Home OpenID at Web 2.0 Expo

OpenID at Web 2.0 Expo

There were two sessions today on User-Centric identity at Web 2.0 Expo. I attended the
first one etitled “Implementing OpenID”, which was conducted by David Recordon of Verisign and Brian Ellin of JanRain. The session was well
attended and it was surprising to see that more than 50% (according to a raised hand vote
by David) of the users had heard of OpenID. This is testiment to the momentum OpenID has
created in the industry. The session started with a brief summary of the benefits of
OpenID :

  • SSO for the web
  • Simple and lightweight
  • Easy to use and deploy
  • Open development process
  • Decentralized, Free
  • People are already familiar with URLs
  • User control of information
  • Site specific hacks are possible – use AOL user name to sign-in.

David produced a slide that showing there are not only over 100 million
OpenIDs in service
, but there are close to 2,500 relying
parties
already accepting OpenID. Some of the interesting platforms/technologies
that are supporting OpenID are:

  • Platforms: Joomla, drupal, /bb, rails, plone
  • Sites: Technocati, digg, sixapart, pageflakes, netvibes, wordpress etc.
  • Vendors: Microsoft, AOL, Verisign etc.

Implementing OpenID

Brian showed a demo of how OpenID works, by logging into jyte.com. He followed it up with a cool example of OpenID
delegation, which showed how users can use their own site as an OpenID and delegate the
sign in/authentication etc. to another OpenID provider (OP) – with just 2 lines of code.
This allows users to easily customize their OpenID, along with giving them the
flexibility to change their OP when they want.

David then showed an example of how to create your own OP using /MyID. He created a
new OpenID within minutes (hashing the password seemed a bit complicated though and it
will take me more then 2 minutes!). He also demonstrated how users can create their own
personal profile data and control it centrally, to provide the right set of information
to the right relying party. By using this technique, users will not need to fill out the
same sign-up form over and over again at multiple sites.

Brian then demonstrated how to install OpenID on Ruby, using the ruby-OpenID library.
He suggested that all relying parties should use the standard
“openid_identifier” to name their OpenID input name, to make it easy for
browsers to detect and process it. The Ruby example of enabling an app to use OpenID
seemed really easy.

The Phishing Problem

To their credit, David and Brian addressed the tricky phishing issue that has been
plaguing OpenID. They suggested a number of potential solutions that are being worked
on:

  • Client side certs (browser based certificates)
  • Microsoft
    CardSpace
    (IE 7/Vista)
  • Vidoop (image based access code); this is really not
    an anti-phishing solution, but it does allows users to replace passwords with easier to
    use visual categories – which defeat the keyboard logging kind of attacks.
  • OpenID SeatBelt: This is a new browser plug-in for FireFox and IE by Verisign. The
    SeatBelt works as follows:

    – The browser plugin first detects if a web page accepts OpenID authentication;

    – It then asks the user to Login to their OpenID account, so that they don’t have
    to login again;

    – It shows a visual indication that the login page is safe, plus the current login
    status of the user as a browser button in the browser toolbars;

    – In terms of usability, the Seatbelt plugin automatically fills out the OpenID field
    when it detects a site that accepts OpenID.

Overall it was a great, although somewhat basic, session. If you are interested in
finding out further details of the session, the slides of the session with notes are
available on OpenID.net.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the gambling and blockchain industries for major developments, new product and brand launches, game releases and other newsworthy events. Editors assign relevant stories to in-house staff writers with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest iGaming headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Gambling News

    Explore the latest in online gambling with our curated updates. We cut through the noise to deliver concise, relevant insights, keeping you informed about the ever-changing world of iGaming and its most important trends.

    In-Depth Strategy Guides

    Elevate your game with tailored strategies for sports betting, table games, slots, and poker. Learn how to maximize bonuses, refine your tactics, and boost your chances to beat the house.

    Unbiased Expert Reviews

    Honest and transparent reviews of sportsbooks, casinos and poker rooms crafted through industry expertise and in-depth analysis. Delve into intricacies, get the best bonus deals, and stay ahead with our trustworthy guides.