Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

OpenID Protocol Explained

9,111 views

Published on

A description about how the OpenID protocol works in about 7 minutes

Published in: Technology, Design
  • Be the first to comment

OpenID Protocol Explained

  1. 1. This is the person who desires to access a web site. Person has: Name: ID: This is the browser he is using to access the web. Alex http://alex.provider.com/ Browser (User-Agent) This address represents Alex This is site that the user really want to access. For this example he wants to access his bank called “Big Bank”. Desired Site (OpenID Consumer) (Relying Party) http://bigbank.com/ Identity Page OpenID Provider http://provider.com/ This is site that is going to prove that Alex is really Alex.
  2. 2. Me! Alex Allentown Browser (User-Agent) http://alex.provider.com/ Identity Page
  3. 3. I will log In ONCE UserName: aallen321 Password: ************** LOGIN Browser (User-Agent) http://alex.provider.com/ Identity Page OpenID Provider
  4. 4. OK! OK, You are logged in to the OpenID service. Browser (User-Agent) http://alex.provider.com/ Identity Page OpenID Provider
  5. 5. Need to access the bank. Big Bank Enter your OpenID: http://alex.provider.com LOGIN Browser (User-Agent) http://bigbank.com/ Desired Site (OpenID Consumer) (Relying Party) Identity Page OpenID Provider
  6. 6. I clicked “Login” Headers: openid.server = http://provider.com/a.cgi openid.delegate = http://provider.com/a.cgi Browser (User-Agent) http://bigbank.com/ Desired Site Identity Page (OpenID Consumer) (Relying Party) http://alex.provider.com/
  7. 7. I am waiting Parameters: openid.mode = checkid_setup openid.identity = http://alex.provider.com/ openid.return_to = http://bigbank.com/... Browser (User-Agent) Send redirect http://provider.com/a.cgi Desired Site (OpenID Consumer) (Relying Party) OpenID Provider
  8. 8. I am waiting Additional Parameters: openid.mode = id_res openid.identity = http://alex.provider.com/ openid.return_to = http://bigbank.com/... openid.signed = mode,identity,return_to openid.assoc_handle = XXXXX openid.sig = YYYYY Browser (User-Agent) http://bigbank.com/... Send redirect Desired Site (OpenID Consumer) (Relying Party) OpenID Provider
  9. 9. I am waiting Same parameters as request except openid.mode = check_authentication Response in body: is_valid:true Browser (User-Agent) Desired Site (OpenID Consumer) (Relying Party) OpenID Provider
  10. 10. OK! Now I can get things done. Big Bank You are logged in! What would you like to do? Browser (User-Agent) Finally … generate page for display Desired Site (OpenID Consumer) (Relying Party) Identity Page OpenID Provider

×