Professional Documents
Culture Documents
OpenID Presentation
OpenID Presentation
But
Problem with traditional authentication
Each server requires unique credentials To end-user side, it means, each web site (apps) requires one credential.
The more website you are registering, the more credential information you need to memorize.
To developers, it is a burden for developing authentication schemes for each one of them.
3
Introduction of OpenID
OpenID is a service, framework, and protocol that is revolutionizing the realm of user authentication and identity services. Started in 2004 by Brad Fitzpatrick. It offers a distributed, reliable, and open way for web sites to authenticate their users and saves web developers from the need to write yet another piece of authentication code.
OpenID Awarness
According to: Independent study on OpenID awareness using Mechanical Turk, 2008
5
Identifier
The URL or XRI chosen by the end-user as their OpenID identifier.
Server or server-agent
The server that verifies the end-user's identifier. This may be the end-user's own server (such as their blog), or a server operated by an identity provider.
User-agent
The program (such as a browser) that the end-user is using to access an identity provider or a relying party.
Practice
Login to MIT tech review website. With OpenID Provider http://www.myopenid.com
10
Advantage of OpenID
For Business,
Lower cost of password and account management. Make users easier to come and join the online service.
For Users,
Open, decentralized, free, user-centric authentication mechanism.
For Developers,
Reutilization of existing technology (URL, HTTP, SSL etc.)
11
Criticism, Alternatives
Vulnerable to phishing attacks. For example zombie OP. Uncomfortable truth it is open source and free. Alternative recommendations for the specification. Aggressive Facebook Connect from the other side.
13
REFERENCES
Protocol specification Ver 2.0, http://www.openid.net Independent study on OpenID awareness using Mechanical Turk, 2008 OpenID and Rails: Authentication 2.0, 2008 Google offers limited support for OpenID , 2008
14