd company logo

Technical Background of VZ-ID

Bastian Hofmann, profile picture
Bastian Hofmann

The document summarizes identity management standards for sharing content and logging into websites. It discusses Open Exchange (OExchange) and OpenGraph for sharing content across social networks. It then covers login standards including OpenID, OAuth, and OpenID Connect. OpenID is presented as an early decentralized login standard, while OAuth added authorization capabilities. More recently, OpenID Connect combines the two and aims to address issues with the previous standards by making implementation easier and improving the user experience.

Technology
1 of 43
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 VZ-ID The technical background Bastian Hofmann VZnet Netzwerke Ltd.
VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Agenda – Sharing • OExchange • OpenGraph – Login • OpenID • OAuth  &  OAuth  2 • OpenID  Connect – VZ-­‐JavaScript  Library
VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Sharing
VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 OExchange • Common  API  for  publishing  sth.  into  social   networks http://www.example.com/share.php?url={URI}&title={title for the content}&description={short description of the content}&ctype=flash&swfurl={SWF URI}&height={preferred SWF height}&width={preferred swf width}&screenshot= {screenshot URI} hQp://www.oexchange.org/
VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Discovery  over  XRD <?xml version='1.0' encoding='UTF-8'?> <XRD xmlns="http://docs.oasis-open.org/ns/xri/xrd-1.0">     <Subject>http://www.example.com/linkeater</Subject>     <Property        type="http://www.oexchange.org/spec/0.8/prop/vendor">         Examples Inc.</Property>     <Property        type="http://www.oexchange.org/spec/0.8/prop/title">         A Link-Accepting Service</Property>     <Link        rel= "icon" href="http://www.example.com/favicon.ico"        type="image/vnd.microsoft.icon" />     <Link        rel= "http://www.oexchange.org/spec/0.8/rel/offer"        href="http://www.example.com/linkeater/offer.php"        type="text/html" /> </XRD>
VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 OpenGraph Retrieves  meta  data  through  meta  tags  in  shared   page <meta property="og:title" content="title" /> <meta property="og:description" content="description" /> <meta property="og:site_name" content="your site name" /> <meta property="og:image" content="http://example.com/ thumbnail.jpg" /> hQp://opengraphprotocol.org/
VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Sharing  examples  @VZ http://platform-redirect.vz-modules.net/r/Link/Share/?url=http%3A %2F%2Fwww.example.com&description=descripton&title=title http://www.studivz.net/Link/Share/?url=http%3A%2F %2Fwww.example.com&description=descripton&title=title hQp://developer.studivz.net/wiki/index.php/Sharing
VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Login
VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Iden@@es  in  real  life
VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Do  you  have  really  only  one   iden@ty? Lothar  Krappmann: -­‐  IdenVty  is  conveyed  by  communicaVon -­‐  IdenVty  is  not  fixed  but  recreated  by  every    communicaVon  with  your  fellows -­‐  ExpectaVons  of  different  people  result  in    different  idenVVes
VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Example: Paul  Adams hQp://www.slideshare.net/padday/the-­‐real-­‐life-­‐social-­‐network-­‐v2
VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Iden@@es  in  the  Web
VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Register,  Register,  Register,  ...
VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Single  Sign  on ul_Marga
VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 MicrosoK  Passport  /  Live  ID • Windows  Live  ID • Launched  1999  as  .net  Passport • Used  mainly  for  Microso]   Services  but  not  much  outside • OpenID  Provider  since  2008
VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Facebook  Connect
VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 TwiSer  @Anywhere
VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 And  there  are  much,  much  more
VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Nascar  problem Vaguely Artistic
VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 How  to  fix  it? Moff
VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Aggrega@on:  Janrain hQp://www.janrain.com/
VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 OpenID • Open  decentralized  user  authenVcaVon hQp://openid.net/
VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010
VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Connec@on  Flow
VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Authen@ca@on  vs  Authoriza@on Who  is  the  user? Is  this  really  user  X? VS Is  X  allowed  to  do  something? Does  X  have  the  permission? Client sites want more than just a unique identifier (Social Graph)
VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 But  there  are  Spec  Extensions decafinata
VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 OpenID  +  OAuth • Combines  OpenID  AuthenVcaVon  and  OAuth   authorizaVon openid.ns.oauth=http://specs.openid.net/extensions/oauth/1.0 &openid.oauth.consumer=123456 openid.ns.oauth=http://specs.openid.net/extensions/oauth/1.0 &openid.oauth.request_token=7890
VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 OAuth  1.0a  Flow +----------+ +---------------+ | -+----(B)-- Request Token -------->| | | End-user | | Authorization | | at |<---(C)-- User authenticates --->| Server | | Browser | | | | -+----(D)-- Verifier -------------<| | +-|----|---+ +---------------+ | | ^ v (B) (D) | | | | | | ^ v | | +---------+ | | | |>---(A)-- Redirect URL ---------------| | | Web |<---(A)-- Request Token + Secret -----| | | Client |>---(E)-- Request Token, Verifier ----' | | |<---(E)-- Access Token + Secret -------------' +---------+                    Every Request: Client Credentials, Nonce, Timestamp, Signature hQp://oauth.net/
VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Failures  of  OpenID  2.0 • Complex  to  implement • No  markeVng – Do  you  have  an  OpenID? – What  is  it? • URL  as  idenVfier  =>  Bad  User  Experience
VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 OpenID  Connect • Goals: – Easier  to  implement – More  simple  specificaVon – BeQer  user  experience • =>  wider  adpVon • Built  on  top  of  OAuth  2.0
VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 What‘s  wrong  with  OAuth? • Does  not  work  well  with  non  web  or  JavaScript   based  clients • The  „Invalid  Signature“  Problem • Complicated  Flow,  many  requests
VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 What‘s  new  in  OAuth2?   (DraK  10) • Different  client  profiles • No  signatures • No  Token  Secrets • Cookie-­‐like  Bearer  Token • Mandatory  TSL/SSL • No  Request  Tokens • Much  more  flexible  regarding  extensions hQp://tools.iej.org/html/dra]-­‐iej-­‐oauth-­‐v2
VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Web-­‐Server  Profile +----------+ Client Identifier +---------------+ | -+----(A)--- & Redirect URI ------>| | | End-user | | Authorization | | at |<---(B)-- User authenticates --->| Server | | Browser | | | | -+----(C)-- Authorization Code ---<| | +-|----|---+ +---------------+ | | ^ v (A) (C) | | | | | | ^ v | | +---------+ | | | |>---(D)-- Client Credentials, --------' | | Web | Authorization Code, | | Client | & Redirect URI | | | | | |<---(E)----- Access Token -------------------' +---------+ (w/ Optional Refresh Token)
VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 User-­‐Agent  Profile +----------+ Client Identifier +----------------+ | |>---(A)-- & Redirection URI --->| | | | | | End <--+ - - - +----(B)-- User authenticates -->| Authorization | User | | | Server | | |<---(C)--- Redirect URI -------<| | | Client | with Access Token | | | in | in Fragment +----------------+ | Browser | | | +----------------+ | |>---(D)--- Redirect URI ------->| | | | without Fragment | Web Server | | | | with Client | | (F) |<---(E)--- Web Page with ------<| Resource | | Access | Script | | | Token | +----------------+ +----------+
VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 What  happend  to  signatures? • Ongoing  controvers  discussion • Bearer  Tokens  are  fine  over  secure  connecVon • Vulnerable  if  discovery  is  introduced • Or  TSL/SSL  is  not  possible
VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Scopes • OpVonal  parameter  for  provider  specific   implementaVons • For  example – AddiVonal  return  values – Access  Control
VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 OpenID  Connect? • Scope:  „openid“ • With  access  token  addiVonal  values  are  returned – UserID:  URL  to  Portable  Contacts  endpoint – Signature – Timestamp hQp://openidconnect.com/
VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 OpenID  Connect  Discovery • Get  IdenVfier  of  user • Call  /.well-­‐know/host-­‐meta  file  at  the  domain  of   the  user‘s  provider • Look  for  a  link  poinVng  to  the  OpenID  Connect   endpoints  in  the  returned  LRDD
VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 OpenID  Connect  @VZ • Available  now • But  without  the  discovery  part – No  discovering  clients – No  discoverable  enVVes
VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 VZ-­‐JavaScript  Library <script src="http://static.pe.studivz.net/Js/id/v3/library.js" data-authority="platform-redirect.vz-modules.net/r" data-authorityssl="platform-redirect.vz-modules.net/r" type="text/javascript"></script> <script type="vz/share">    id: shareButton    title: title of your site    description : a description </script> hQp://developer.studivz.net/wiki/index.php/JS-­‐Library
VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Login  widget <script type="text/javascript"> function callbackMethod(c) {   if (c.error) {     return;   }   var url = c.user_id;   vz.id.login.callApi(url, function(data) {     console.log(data.entry.displayName);   }); } </script> <script type="vz/login">    client_id : 1234567890abcdef    redirect_uri : http://example.com/callback.html    callback : callbackMethod    fields : name,emails </script> hQp://developer.studivz.net/wiki/index.php/JS-­‐Library
VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Callback.html <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional// EN"> <html>   <head>     <title></title>     <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">   </head>   <body>       <script type="text/javascript">         opener.vz.id.authStorage.setAuthParameterHash (location.hash.substr(1));         window.close();       </script>   </body> </html>
VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Thank  you hQp://twiQer.com/BasVanHofmann hQp://studivz.net/basVan hQp://slideshare.net/bashofmann bhofmann@vz.net hQp://developer.studivz.net

