<ul><li>Diwanshu Joshi </li></ul><ul><li>Manish Kutaula </li></ul><ul><li>Nivedita Garbiyal </li></ul>Group Members
<ul><li>OpenID is an open, decentralized user identification standard, allowing users to log onto many services with the same digital identity. </li></ul><ul><li>OpenID eliminates the need for multiple usernames across different websites, simplifying your online experience </li></ul><ul><li>You get to choose the OpenID Provider that best meets your needs and most importantly that you trust. At the same time, your OpenID can stay with you, no matter which Provider you move to. And best of all , the OpenID technology is not proprietary and is completely free. </li></ul><ul><li>For geeks, OpenID is an open, decentralized, free framework for user-centric digital identity. OpenID takes advantage of already existing internet technology (URL, HTTP, SSL) and realizes that people are already creating identities for themselves whether it be at their blog, photostream, profile page, etc. With OpenID you can easily transform one of these existing URLs into an account which can be used at sites which support OpenID logins. </li></ul>What is an OpenID?
<ul><li>Who Owns or Controls OpenID? </li></ul><ul><li>OpenID has arisen from the open source community to solve the problems that could not be easily solved by other existing technologies. </li></ul><ul><li>OpenID is a lightweight method of identifying individuals that uses the same technology framework that is used to identify websites. </li></ul><ul><li>As such, OpenID is not owned by anyone, nor should it be. Today, anyone can choose to be an OpenID user or an OpenID Provider for free without having to register or be approved by any organization. </li></ul>
How do I get an OpenID? You may already have one. If you use any of the following services, you already have your own OpenID: AOL - openid.aol.com/ graphicmist Blogger - graphicmist .blogspot.com Flickr - www.flickr.com/photos/ graphicmist LiveDoor - profile.livedoor.com/ graphicmist LiveJournal - graphicmist .livejournal.com SmugMug - graphicmist .smugmug.com Technorati - technorati.com/people/technorati/ graphicmist V ox - graphicmist .vox.com Yahoo - http://openid.yahoo.com WordPress.com - graphicmist .wordpress.com
<ul><li>The user visits a relying party web site (e.g. website.example.com) which displays an OpenID login form somewhere on their page. Unlike a typical login form with fields for the user name and password, the OpenID login form has only one field - for the OpenID identifier, typically along with a small OpenID logo: . This form is connected to an implementation of an OpenID client library. </li></ul><ul><li>A user typically will have previously registered an OpenID identifier (e.g. graphicmist.openid.example.org) with an OpenID identity provider (e.g. openid.example.org). The user types his OpenID identifier into the aforementioned OpenID login form. </li></ul><ul><li>The relying party web site typically transforms the OpenID identifier into a canonical URL form (e.g. http://graphicmist.openid.example.org/). </li></ul><ul><li>There are two modes in which the relying party can communicate with the identity provider: </li></ul><ul><li>1.checkid_immediate, in which the relying party requests that the provider not interact with the user. All communication is relayed through the user's browser without explicitly notifying the user </li></ul><ul><li>2.checkid_setup, in which the user communicates with the provider server directly using the same web browser used to access the relying party site. </li></ul>Logging in
<ul><li>Some observers have suggested that OpenID has security weaknesses and may prove vulnerable to phishing attacks. </li></ul><ul><li>For example, a malicious relying party may forward the end-user to a bogus identity provider authentication page asking that end-user to input their credentials. On completion of this, the malicious party (who in this case also control the bogus authentication page) could then have access to the end-user's account with the identity provider, and as such then use that end-user’s OpenID to log into other services. </li></ul><ul><li>In an attempt to combat possible phishing attacks some OpenID providers mandate that the end-user needs to be authenticated with them prior to an attempt to authenticate with the relying party. </li></ul>OpenID and Security
Why OpenID? Are you tired of creating a new account on every website you use? Do you avoid new websites because they come with yet another username and password? Do you paste stickies with password hints all over your computer monitor? If yes...
<ul><li>OpenID is an open technology standard that solves all of these problems. </li></ul><ul><li>The OpenID technology will allow you to use your OpenID URL to sign in to hundreds of websites! </li></ul><ul><li>And, what more, this list is growing every day... </li></ul>