OpenID


Also found in: Dictionary, Thesaurus, Medical, Legal, Financial, Wikipedia.

OpenID

An identity system for the Web that lets people use a single username and password to log in and authenticate themselves to OpenID-compliant websites. OpenID is a free system that is distributed across the Internet and maintained by numerous organizations, including major sites such as AOL and Yahoo.

OpenID is also supported in the emerging identity metasystem and can be one of many ID card choices displayed in the card selector's window (see identity metasystem).

Whom Do You Trust?
A major feature of OpenID is that users can decide which OpenID identity provider they trust the most to authenticate them. In fact, users can also become their own identity provider.

The Relying Party Queries the Identity Provider
A website that accepts OpenID is known as a "relying party," because it relies on an OpenID identity provider (IdP) for authentication. The OpenID username, called an "OpenID identifier," can be the URL of the provider with username appended, or it can be an XRI i-name if the relying party accepts it. I-names are human-friendly names, such as "=john.doe," that are linked to the OpenID provider, just like domain names are resolved by the DNS system into actual IP addresses on the Internet (see i-name).

When a user logs into an OpenID website, the script in the Web page redirects the browser to the identity provider. Using a password or other method, the identity provider attempts to authenticate the user and informs the website of its success or failure. For more information, visit www.openid.net. See single sign-on and identity metasystem.


An OpenID Authentication
This is a simplified example of the OpenID authentication sequence. What is not shown is that right after a user logs in, the relying party and identity provider typically share secret keys so that subsequent transactions are more secure.







Hacker-Proof OpenID
Instead of using a password that can be stolen, the myVidoop OpenID system (www.myvidoop.com) uses a different one each time. When creating a myVidoop account, users choose topics, and for authentication, myVidoop displays those topics in random order. In this example, if the topics were computers, money and cars, the password would be X-H-K for this session only. The next time, images and order will change.
References in periodicals archive ?
The company also developed Authlete, a cloud-based service that supports the Web API authorization process based on OpenID Connect, a framework on top of OAuth 2.
You may already have an OpenID and not even know it.
OpenID Connect Protocol Support: Enables support for modern web and mobile applications using this next-generation identity protocol based on OAuth 2.
OpenID enables users to choose their preferable identity providers in order to create accounts.
By design, OpenID was created to maximize convenience and security for all Internet and cloud users by allowing them to keep a single set of credentials that will log them into all services.
Beginning with a discussion of the fundamentals of Internet identity including identifying stakeholders in the process, issuing authorities, control methods, usage and maintenance and revocation of identities, the work continues with outlines of common technologies and processes such as public and private key encryption, proxy certificate and Kerberos, and individual examinations of many of the specific standards and identity system in use today, including Web SSO, Liberty Identity and OpenID.
Dr Mark Parrish, Microsoft Director, Health Solutions Group (Asia and Middle East), said access to the authorised account is secure through a Windows Live ID or a limited set of OpenID providers.
WSO2 Identity Server provides authentication and identity management using electronic IDs based on OpenID and Information Cards based on Microsoft CardSpace technology standards.
lt;p>The release of the identity framework puts Microsoft ahead of all of the other cloud-based solution providers (many of whom are still struggling to attempt to adapt OpenID, with its security problems, to their cloud scenarios).
SAP will now serve as an OpenID provider, which will enable easier access to the large network of partners and other resources offered by the SAP community network.
Now, however, there's some momentum behind a system called OpenID that just might make programs like LastPass and Roboform unnecessary.
Microsoft has finally implemented the OpenID authentication platform allowing for OpenID logins on its HealthVault medical site.