More Related Content

PDF
Distributed Identities with OpenID
Bastian Hofmann
 
PDF
Distributed Social Networking
Bastian Hofmann
 
PDF
Javascript Object Signing & Encryption
Aaron Zauner
 
PPT
Rest full
gfarid
 
PPT
resp
alibehzadnia
 
PPTX
OExchange Technical Intro
Will Meyer
 
PDF
Clearspring Widgetsphere
eraz
 
PPT
Web Widgets Talk @ RefreshDC, Sep 2007
Will Meyer
 
Distributed Identities with OpenID
Bastian Hofmann
 
Distributed Social Networking
Bastian Hofmann
 
Javascript Object Signing & Encryption
Aaron Zauner
 
Rest full
gfarid
 
resp
alibehzadnia
 
OExchange Technical Intro
Will Meyer
 
Clearspring Widgetsphere
eraz
 
Web Widgets Talk @ RefreshDC, Sep 2007
Will Meyer
 

Similar to Technical Background of VZ-ID (20)

PDF
OpenSocial - Past, Present, Future
Bastian Hofmann
 
PDF
Distributed Identities with OpenID
Bastian Hofmann
 
PDF
Distributed Identities with OpenID
Bastian Hofmann
 
PDF
How to create social apps for millions of users
Bastian Hofmann
 
PPTX
Making Sense of API Access Control
CA API Management
 
PDF
Gluecon oauth-03
Paul Madsen
 
PDF
OAuth 1.0
Nov Matake
 
PPTX
OAuth - Don’t Throw the Baby Out with the Bathwater
Apigee | Google Cloud
 
PPT
UserCentric Identity based Service Invocation
guestd5dde6
 
PDF
When and Why Would I use Oauth2?
Dave Syer
 
PDF
Crossing the Boundaries of Web Applications with OpenSocial
Bastian Hofmann
 
PPTX
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
Maarten Balliauw
 
PDF
OAuth 2.0 Updates #technight
Nov Matake
 
PPTX
Buiding application for social networks
Đỗ Duy Trung
 
PDF
Acronym Soup
Dan Brickley
 
PDF
CIS14: Working with OAuth and OpenID Connect
CloudIDSummit
 
PPTX
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
Maarten Balliauw
 
PPT
Oauth tutorial
乐费 胡
 
PDF
Draft Hammer Oauth 10
Vishal Shah
 
KEY
OpenID vs OAuth - Identity on the Web
Richard Metzler
 
OpenSocial - Past, Present, Future
Bastian Hofmann
 
Distributed Identities with OpenID
Bastian Hofmann
 
Distributed Identities with OpenID
Bastian Hofmann
 
How to create social apps for millions of users
Bastian Hofmann
 
Making Sense of API Access Control
CA API Management
 
Gluecon oauth-03
Paul Madsen
 
OAuth 1.0
Nov Matake
 
OAuth - Don’t Throw the Baby Out with the Bathwater
Apigee | Google Cloud
 
UserCentric Identity based Service Invocation
guestd5dde6
 
When and Why Would I use Oauth2?
Dave Syer
 
Crossing the Boundaries of Web Applications with OpenSocial
Bastian Hofmann
 
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
Maarten Balliauw
 
OAuth 2.0 Updates #technight
Nov Matake
 
Buiding application for social networks
Đỗ Duy Trung
 
Acronym Soup
Dan Brickley
 
CIS14: Working with OAuth and OpenID Connect
CloudIDSummit
 
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
Maarten Balliauw
 
Oauth tutorial
乐费 胡
 
Draft Hammer Oauth 10
Vishal Shah
 
OpenID vs OAuth - Identity on the Web
Richard Metzler
 
Ad

More from Bastian Hofmann (19)

