tags:

views:

693

answers:

5
+11  Q: 

How is OpenID implemented?

How would you design and implement OpenID components?

(Was "How does OpenId work")

I realize this question is somewhat of a duplicate, and yes, I have read the spec and the wikipedia article.

After reading the materials mentioned above, I still don't have a complete picture in my head of how each step in the process is handled. Maybe what's missing is a good workflow diagram for how an implementation of OpenID works.

I'm considering incorporating OpenID into one of my applications to accomodate a B2B single-sign-on scenario, and I will probably go with DotNetOpenID instead of trying to implement it myself, but I still want a better grasp of the particulars before I get started.

Can anyone recommend books or websites that do a good job of explaining it all? It wouldn't hurt to have an answer that covers the basics here on this site as well.

[Edit]

I changed the title to be more implementation-specific, since there are obviously plenty of places to get the ten-thousand-foot view.

+2  A: 

Check out Security Now podcast, episode 95. (Actually audio)

Craig  2008-09-23 20:39:19
+1  A: 

Jeff has a great article on OpenID where he shares his experiences:

OpenID: Does The World Really Need Yet Another Username and Password?

There are some links to tutorials on the official OpenID site:

http://openid.net/developers/

You can get a nice login-control for OpenID (which also is used here on stackoverflow) here:

http://www.idselector.com/

Seb Nilsson  2008-09-23 20:45:17
I read that, and it's a good high level overview, but I guess I'm looking for one level below that. I might change the name of the question to "how would you implement OpenId" or "how does an openid implementation work?".
Eric Z Beard  2008-09-23 20:50:47
+1  A: 

Also related:

The super-famous talk by Dick Hardt on Identity 2.0, I suppose almost everyone has watched it, but if you haven't it is a must see.

It is more about the reasoning of the need of things like Open ID and not necessarily about their implementation, though.

Sergio Acosta  2008-09-23 20:53:59
+3  A: 

This page has a nice flow diagram.

I found this link on the OpenID Wiki, you might want to check there for more resources.

8jean  2008-09-23 21:21:37
Steps 12-13, 18, and 19 are not fully disclosed.
MiffTheFox  2009-11-19 04:24:27
+3  A: 

I recommend Joseph Smarr's Recipe for OpenID-Enabling Your Site.

I haven't read the DotNetOpenID docs, but I would hope whatever implementation you choose would also have some overview documentation and/or examples to illustrate usage of the API.

keturn  2008-09-23 21:50:56

related questions

how to get login credentials by openId?
OpenID Migration
PHP Tutorial for OpenId and OAuth
OpenID login workflow?
OpenID support for Ruby on Rails application
Using OpenID for both .NET/Windows and PHP/Linux/Apache web sites
What is the benefit of using ONLY OpenID authentication on a site?
Problems with migrating Cardspace cards between computers
secure way to authenticate administrator in ASP.NET site using OpenID with DotNetOpenID
How do I enable open id on a Java Webapp?
What would it take to make OpenID mainstream?
What's the best .NET library for OpenID and ASP.NET MVC?
Useful browser plugins for openid authentication?
How do I implement an OpenID server in Rails?
How do I implement OpenID in my web application?
Why is HTML form redirection used in OpenID 2?
How do you set up an OpenID provider (server) in Ubuntu?
OpenID as a Single Sign On option??
Should my website abandon username/password authentication in favor of OpenID?
OpenID authentication in ASP.NET?
Open ID - What happens when you decide you don't like your existing provider?
OpenID authentication in Ruby on Rails
OpenID Attribute Exchange - should I use it?
OpenID: which provider should I recommend to my users?
How do I use more than one OpenID?