OpenID is an URL based Identity Management protocol. Key ideas are to enable a decentralized and open source based solution for Identity Management. Open source because of security aspects. Everyone can review the reference implementations. An OpenID-URL can be used to log on other websites (OpenID-Consumers). Account data will be took just once on OpenID server.
Below I listed the basic steps of OpenID-protocol handling (simplest way):
Precondition:
- No shared-key exchange.
1. Request target website.
2. User puts his OpenID URL in login formular on website.
Example: http://rafaelsobek.developers-blog.org
3. Website reads the OpenID provider URL.
Example:
4. Target website checks assertion status of user (checkid_setup or checkid_immediate message).
5. Is user already logged on OpenID-Server (id_res or cancel message).
If not he has to. Target website verify response.
6. If the user is authentificated, the target website will open
a direct connection to the OpenID Server, checks assertion of OpenID provider
and gets users data (check_authentication message).
7. After that the user will be redirected to the welcome page.
Java based OpenID consumer and provider solutions:
OpenId4Java (Consumer)
OpenIdServer (Provider)
Regards
Rafael Sobek
Nice flow diagram!
Once readers understand how OpenID works, here's a blog post that I wrote which tells them how they can get started:
What is OpenID and how can I use it?