PDF
Introduction to rg\injection
Bastian Hofmann
 
PDF
IGNITE OpenSocial 2.0 - Viva La OpenAppRevolution!
Bastian Hofmann
 
PDF
How to create OpenSocial Apps in 45 minutes
Bastian Hofmann
 
PDF
Crossing the Boundaries of Web Applications with OpenSocial
Bastian Hofmann
 
PDF
The Identity Problem of the Web and how to solve it
Bastian Hofmann
 
PDF
Mashing up JavaScript
Bastian Hofmann
 
PDF
Crossing the Boundaries of Web Applications with OpenSocial
Bastian Hofmann
 
PDF
Opening up the Social Web - Standards that are bridging the Islands
Bastian Hofmann
 
PDF
Mashing up JavaScript – Advanced Techniques for modern Web Apps
Bastian Hofmann
 
PDF
Mashing up JavaScript
Bastian Hofmann
 
PDF
Creating social games for millions of users
Bastian Hofmann
 
KEY
Advanced Capabilities of OpenSocial Apps
Bastian Hofmann
 
PDF
Creating OpenSocial Apps for millions of users
Bastian Hofmann
 
PDF
How to make your social games successfull
Bastian Hofmann
 
PDF
Opening up the Social Web - Standards that are bridging the Islands
Bastian Hofmann
 
PDF
Creating OpenSocial Apps
Bastian Hofmann
 
PDF
OpenSocial in der Praxis
Bastian Hofmann
 
PDF
OpenSocial Done Right
Bastian Hofmann
 
PDF
Social apps done right
Bastian Hofmann
 
Introduction to rg\injection
Bastian Hofmann
 
IGNITE OpenSocial 2.0 - Viva La OpenAppRevolution!
Bastian Hofmann
 
How to create OpenSocial Apps in 45 minutes
Bastian Hofmann
 
Crossing the Boundaries of Web Applications with OpenSocial
Bastian Hofmann
 
The Identity Problem of the Web and how to solve it
Bastian Hofmann
 
Mashing up JavaScript
Bastian Hofmann
 
Crossing the Boundaries of Web Applications with OpenSocial
Bastian Hofmann
 
Opening up the Social Web - Standards that are bridging the Islands
Bastian Hofmann
 
Mashing up JavaScript – Advanced Techniques for modern Web Apps
Bastian Hofmann
 
Mashing up JavaScript
Bastian Hofmann
 
Creating social games for millions of users
Bastian Hofmann
 
Advanced Capabilities of OpenSocial Apps
Bastian Hofmann
 
Creating OpenSocial Apps for millions of users
Bastian Hofmann
 
How to make your social games successfull
Bastian Hofmann
 
Opening up the Social Web - Standards that are bridging the Islands
Bastian Hofmann
 
Creating OpenSocial Apps
Bastian Hofmann
 
OpenSocial in der Praxis
Bastian Hofmann
 
OpenSocial Done Right
Bastian Hofmann
 
Social apps done right
Bastian Hofmann
 
Ad

Recently uploaded (20)

PPTX
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
PDF
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PDF
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Cloud computing and distributed systems.
kkkkkhan
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
A Presentation on Artificial Intelligence
memembruh336
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 

