An Introduction to OpenID


Published on

A brief introduction to OpenID - A decentralised Single Sign On mechanism for the web.

Published in: Technology

An Introduction to OpenID

  1. 1. An Introduction
  2. 2. What is OpenID? OpenID is a decentralised Single Sign On system for the web. An Introduction
  3. 3. Why OpenID? Too many user names? Too many passwords? User name already taken? An Introduction
  4. 4. What is an OpenID? An OpenID is simply a URI, e.g. An Introduction
  5. 5. So what? You can claim ownership of a URI. The ability to prove ownership of a URI can facilitate authentication. An Introduction
  6. 6. How? You don’t authenticate to a site with credentials agreed on with that site. You authenticate with credentials agreed on with your ID Provider. An Introduction
  7. 7. This sounds familiar! It’s Similar to Microsoft Passport. It’s different in that Microsoft doesn’t have ownership – you do! An Introduction
  8. 8. This sounds familiar! It’s an open standard. The standard isn’t owned by any single organisation. You don’t have to seek Microsoft permission to implement it. An Introduction
  9. 9. Who has ownership? You do! You pick an Identity Provider. Or implement the server-side yourself! An Introduction
  10. 10. A brief demonstration An Introduction
  11. 11. How does sign-up fit in? Augments the sign-up process. Doesn’t provide information; authentication only. Still need CAPTCHAs. An Introduction
  12. 12. Where does sign-up fit? Simple Registration Extension provides lightweight exchange of profile information. Beyond the scope of this introduction. An Introduction
  13. 13. How does OpenID work? Link tag on OpenID page. <link rel=“openid.server” href= /> An Introduction
  14. 14. How does OpenID work? Relying party establishes a shared secret with Identity Provider using Diffie-Hellman key exchange. An Introduction
  15. 15. How does OpenID work? HTML at URI is parsed to discover Identity Provider. An Introduction
  16. 16. How does OpenID work? User is redirected to Identity Provider in order to authenticate. An Introduction
  17. 17. How does OpenID work? User is redirected back to relying party and shared secret is used to guard against spoofed requests. An Introduction
  18. 18. Can I use my own URI? Using delegation, you can use your own domain as your OpenID! An Introduction
  19. 19. Can I use my own URI? Put the following link tags in the head section of your domain index page: <link rel=“openid.server” href=“<id_server”> /> <link rel=“openid.delegate” href=“<delegate url>” /> An Introduction
  20. 20. Can I use my own URI? For example, until I implement my own server, I use: <link rel=“openid.server” href= /> <link rel=“openid.delegate” href= /> An Introduction
  21. 21. Can I change providers? What if I don’t trust my provider? You can simply delegate authority to a different provider! An Introduction
  22. 22. Further Reading… The Specifications: Wikipedia: Implementation Libraries: Jan Rain: An Introduction
  23. 23. Thank You! Max Manders [email_address] An Introduction