A presentation about how to do easy testing on OpenID Consumer, using a gem called rots. more info at http://github.com/roman/rots

1. Easy Testing on Ruby
OpenID Consumer
Implementations
by Roman Gonzalez.
Tuesday 24 March 2009

2. Presentation Highlights
• What is OpenID?
• URL’s as our identity credentials
• OpenID Terminology
• The OpenID authentication process
explained
• How to implement RP’s Ruby
Tuesday 24 March 2009

3. Presentation Highlights
• Testing OpenID RP’s
• Demo (Rails, Merb)
• Q&A’s
Tuesday 24 March 2009

4. What is OpenID?
• A protocol that promotes the use of a
single digital identity (Single Sign On)
• Decentralized
• Simple and light-weight (no high security
stuff)
• Built upon Web technologies (HTTP, DNS)
Tuesday 24 March 2009

5. URL’s are our
credentials
• Most of people already have an URL to
represent their identity (Facebook, Twitter)
• They are globally unique and ubiquitous
Tuesday 24 March 2009

6. OpenID Terminology
• Actors
• Identifier (URL of the user)
• User-Agent (normally a Web Browser)
• Relying Party (RP)
• OpenID Provider (OP)
Tuesday 24 March 2009

7. OpenID Terminology
• Direct Messages
• HTTP POST requests from RP’s to OP’s
• Used for interchange of public keys
Tuesday 24 March 2009

8. OpenID Terminology
• Indirect Messages
• HTTP Redirects from RP’s to OP’s and
back
• Used for the authentication process
Tuesday 24 March 2009

9. OpenID Authentication
Step 1. Discovery
Tuesday 24 March 2009

10. OpenID Authentication
Step 1. Discovery
HTTP GET
Tuesday 24 March 2009

11. OpenID Authentication
Step 1. Discovery
Tuesday 24 March 2009

12. OpenID Authentication
Step 1. Discovery
Tuesday 24 March 2009

13. OpenID Authentication
Step 1. Discovery
Tuesday 24 March 2009

14. OpenID Authentication
Step 2. Association
Tuesday 24 March 2009

15. OpenID Authentication
Step 2. Association
HTTP POST
Exchange of public keys
Tuesday 24 March 2009

16. OpenID Authentication
Step 3. Give credentials to OP
Tuesday 24 March 2009

17. OpenID Authentication
Step 4. Choose which info to give to the RP
Tuesday 24 March 2009

18. OpenID Authentication
Step 5. You are _authenticated_
Tuesday 24 March 2009

19. Implementing OpenID
RP’s in Ruby
• Ruby On Rails: open_id_authentication by
rails at http://github.com
• Merb: hassox’s merb-auth gem, using the
OpenID strategy
• Rack: Using the auth/openid Rack app
included in the gem
Tuesday 24 March 2009

20. Testing OpenID RP’s
• How do we make test on it?
• First naive approach: mocking/stubbing the ruby-
openid gem
• Why it is so hard to test?
• Multiple types of communication between the
RP and the OP
• The existing OP’s need human interaction
Tuesday 24 March 2009

21. Introducing ROTS
(Ruby OpenID Test Server)
• It provides an “easy” interface for
automated testing
• It uses an OP test servers (provided on the
gem) and a test API
Tuesday 24 March 2009

22. DEMO
Tuesday 24 March 2009

23. Final Thoughts
• ROTS is _not_ a silver bullet
• OpenID is not perfect, and it is not trying
to be
Tuesday 24 March 2009

24. Resources
• http://openidexplained.com
• http://github.com/rails/open_id_auth
• http://github.com/roman/rots
• http://test-id.net
Tuesday 24 March 2009

25. Q&A’s
Tuesday 24 March 2009

26. Thanks...
Contact Me
Follow: http://twitter/romanandreg
Read: http://blog.romanandreg.com
Tuesday 24 March 2009