Technical Background of VZ-ID

  • 1. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 VZ-ID The technical background Bastian Hofmann VZnet Netzwerke Ltd.
  • 2. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Agenda – Sharing • OExchange • OpenGraph – Login • OpenID • OAuth  &  OAuth  2 • OpenID  Connect – VZ-­‐JavaScript  Library
  • 3. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Sharing
  • 4. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 OExchange • Common  API  for  publishing  sth.  into  social   networks http://www.example.com/share.php?url={URI}&title={title for the content}&description={short description of the content}&ctype=flash&swfurl={SWF URI}&height={preferred SWF height}&width={preferred swf width}&screenshot= {screenshot URI} hQp://www.oexchange.org/
  • 5. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Discovery  over  XRD <?xml version='1.0' encoding='UTF-8'?> <XRD xmlns="http://docs.oasis-open.org/ns/xri/xrd-1.0">     <Subject>http://www.example.com/linkeater</Subject>     <Property        type="http://www.oexchange.org/spec/0.8/prop/vendor">         Examples Inc.</Property>     <Property        type="http://www.oexchange.org/spec/0.8/prop/title">         A Link-Accepting Service</Property>     <Link        rel= "icon" href="http://www.example.com/favicon.ico"        type="image/vnd.microsoft.icon" />     <Link        rel= "http://www.oexchange.org/spec/0.8/rel/offer"        href="http://www.example.com/linkeater/offer.php"        type="text/html" /> </XRD>
  • 6. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 OpenGraph Retrieves  meta  data  through  meta  tags  in  shared   page <meta property="og:title" content="title" /> <meta property="og:description" content="description" /> <meta property="og:site_name" content="your site name" /> <meta property="og:image" content="http://example.com/ thumbnail.jpg" /> hQp://opengraphprotocol.org/
  • 7. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Sharing  examples  @VZ http://platform-redirect.vz-modules.net/r/Link/Share/?url=http%3A %2F%2Fwww.example.com&description=descripton&title=title http://www.studivz.net/Link/Share/?url=http%3A%2F %2Fwww.example.com&description=descripton&title=title hQp://developer.studivz.net/wiki/index.php/Sharing
  • 8. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Login
  • 9. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Iden@@es  in  real  life
  • 10. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Do  you  have  really  only  one   iden@ty? Lothar  Krappmann: -­‐  IdenVty  is  conveyed  by  communicaVon -­‐  IdenVty  is  not  fixed  but  recreated  by  every    communicaVon  with  your  fellows -­‐  ExpectaVons  of  different  people  result  in    different  idenVVes
  • 11. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Example: Paul  Adams hQp://www.slideshare.net/padday/the-­‐real-­‐life-­‐social-­‐network-­‐v2
  • 12. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Iden@@es  in  the  Web
  • 13. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Register,  Register,  Register,  ...
  • 14. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Single  Sign  on ul_Marga
  • 15. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 MicrosoK  Passport  /  Live  ID • Windows  Live  ID • Launched  1999  as  .net  Passport • Used  mainly  for  Microso]   Services  but  not  much  outside • OpenID  Provider  since  2008
  • 16. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Facebook  Connect
  • 17. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 TwiSer  @Anywhere
  • 18. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 And  there  are  much,  much  more
  • 19. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Nascar  problem Vaguely Artistic
  • 20. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 How  to  fix  it? Moff
  • 21. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Aggrega@on:  Janrain hQp://www.janrain.com/
  • 22. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 OpenID • Open  decentralized  user  authenVcaVon hQp://openid.net/
  • 23. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010
  • 24. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Connec@on  Flow
  • 25. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Authen@ca@on  vs  Authoriza@on Who  is  the  user? Is  this  really  user  X? VS Is  X  allowed  to  do  something? Does  X  have  the  permission? Client sites want more than just a unique identifier (Social Graph)
  • 26. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 But  there  are  Spec  Extensions decafinata
  • 27. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 OpenID  +  OAuth • Combines  OpenID  AuthenVcaVon  and  OAuth   authorizaVon openid.ns.oauth=http://specs.openid.net/extensions/oauth/1.0 &openid.oauth.consumer=123456 openid.ns.oauth=http://specs.openid.net/extensions/oauth/1.0 &openid.oauth.request_token=7890
  • 28. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 OAuth  1.0a  Flow +----------+ +---------------+ | -+----(B)-- Request Token -------->| | | End-user | | Authorization | | at |<---(C)-- User authenticates --->| Server | | Browser | | | | -+----(D)-- Verifier -------------<| | +-|----|---+ +---------------+ | | ^ v (B) (D) | | | | | | ^ v | | +---------+ | | | |>---(A)-- Redirect URL ---------------| | | Web |<---(A)-- Request Token + Secret -----| | | Client |>---(E)-- Request Token, Verifier ----' | | |<---(E)-- Access Token + Secret -------------' +---------+                    Every Request: Client Credentials, Nonce, Timestamp, Signature hQp://oauth.net/
