What You’ll Learn
- What it is
- What Single Sign-on is
- Terminology
- How it works
- Pros
- Cons
- Security
Stuff that Wouldn’t Fit on the Last Page
- Other Systems
- Identity Providers (i-broker)
- Intergration
- Conclusion
What is it?
Decentralised single sign-on identity authentication and management system.
Single Sign-on, WTF?
Single Sign-on = One Set of Credentials, for everything.
Terminology
- consumer — An obsolete term for “relying party”.
- identifier — The URL or XRI used to identify someone.
- identity provider — Provides the OpenID authentication system.
- relying party — The site that wants to verify the end user’s identifier.
How it works?
- User is presented with OpenID login form by the Consumer
- User responds with the URL that represents their OpenID
- Consumer canonicalises the OpenID URL and uses the canonical version to request (GET) a document from the Identity Server.
- Identity Server returns the HTML document named by the OpenID URL
How it works?
- Consumer inspects the HTML document header for <link/> tags with the attribute rel set to an openid server and, optionally, an openid delegate. The Consumer uses the values in these tags to construct a URL with mode checkid_setup for the Identity Server and redirects the User Agent. This checkid_setup URL encodes, among other things, a URL to return to in case of success and one to return to in the case of failure or cancellation of the request
- The OpenID Server returns a login screen.
- User sends (POST) a login ID and password to OpenID Server.
- OpenID Server returns a trust form asking the User if they want to trust Consumer (identified by URL) with their Identity
How it works?
- User POSTs response to OpenID Server.
- User is redirected to either the success URL or the failure URL returned in (5) depending on the User response
- Consumer returns appropriate page to User depending on the action encoded in the URL in (10)