What is OpenID ??

  1. In order to get an OpenID, end-user should register himself in an OpenID provider. User needs to proves his identity in the relying party . So user should enter his OpenID when the relying party asks to enter. Any websites can accept OpenID to sign in their websites.
  • Example of an OpenID: htttp://piraveena.openid.com
  • Authentication can be established in OpenID since each user can be identified using an OpenID.
  • So OpenID is decentralized. It is not owned by anyone. User can create an account at a OpenID provider and he needs to provides his credentials in each website when he logins.
sign in using openID- image source: slideshare
  • The secret between Relying party and OpenID provider is exchanged using Diffie- Hellman exchange .
  • User wants to access his account on example.com
  • example.com (Relying Party) asks the user for his OpenID
  • User enters his OpenID
  • example.com redirects the user to Google (OpenID provider)
  • User authenticates himself to the OpenID provider
  • OpenID provider redirects the user back to example.com
  • example.com allows the user to access his account
  • User wants to access his account on example.com
  • User is redirected to his Google (Identity Provider)
  • User authenticated himself to Google.
  • Identity Provider redirects the user back to example.com
  • example.com allows the user to access his account,

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Piraveena Paralogarajah

Piraveena Paralogarajah

248 Followers

Software Engineer @WSO2, CSE Undergraduate @ University of Moratuwa, Former Software Engineering Intern @ WSO2