01-08-2012, 12:30 PM
OpenID
openid.doc (Size: 290 KB / Downloads: 31)
The OpenID logo
OpenID is an open standard that describes how users can be authenticated in a decentralized manner, eliminating the need for services to provide their own ad hoc systems and allowing users to consolidate their digital identities.[1] Users may create accounts with their preferred OpenID identity providers, and then use those accounts as the basis for signing on to any website which accepts OpenID authentication. The OpenID standard provides a framework for the communication that must take place between the identity provider and the OpenID acceptor (the ‘relying party’).[2] An extension to the standard (the OpenID Attribute Exchange) facilitates the transfer of user attributes, such as name and gender, from the OpenID identity provider to the relying party (each relying party may request a different set of attributes, depending on its requirements).[3]
The OpenID protocol does not rely on a central authority to authenticate a user's identity. Moreover, neither services nor the OpenID standard may mandate a specific means by which to authenticate users, allowing for approaches ranging from the common (such as passwords) to the novel (such as smart cards or biometrics).
The term OpenID may also refer to an identifier as specified in the OpenID standard; these identifiers take the form of a unique URI, and are managed by some 'OpenID provider' that handles authentication.
Technical Overview
OpenID enables an End-user, the entity that wants to assert a particular identity, to communicate with a Relying party (RP), the site that wants to verify the end-user's identifier. Other terms for this party include "service provider" or the now obsolete "consumer". This communication is done through the exchange of an Identifier or OpenID, which is the URL or XRI chosen by the end-user to name the end-user's identity. An Identity provider or OpenID provider (OP) , which is a service that specializes in registering OpenID URLs or XRIs, provides the OpenID authentication (and possibly other identity services). The exchange is enabled by a User-agent, which is the program (such as a browser) used by the end-user to communicate with the relying party and OpenID.
History
This section is outdated. Please update this section to reflect recent events or newly available information. Please see the talk page for more information. (October 2009)
The original OpenID authentication protocol was developed in May 2005[33] by Brad Fitzpatrick, creator of popular community website LiveJournal, while working at Six Apart.[34] Initially referred to as Yadis (an acronym for "Yet another distributed identity system"),[35] it was named OpenID after the openid.net domain name was given to Six Apart to use for the project.[36] OpenID support was soon implemented on LiveJournal and fellow LiveJournal engine community DeadJournal for blog post comments and quickly gained attention in the digital identity community.[37][38] Web developer JanRain was an early supporter of OpenID, providing OpenID software libraries and expanding its business around OpenID-based services.
In late June, discussions started between OpenID users and developers from enterprise software company NetMesh, leading to collaboration on interoperability between OpenID and NetMesh's similar Light-Weight Identity (LID) protocol. The direct result of the collaboration was the Yadis discovery protocol, adopting the name originally used for OpenID. The new Yadis was announced on October 24, 2005.[39] After a discussion at the 2005 Internet Identity Workshop a few days later, XRI/i-names developers joined the Yadis project,[40] contributing their Extensible Resource Descriptor Sequence (XRDS) format for utilization in the protocol.