There are a number of protocols and standards designed to deliver mechanisms for enabling the identity attributes of users to be shared between different web sites. Identity technologies such as OAuth and OpenID are being adopted by small and large size organizations to share or consume user resources across the web. This presentation is a focuses study of some of these emerging user-centric Identity technologies and their key security implications. We will present scenarios of how insecure implementations of these protocols can be abused maliciously. We examine the characteristics of some of these attack vectors, with real-world examples, and focus on secure application implementation and countermeasures against attacks. The talk starts with an introduction to OAuth and OpenID which will set the foundation for the upcoming attack vectors and countermeasures. The majority of the presentation will be spent on attacks and remediation techniques. We will cover real-world examples of insecure implementations by presenting code snippets and design flaws. ?