  • 29. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Failures  of  OpenID  2.0 • Complex  to  implement • No  markeVng – Do  you  have  an  OpenID? – What  is  it? • URL  as  idenVfier  =>  Bad  User  Experience
  • 30. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 OpenID  Connect • Goals: – Easier  to  implement – More  simple  specificaVon – BeQer  user  experience • =>  wider  adpVon • Built  on  top  of  OAuth  2.0
  • 31. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 What‘s  wrong  with  OAuth? • Does  not  work  well  with  non  web  or  JavaScript   based  clients • The  „Invalid  Signature“  Problem • Complicated  Flow,  many  requests
  • 32. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 What‘s  new  in  OAuth2?   (DraK  10) • Different  client  profiles • No  signatures • No  Token  Secrets • Cookie-­‐like  Bearer  Token • Mandatory  TSL/SSL • No  Request  Tokens • Much  more  flexible  regarding  extensions hQp://tools.iej.org/html/dra]-­‐iej-­‐oauth-­‐v2
  • 33. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Web-­‐Server  Profile +----------+ Client Identifier +---------------+ | -+----(A)--- & Redirect URI ------>| | | End-user | | Authorization | | at |<---(B)-- User authenticates --->| Server | | Browser | | | | -+----(C)-- Authorization Code ---<| | +-|----|---+ +---------------+ | | ^ v (A) (C) | | | | | | ^ v | | +---------+ | | | |>---(D)-- Client Credentials, --------' | | Web | Authorization Code, | | Client | & Redirect URI | | | | | |<---(E)----- Access Token -------------------' +---------+ (w/ Optional Refresh Token)
  • 34. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 User-­‐Agent  Profile +----------+ Client Identifier +----------------+ | |>---(A)-- & Redirection URI --->| | | | | | End <--+ - - - +----(B)-- User authenticates -->| Authorization | User | | | Server | | |<---(C)--- Redirect URI -------<| | | Client | with Access Token | | | in | in Fragment +----------------+ | Browser | | | +----------------+ | |>---(D)--- Redirect URI ------->| | | | without Fragment | Web Server | | | | with Client | | (F) |<---(E)--- Web Page with ------<| Resource | | Access | Script | | | Token | +----------------+ +----------+
  • 35. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 What  happend  to  signatures? • Ongoing  controvers  discussion • Bearer  Tokens  are  fine  over  secure  connecVon • Vulnerable  if  discovery  is  introduced • Or  TSL/SSL  is  not  possible
  • 36. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Scopes • OpVonal  parameter  for  provider  specific   implementaVons • For  example – AddiVonal  return  values – Access  Control
  • 37. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 OpenID  Connect? • Scope:  „openid“ • With  access  token  addiVonal  values  are  returned – UserID:  URL  to  Portable  Contacts  endpoint – Signature – Timestamp hQp://openidconnect.com/
  • 38. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 OpenID  Connect  Discovery • Get  IdenVfier  of  user • Call  /.well-­‐know/host-­‐meta  file  at  the  domain  of   the  user‘s  provider • Look  for  a  link  poinVng  to  the  OpenID  Connect   endpoints  in  the  returned  LRDD
  • 39. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 OpenID  Connect  @VZ • Available  now • But  without  the  discovery  part – No  discovering  clients – No  discoverable  enVVes
  • 40. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 VZ-­‐JavaScript  Library <script src="http://static.pe.studivz.net/Js/id/v3/library.js" data-authority="platform-redirect.vz-modules.net/r" data-authorityssl="platform-redirect.vz-modules.net/r" type="text/javascript"></script> <script type="vz/share">    id: shareButton    title: title of your site    description : a description </script> hQp://developer.studivz.net/wiki/index.php/JS-­‐Library
  • 41. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Login  widget <script type="text/javascript"> function callbackMethod(c) {   if (c.error) {     return;   }   var url = c.user_id;   vz.id.login.callApi(url, function(data) {     console.log(data.entry.displayName);   }); } </script> <script type="vz/login">    client_id : 1234567890abcdef    redirect_uri : http://example.com/callback.html    callback : callbackMethod    fields : name,emails </script> hQp://developer.studivz.net/wiki/index.php/JS-­‐Library
  • 42. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Callback.html <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional// EN"> <html>   <head>     <title></title>     <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">   </head>   <body>       <script type="text/javascript">         opener.vz.id.authStorage.setAuthParameterHash (location.hash.substr(1));         window.close();       </script>   </body> </html>
  • 43. VZnet  Netzwerke  Ltd.  -­‐  Tuesday,  December  7,  2010 Thank  you hQp://twiQer.com/BasVanHofmann hQp://studivz.net/basVan hQp://slideshare.net/bashofmann bhofmann@vz.net hQp://developer.studivz.net