1. Easy Testing on Ruby
OpenID Consumer
Implementations
by Roman Gonzalez.
Tuesday 24 March 2009
2. Presentation Highlights
• What is OpenID?
• URL’s as our identity credentials
• OpenID Terminology
• The OpenID authentication process
explained
• How to implement RP’s Ruby
Tuesday 24 March 2009
4. What is OpenID?
• A protocol that promotes the use of a
single digital identity (Single Sign On)
• Decentralized
• Simple and light-weight (no high security
stuff)
• Built upon Web technologies (HTTP, DNS)
Tuesday 24 March 2009
5. URL’s are our
credentials
• Most of people already have an URL to
represent their identity (Facebook, Twitter)
• They are globally unique and ubiquitous
Tuesday 24 March 2009
6. OpenID Terminology
• Actors
• Identifier (URL of the user)
• User-Agent (normally a Web Browser)
• Relying Party (RP)
• OpenID Provider (OP)
Tuesday 24 March 2009
7. OpenID Terminology
• Direct Messages
• HTTP POST requests from RP’s to OP’s
• Used for interchange of public keys
Tuesday 24 March 2009
8. OpenID Terminology
• Indirect Messages
• HTTP Redirects from RP’s to OP’s and
back
• Used for the authentication process
Tuesday 24 March 2009
19. Implementing OpenID
RP’s in Ruby
• Ruby On Rails: open_id_authentication by
rails at http://github.com
• Merb: hassox’s merb-auth gem, using the
OpenID strategy
• Rack: Using the auth/openid Rack app
included in the gem
Tuesday 24 March 2009
20. Testing OpenID RP’s
• How do we make test on it?
• First naive approach: mocking/stubbing the ruby-
openid gem
• Why it is so hard to test?
• Multiple types of communication between the
RP and the OP
• The existing OP’s need human interaction
Tuesday 24 March 2009
21. Introducing ROTS
(Ruby OpenID Test Server)
• It provides an “easy” interface for
automated testing
• It uses an OP test servers (provided on the
gem) and a test API
Tuesday 24 March 2009
26. Thanks...
Contact Me
Follow: http://twitter/romanandreg
Read: http://blog.romanandreg.com
Tuesday 24 March 2009
Editor's Notes
Good evening, my name is <name> and I will be presenting <title>
First thing I want to point out that is that, I’m not going to go to deep on the OpenID Theory,
I will just tackle the surface of it, for all the people that is not familiar with it, get an idea of what this is all about.
* Define OpenID
* Explain why we use
* Define the terms used in the OpenID protocol, <easier>
* Tackle the whole OpenID authentication process
* Show the best options for implementing RP’s
* How to manage the test process of our RP’s implementations
* I’ll show you some code with Rails and Merb, and we are going to define a test
* No forgetting passwords, manage your user information on one place
* You don’t have to make federations in order to make this work, the identities doesn’t need
to be in one OpenID Server
* This protocol tries to be as simple as possible, ergo. it can be tackled because of this simplicity
* It’s proven to work because it’s in top of the most popular Web technology
* This makes it really easy for people to adapt to the concept of it
* The same URL works, no matter where you are, and it can be found on the Web