Scribd
Upload
528 views14 pages

Understanding OpenID Authentication

This document provides an overview of OpenID, an open standard authentication protocol that allows users to log into multiple websites using a single digital identity. It describes how traditional website authentication requires unique credentials for each site, posing problems for both users and developers. OpenID addresses these issues by allowing users to log in with an OpenID and have their identity verified by an OpenID provider. The document defines key OpenID terms and concepts and outlines the OpenID authentication process and flow. It discusses advantages of OpenID for users, businesses and developers and notes its growing adoption on the internet.

Uploaded by

Z. Wen
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
528 views14 pages

Understanding OpenID Authentication

This document provides an overview of OpenID, an open standard authentication protocol that allows users to log into multiple websites using a single digital identity. It describes how traditional website authentication requires unique credentials for each site, posing problems for both users and developers. OpenID addresses these issues by allowing users to log in with an OpenID and have their identity verified by an OpenID provider. The document defines key OpenID terms and concepts and outlines the OpenID authentication process and flow. It discusses advantages of OpenID for users, businesses and developers and notes its growing adoption on the internet.

Uploaded by

Z. Wen
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd

Authentication: OpenID

Zhezhu Wen
2008-12-04

1
A Traditional Authentication Scheme

2
But…
• Problem with traditional authentication
– Each server requires unique credentials

– To end-user side, it means, each web site


(apps) requires one credential.
• The more website you are registering, the more
credential information you need to memorize.
– To developers, it is a burden for developing
authentication schemes for each one of them.

3
Introduction of OpenID
• OpenID is a service, framework, and protocol
that is revolutionizing the realm of user
authentication and identity services.
• Started in 2004 by Brad Fitzpatrick.
• It offers a distributed, reliable, and open way
for web sites to authenticate their users and
saves web developers from the need to write
yet another piece of authentication code.

4
OpenID Awarness

According to: Independent study on OpenID


awareness using Mechanical Turk, 2008

5
Terminologies for OpenID
• End-user
– The person who wants to assert his or her identity
to a site.
• Identifier
– The URL or XRI chosen by the end-user as their
OpenID identifier.
• OpenID provider (OP)
– A service provider offering the service of
registering OpenID URLs or XRIs and providing
OpenID authentication (and possibly other
identity services).

6
Terminologies for OpenID (contd.)
• Relying party
– The site that wants to verify the end-user's identifier.
Sometimes also called a "service provider".
• Server or server-agent
– The server that verifies the end-user's identifier. This
may be the end-user's own server (such as their blog),
or a server operated by an identity provider.
• User-agent
– The program (such as a browser) that the end-user is
using to access an identity provider or a relying party.

7
The OpenID Authentication Scheme

8
The OpenID Authentication Flow

9
Practice
• Login to MIT tech review website.
• With OpenID Provider
[Link]

10
Advantage of OpenID
• For Business,
– Lower cost of password and account
management.
– Make users easier to come and join the online
service.
• For Users,
– Open, decentralized, free, user-centric
authentication mechanism.
• For Developers,
– Reutilization of existing technology (URL, HTTP,
SSL etc.)

11
Current & Future
• OpenID Foundation was formed to assist
the model’s needed infrastructure and
general helping. (corporate members and
community members)
• As of November 2008, there are over 500
million OpenIDs on the Internet.
• Approximately 27,000 sites have
integrated OpenID consumer support.

12
Criticism, Alternatives
• Vulnerable to phishing attacks. For
example… zombie OP.
• Uncomfortable truth – it is open source
and free.
• Alternative recommendations for the
specification.
• Aggressive Facebook Connect from the
other side.

13
REFERENCES
• Protocol specification Ver 2.0, [Link]
• Independent study on OpenID awareness using Mechanical
Turk, 2008
• OpenID and Rails: Authentication 2.0, 2008
• Google offers limited support for OpenID , 2008

• Click the name of articles for originals.

14

You might also like