Eugene Tsyrklevich: OpenID: Single Sign-On for the Internet
Black Hat Briefings, USA 2007 [Audio] Presentations from the security conference.
English - January 09, 2006 23:10 - 58 minutes - 13.3 KB - ★★★★★ - 1 ratingTechnology News Tech News blackhat usa 2006 black hat vegas blackhat vegas hacking convention computer security speeches presentations spoken word video Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Tired of tracking your username and password across 169 Web 2.0 websites that you have registered with? Thinking of adding SSO to your webapp? Pen-testing a Web 2.0 app? Then come and learn about OpenID - a new decentralized Single Sign-On system for the web.
OpenID is increasingly gaining adoption amongst large sites, with organizations like AOL acting as a provider. In addition, integrated OpenID support has been made a mandatory priority in Firefox 3 and Microsoft is working on implementing OpenID 2.0 in Windows Vista. As OpenID adoption increases pace, the security of the protocol becomes of increasing importance.
This talk introduces OpenID, takes you through its demo and discusses the security of the underlying protocol. The talk will also introduce known attacks against OpenID such as phishing and some of the possible work arounds.