• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
OpenID Protocol Explained
 

OpenID Protocol Explained

on

  • 5,768 views

A description about how the OpenID protocol works in about 7 minutes

A description about how the OpenID protocol works in about 7 minutes

Statistics

Views

Total Views
5,768
Views on SlideShare
5,768
Embed Views
0

Actions

Likes
0
Downloads
13
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    OpenID Protocol Explained OpenID Protocol Explained Presentation Transcript

    • This is the person who desires to access a web site. Person has: Name: ID: This is the browser he is using to access the web. Alex http://alex.provider.com/ Browser (User-Agent) This address represents Alex This is site that the user really want to access. For this example he wants to access his bank called “Big Bank”. Desired Site (OpenID Consumer) (Relying Party) http://bigbank.com/ Identity Page OpenID Provider http://provider.com/ This is site that is going to prove that Alex is really Alex.
    • Me! Alex Allentown Browser (User-Agent) http://alex.provider.com/ Identity Page
    • I will log In ONCE UserName: aallen321 Password: ************** LOGIN Browser (User-Agent) http://alex.provider.com/ Identity Page OpenID Provider
    • OK! OK, You are logged in to the OpenID service. Browser (User-Agent) http://alex.provider.com/ Identity Page OpenID Provider
    • Need to access the bank. Big Bank Enter your OpenID: http://alex.provider.com LOGIN Browser (User-Agent) http://bigbank.com/ Desired Site (OpenID Consumer) (Relying Party) Identity Page OpenID Provider
    • I clicked “Login” Headers: openid.server = http://provider.com/a.cgi openid.delegate = http://provider.com/a.cgi Browser (User-Agent) http://bigbank.com/ Desired Site Identity Page (OpenID Consumer) (Relying Party) http://alex.provider.com/
    • I am waiting Parameters: openid.mode = checkid_setup openid.identity = http://alex.provider.com/ openid.return_to = http://bigbank.com/... Browser (User-Agent) Send redirect http://provider.com/a.cgi Desired Site (OpenID Consumer) (Relying Party) OpenID Provider
    • I am waiting Additional Parameters: openid.mode = id_res openid.identity = http://alex.provider.com/ openid.return_to = http://bigbank.com/... openid.signed = mode,identity,return_to openid.assoc_handle = XXXXX openid.sig = YYYYY Browser (User-Agent) http://bigbank.com/... Send redirect Desired Site (OpenID Consumer) (Relying Party) OpenID Provider
    • I am waiting Same parameters as request except openid.mode = check_authentication Response in body: is_valid:true Browser (User-Agent) Desired Site (OpenID Consumer) (Relying Party) OpenID Provider
    • OK! Now I can get things done. Big Bank You are logged in! What would you like to do? Browser (User-Agent) Finally … generate page for display Desired Site (OpenID Consumer) (Relying Party) Identity Page OpenID Provider