OpenID


Also found in: Dictionary, Thesaurus, Medical, Legal, Financial, Wikipedia.

OpenID

An identity system for the Web that lets people use a single username and password to log in and authenticate themselves to OpenID-compliant websites. OpenID is a free system that is distributed across the Internet and maintained by numerous organizations, including major sites such as AOL and Yahoo!.

OpenID is also supported in the emerging identity metasystem and can be one of many ID card choices displayed in the card selector's window (see identity metasystem).

Whom Do You Trust?
A major feature of OpenID is that users can decide which OpenID identity provider they trust the most to authenticate them. In fact, users can also become their own identity provider.

The Relying Party Queries the Identity Provider
A website that accepts OpenID is known as a "relying party," because it relies on an OpenID identity provider (IdP) for authentication. The OpenID username, called an "OpenID identifier," can be the URL of the provider with username appended, or it can be an XRI i-name if the relying party accepts it. I-names are human-friendly names, such as "=john.doe," that are linked to the OpenID provider, just like domain names are resolved by the DNS system into actual IP addresses on the Internet (see i-name).

When a user logs into an OpenID website, the script in the Web page redirects the browser to the identity provider. Using a password or other method, the identity provider attempts to authenticate the user and informs the website of its success or failure. For more information, visit www.openid.net. See single sign-on and identity metasystem.


An OpenID Authentication
This is a simplified example of the OpenID authentication sequence. What is not shown is that right after a user logs in, the relying party and identity provider typically share secret keys so that subsequent transactions are more secure.







Hacker-Proof OpenID
Instead of using a password that can be stolen, the myVidoop OpenID system (www.myvidoop.com) uses a different one each time. When creating a myVidoop account, users choose topics, and for authentication, myVidoop displays those topics in random order. In this example, if the topics were computers, money and cars, the password would be X-H-K for this session only. The next time, images and order will change.
References in periodicals archive ?
The OIDF noted that Apple did well by adopting OpenID Connect, a standardized method of logging onto third-party applications.
The advantages include speed of provisioning, support of new standards such as OAuth 2.0, OpenID Connect and SCIM, high level of self-service, and valuable insight on the data as well as automated tools to clean up unnecessary or inappropriate data, notably with regard to governance and regulatory constraints."
The company also developed Authlete, a cloud-based service that supports the Web API authorization process based on OpenID Connect, a framework on top of OAuth 2.0 in which a third-party application can obtain a user's identity information managed by a service.
Based on the OpenID framework, the authentication is accomplished by third-party providers, such as Google accounts and Microsoft accounts service.
To avoid the duplication of profiles, OpenID protocol has provided SSO services to its users.
OpenID is an open protocol, which depends on session cookies as verification mechanism[16].
Alvaro Hoyos (OneLogin's chief information security officer) says that "IT teams face a perfect storm of challenges related to password security." He describes three challenges they're coming up against: the lack of an identity and access management (IAM) system for enforcing password policies (such as a minimum length) across applications, no support for authentication standards for exchanging data (such as SAML or OpenID Connect) that would "remove the burden of passwords from the login workflow and enable Single Sign On," and the rise of Shadow IT (applications used by employees that the IT department doesn't know about).
"In-game items, Steam trading, and OpenID have substantial benefits for Steam customers and Steam game-making partners." Id.
For example, the Nuxeo Platform supports a full array of authentication protocols and providers, including login/password, oAuth, SAML2, OpenID, LDAP/AD, Shibboleth and advanced two-factor authentication (2FA).
It has been configured for external identity providers including Azure Active Directory (using the OpenID protocol) and Okta (using SAML), the sole leader in the 2015 Gartner Magic Quadrant for Identity-as-a-Service (IDaaS), and more can easily be added, such as those using
--Caracter abierto: debe utilizar herramientas y servicios basados en estandares abiertos (por ejemplo rss, OpenID, OAuth, OpenSocial) para garantizar la interoperabilidad y la comunicacion con otros servicios.