Skip to content

OpenID and the CC Network

Uncategorized

One of the key benefits of becoming a Creative Commons Network member is the OpenID login feature. In this blog post, we’ll cover the basics of OpenID and why having a Creative Commons Network OpenID is particularly interesting to users who care about their privacy. We’ll also point out the risks of using OpenID and how you can mitigate them.

OpenID and Password Insanity

By now, even casual web users are encountering password fatigue. Though it isn’t ideal from a security standpoint, it becomes necessary to reuse passwords across sites when possible. One increasingly popular alternative to this password insanity is OpenID. With OpenID, a user creates an OpenID account at one of many available OpenID providers, e.g. http://creativecommons.net/. The user is then assigned an OpenID URL, e.g. http://creativecommons.net/ben. Then, when logging into a web site that supports OpenID, the user simply submits his OpenID URL, is automatically redirected to his OpenID provider where he logs in with his one OpenID account, and is finally redirected back to the original site, automatically logged in. One OpenID account lets you log in to any web site that supports OpenID logins.

OpenID Risks

There is always a risk to centralizing significant security information in one place: the place of centralization becomes an attractive target for attackers. Beyond that, there are some risks specific to OpenID given the current state of the Web:

  1. Users are required to place significant trust in their OpenID provider. An OpenID provider can trivially impersonate any of its users to any web site it chooses. In other words, it’s important to choose an OpenID provider you trust.
  2. When OpenID URLs are not protected by SSL, OpenID is vulnerable to various kinds of DNS attacks, which, as we know from recent developments in DNS security, are significantly more realistic than many realize.
  3. The OpenID protocol expects the relying party (i.e. the site to which the user is logging in) to redirect the user to her OpenID provider, when the relying party may not always be trustworthy. As a result, a number of security experts believe that OpenID increases the risk (and improves the efficacy) of phishing attacks against OpenID users. This is particularly relevant when the OpenID provider provides password-based authentication, which is the case for most OpenID providers. This can be mitigated by using a browser extension such as Verisign’s OpenID Seatbelt which takes you directly to your provider and providers a visual indication that the page you’re on is indeed the page where your password can be safely entered.
  4. An OpenID provider is involved in every act of authentication that its users perform. This has significant privacy implications, as the OpenID provider can easily determine its users’ Internet usage patterns. This private data might be leaked if a security breach occurs, or if the OpenID provider is subpoenaed for information.

Mitigating OpenID Risks

We believe that Creative Commons is well positioned to provide trustworthy OpenID functionality. That said, we only recommend that you use Creative Commons as an OpenID provider if you do indeed trust Creative Commons.

To address the remaining risks, Creative Commons has made the following design decisions in its implementation of OpenID:

As always, we welcome all comments, and we hope you’ll find Creative Commons’s support of OpenID a useful service!

Posted 05 December 2008

Tags