Cover by Savas Parastatidis, Jim Webber, Ian Robinson

Safari, the world’s most comprehensive technology and business learning platform.

Find the exact information you need to solve a problem on the fly, or go deeper to master the technologies and skills you need to succeed

Start Free Trial

No credit card required

O'Reilly logo

Identity and the OpenID Protocol

HTTPS provides the foundations of secure computing on the Web. But security doesn’t stop at the transport layer. Having looked at how HTTPS provides confidentiality and integrity, we can now begin to address higher-order challenges, starting with identity.

Both HTTP authentication and HTTPS (with client-side certificates) can be used to identify consumers, but they do so in a way that places the burden of identity management on the service itself. Keeping track of consumers is a hard problem, but it shouldn’t be our problem as business service providers. Instead, we’d like to delegate identity management to services that know how to do identity management well.

One solution to this problem is to decentralize identity management. OpenID is a protocol that allows consumers to present claims about their identity to services such as Restbucks, where an identity provider trusted by Restbucks has authenticated those claims.

Note

OpenID doesn’t solve trust. A service may accept the identity claims presented by a consumer, but only because it trusts the provider through some out-of-band mechanism. This doesn’t, however, mean the consumer is automatically entitled to interact with all aspects of the service.

OpenID allows a service or relying party to delegate the responsibility for storing consumer credentials to one or more OpenID providers. The providers are responsible for checking OpenID consumers’ credentials and informing the relying party if an identity ...

Find the exact information you need to solve a problem on the fly, or go deeper to master the technologies and skills you need to succeed

Start Free Trial

No credit card required