OpenID: Difference between revisions
m (using an external editor) |
|||
Line 14: | Line 14: | ||
([http://en.wikipedia.org/wiki/OpenID OpenID] (Wikipedia, retrieved 19:27, 21 August 2008 (UTC)) | ([http://en.wikipedia.org/wiki/OpenID OpenID] (Wikipedia, retrieved 19:27, 21 August 2008 (UTC)) | ||
}} | }} | ||
Authentication is the process of attempting to verify the digital identity of the sender of a communication such as a request to log in. This process engages identifiers and several players. In the OpenID framework, one can according to the [http://openid.net/specs/openid-authentication-2_0.html#terminology specification], distinguish: | |||
* The identifier of a user: a "http" or "https" [[URI]] | |||
* The relying party: A Web application that wants proof that the end user controls an Identifier. (User provides a website with an OpenID URL like ''http://XYZ@myopenid.com''). | |||
* OpenID Provider ('''OP'''): An OpenID Authentication server on which a Relying Party relies for an assertion that the end user controls an Identifier. This provider has | |||
** an ''OP identifier'' (e.g. ''http://myopenid.com'') | |||
** a OP Endpoint URL: accepts OpenID Authentication protocol messages. | |||
In simplified terms: The end user presents an identifier to the relying party. The Relying party then discovers an OP Endpoint URL from the identifier URL and both the relying party and the OP create a cypted channel for message exchange. Next, the end user is re-directed to the OP for verification of the authentication request. The OP then tells the relying party if the authentication is approved are rejected. | |||
This workflow can be represented by the following figure: | |||
[[image:openid-interaction-rob-richards.jpg|thumb|800px|OpenID interaction, Source: [http://cdatazone.org/talks/zendcon_2009/Digital_Identity.pdf Rob Richards]] | |||
== How to get an OpenID == | == How to get an OpenID == |
Revision as of 21:12, 23 February 2010
Definition
OpenID is probably the most popular light-weight digital identity system. It also may support single sign-on (SSO) for some Internet applications that combine services, e.g. a webtop that provide an interface to social software applications. It is the answer to "can't remember my login and password" for all those web sites, for which you never should use the same id + password...
“OpenID is a shared identity service, which allows Internet users to log on to many different web sites using a single digital identity, eliminating the need for a different user name and password for each site. OpenID is a decentralized, free and open standard that lets users control the amount of personal information they provide.”(OpenID (Wikipedia, retrieved 19:27, 21 August 2008 (UTC))
The system
An OpenID is in the form of a URL. This URL can be the domain name of your own website, or the URL of an OpenID Identity Provider. When you log in with an OpenID, you have to log in to the Identity Provider for validation.
Using OpenID-enabled sites, web users do not need to remember traditional items of identity such as username and password. Instead, they only need to be registered with any OpenID "identity provider" (IdP). Since OpenID is decentralized, any website can use OpenID as a way for users to sign in; OpenID does not require a centralized authority to confirm a user's digital identity.
(OpenID (Wikipedia, retrieved 19:27, 21 August 2008 (UTC))Authentication is the process of attempting to verify the digital identity of the sender of a communication such as a request to log in. This process engages identifiers and several players. In the OpenID framework, one can according to the specification, distinguish:
- The identifier of a user: a "http" or "https" URI
- The relying party: A Web application that wants proof that the end user controls an Identifier. (User provides a website with an OpenID URL like http://XYZ@myopenid.com).
- OpenID Provider (OP): An OpenID Authentication server on which a Relying Party relies for an assertion that the end user controls an Identifier. This provider has
- an OP identifier (e.g. http://myopenid.com)
- a OP Endpoint URL: accepts OpenID Authentication protocol messages.
In simplified terms: The end user presents an identifier to the relying party. The Relying party then discovers an OP Endpoint URL from the identifier URL and both the relying party and the OP create a cypted channel for message exchange. Next, the end user is re-directed to the OP for verification of the authentication request. The OP then tells the relying party if the authentication is approved are rejected.
This workflow can be represented by the following figure:
How to get an OpenID
See How do I get an OpenID? or Wikipedia.
Basically you either get an account with some web sites and services that already provide OpenIDs, e.g. Blogger, Yahoo or Flicker or there exist providers that just provide the ID. If you prefer to get a ID from a service that juste provides IDs, a good bet is probably MyOpenID.com (but I am not an expert - Daniel K. Schneider 20 March 2009).
A more recent solution availiable since summer 2009, is to create a Creative Commons Profile. They give you a badge you can place on pages you create identifying you as a member of the Creative Commons Network. This badge not only gives visible notice that you support Free Culture, but allows to help identify you on license deeds. This service costs $50 and supports the open content license creating Creative Commons Organization.
- Example: https://creativecommons.net/DKS/
Making your own for your organization or students is another option:
- phpMyID can help you make just your own. Some php knowledge is required.
- Also read OpenID for non-SuperUsers that will show you how to use an id that will point to your owned favorite web site (e.g. a blog).
- If you have an LDAP server, you can use this technology, e.g. by using OpenID-LDAP. That's the kind of solution DKS thinks is best for many academic institutions.
- Finally, there exist a bunch of open source libraries for developers.
In education
Since all sorts of web 2.0 and social software applications are increasingly popular in education (see the list of web 2.0 applications), students have a real problem managing their logins on the Internet. It also is good a idea to support single sign-on when ever possible.
OpenID seems to be currently (2008) the best solution. OpenID directories list an ever increasing amount of OpenID enabled web sites:
Also, some applications already implicitly provide users with an OpenID, e.g. Blogger, Yahoo or Flicker.
Note: OpenID is not meant to be used for local logins, but you may combine local single-sign on with LDAP and OpenID for Internet logins.