login/register

Snip!t from collection of Alan Dix

see all channels for Alan Dix

Snip
summary

Zend_OpenId is a Zend Framework component that provides ...
What is OpenID?
OpenID is a set of protocols for user-centric digital id ...
For more information about OpenID visit the » OpenID of ...
... ing an additional direct request to the OpenID provi

Zend Framework: Documentation: Introduction - Zend Framework Manual
http://framework.zend.com/manual/en/zend.openid.introduction.html

Categories

/Channels/techie/openid

[ go to category ]

For Snip

loading snip actions ...

For Page

loading url actions ...

Zend_OpenId is a Zend Framework component that provides a simple API for building OpenID-enabled sites and identity providers.

What is OpenID?

OpenID is a set of protocols for user-centric digital identities. These protocols allows users to create an identity online, using an identity provider. This identity can be used on any site that supports OpenID. Using OpenID-enabled sites, users do not need to remember traditional authentication tokens such as usernames and passwords for each site. All OpenID-enabled sites accept a single OpenID identity. This identity is typically a URL. It may be the URL of the user's personal page, blog or other resource that may provide additional information about them. That mean a user needs just one identifier for all sites he or she uses. services. OpenID is an open, decentralized, and free user-centric solution. Users may choose which OpenID provider to use, or even create their own personal identity server. No central authority is required to approve or register OpenID-enabled sites or identity providers.

For more information about OpenID visit the » OpenID official site.

How Does it Work?

The purpose of the Zend_OpenId component is to implement the OpenID authentication protocol as described in the following sequence diagram:

zend.openid.protocol.jpg

  1. Authentication is initiated by the end user, who passes their OpenID identifier to the OpenID consumer through a User-Agent.

  2. The OpenID consumer performs normalization and discovery on the user-supplied identifier. Through this process, the consumer obtains the claimed identifier, the URL of the OpenID provider and an OpenID protocol version.

  3. The OpenID consumer establishes an optional association with the provider using Diffie-Hellman keys. As a result, both parties have a common "shared secret" that is used for signing and verification of the subsequent messages.

  4. The OpenID consumer redirects the User-Agent to the URL of the OpenID provider with an OpenID authentication request.

  5. The OpenID provider checks if the User-Agent is already authenticated and, if not, offers to do so.

  6. The end user enters the required password.

  7. The OpenID provider checks if it is allowed to pass the user identity to the given consumer, and asks the user if necessary.

  8. The user allows or disallows passing his identity.

  9. The OpenID Provider redirects the User-Agent back to the OpenID consumer with an "authentication approved" or "failed" request.

  10. The OpenID consumer verifies the information received from the provider by using the shared secret it got in step 3 or by sending an additional direct request to the OpenID provider.

HTML

<p class="para"><span class="classname">Zend_OpenId</span> is a Zend Framework component that provides a simple <acronym class="acronym">API</acronym> for building OpenID-enabled sites and identity providers. </p> <div class="section" id="zend.openid.introduction.what" name="zend.openid.introduction.what"><div class="info"><h1 class="title">What is OpenID?</h1></div> <p class="para"> OpenID is a set of protocols for user-centric digital identities. These protocols allows users to create an identity online, using an identity provider. This identity can be used on any site that supports OpenID. Using OpenID-enabled sites, users do not need to remember traditional authentication tokens such as usernames and passwords for each site. All OpenID-enabled sites accept a single OpenID identity. This identity is typically a <acronym class="acronym">URL</acronym>. It may be the <acronym class="acronym">URL</acronym> of the user's personal page, blog or other resource that may provide additional information about them. That mean a user needs just one identifier for all sites he or she uses. services. OpenID is an open, decentralized, and free user-centric solution. Users may choose which OpenID provider to use, or even create their own personal identity server. No central authority is required to approve or register OpenID-enabled sites or identity providers. </p> <p class="para"> For more information about OpenID visit the <a href="http://www.openid.net/" class="link external">&#xbb; OpenID official site</a>. </p> </div> <div class="section" id="zend.openid.introduction.how" name="zend.openid.introduction.how"><div class="info"><h1 class="title">How Does it Work?</h1></div> <p class="para"> The purpose of the <span class="classname">Zend_OpenId</span> component is to implement the OpenID authentication protocol as described in the following sequence diagram: </p> <p class="para"> </p><div class="inlinemediaobject"><div class="imageobject"><a href="/images/manual/d481d625821a97b9a5eb2cec99dca50e-zend.openid.protocol.jpg"><img src="/images/manual/d481d625821a97b9a5eb2cec99dca50e-zend.openid.protocol.jpg" alt="zend.openid.protocol.jpg" height="281" width="450"></a></div></div> <p></p> <ol type="1"> <li class="listitem"> <p class="para"> Authentication is initiated by the end user, who passes their OpenID identifier to the OpenID consumer through a User-Agent. </p> </li> <li class="listitem"> <p class="para"> The OpenID consumer performs normalization and discovery on the user-supplied identifier. Through this process, the consumer obtains the claimed identifier, the <acronym class="acronym">URL</acronym> of the OpenID provider and an OpenID protocol version. </p> </li> <li class="listitem"> <p class="para"> The OpenID consumer establishes an optional association with the provider using Diffie-Hellman keys. As a result, both parties have a common "shared secret" that is used for signing and verification of the subsequent messages. </p> </li> <li class="listitem"> <p class="para"> The OpenID consumer redirects the User-Agent to the <acronym class="acronym">URL</acronym> of the OpenID provider with an OpenID authentication request. </p> </li> <li class="listitem"> <p class="para"> The OpenID provider checks if the User-Agent is already authenticated and, if not, offers to do so. </p> </li> <li class="listitem"> <p class="para"> The end user enters the required password. </p> </li> <li class="listitem"> <p class="para"> The OpenID provider checks if it is allowed to pass the user identity to the given consumer, and asks the user if necessary. </p> </li> <li class="listitem"> <p class="para"> The user allows or disallows passing his identity. </p> </li> <li class="listitem"> <p class="para"> The OpenID Provider redirects the User-Agent back to the OpenID consumer with an "authentication approved" or "failed" request. </p> </li> <li class="listitem"> <p class="para"> The OpenID consumer verifies the information received from the provider by using the shared secret it got in step 3 or by sending an additional direct request to the OpenID provider. </p></li></ol></div>