OpenID: Single Sign-On for the Internet presented at BlackHatDC 2007

by Eugene TsyrklevichVlad Tsyrklevich, Vlad Tsyrklevich,


Summary : Tired of tracking your username and password across 169 Web 2.0 websites that you have registered with? Thinking of adding SSO to your webapp? Pen-testing a Web 2.0 app? Then come and learn about OpenIDa new decentralized Single Sign-On system for the web.
OpenID is increasingly gaining adoption amongst large sites, with organizations like AOL acting as a provider. In addition, integrated OpenID support has been made a mandatory priority in Firefox 3 and Microsoft is working on implementing OpenID 2.0 in Windows Vista. As OpenID adoption increases pace, the security of the protocol becomes of increasing importance.
This talk introduces OpenID, takes you through its demo and discusses the security of the underlying protocol. The talk will also introduce known attacks against OpenID such as phishing and some of the possible work arounds.