How is OpenID implemented?

Question

How would you design and implement OpenID components?

(Was "How does OpenId work")

I realize this question is somewhat of a duplicate, and yes, I have read the spec and the wikipedia article.

After reading the materials mentioned above, I still don't have a complete picture in my head of how each step in the process is handled. Maybe what's missing is a good workflow diagram for how an implementation of OpenID works.

I'm considering incorporating OpenID into one of my applications to accomodate a B2B single-sign-on scenario, and I will probably go with DotNetOpenID instead of trying to implement it myself, but I still want a better grasp of the particulars before I get started.

Can anyone recommend books or websites that do a good job of explaining it all? It wouldn't hurt to have an answer that covers the basics here on this site as well.

[Edit]

I changed the title to be more implementation-specific, since there are obviously plenty of places to get the ten-thousand-foot view.

Sorry but i've had posts explaining Vista's disk usage deleted for not being programing. — Brian Leahy, Sep 23 '08 at 20:50
perhaps it should be "how is OpenID implemented in language x or on platofrm y" ? — Richard, Sep 24 '08 at 12:10

score 4 · Answer 1 · edited Dec 19 '12 at 10:54

4

This page has a nice flow diagram.

I found this link on the OpenID Wiki, you might want to check there for more resources.

edited Dec 19 '12 at 10:54

karthzDIGI

393
1
4
15

answered Sep 23 '08 at 21:21

8jean

8,872
2
22
13

Steps 12-13, 18, and 19 are not fully disclosed. – MiffTheFox Nov 19 '09 at 04:24

score 3 · Answer 2 · answered Sep 23 '08 at 21:50

3

I recommend Joseph Smarr's Recipe for OpenID-Enabling Your Site.

I haven't read the DotNetOpenID docs, but I would hope whatever implementation you choose would also have some overview documentation and/or examples to illustrate usage of the API.

answered Sep 23 '08 at 21:50

keturn

4,780
3
29
40

score 2 · Answer 3 · answered Sep 23 '08 at 20:39

2

Check out Security Now podcast, episode 95. (Actually audio)

answered Sep 23 '08 at 20:39

Craig

11,614
13
44
62

Seb Nilsson · Answer 4 · 2008-09-24T12:02:30.503

1

Jeff has a great article on OpenID where he shares his experiences:

OpenID: Does The World Really Need Yet Another Username and Password?

There are some links to tutorials on the official OpenID site:

http://openid.net/developers/

You can get a nice login-control for OpenID (which also is used here on stackoverflow) here:

http://www.idselector.com/

edited Sep 24 '08 at 12:02

answered Sep 23 '08 at 20:45

Seb Nilsson

26,200
30
103
130

I read that, and it's a good high level overview, but I guess I'm looking for one level below that. I might change the name of the question to "how would you implement OpenId" or "how does an openid implementation work?". – Eric Z Beard Sep 23 '08 at 20:50

score 1 · Answer 5 · answered Sep 23 '08 at 20:53

Also related:

The super-famous talk by Dick Hardt on Identity 2.0, I suppose almost everyone has watched it, but if you haven't it is a must see.

It is more about the reasoning of the need of things like Open ID and not necessarily about their implementation, though.

How is OpenID implemented?

5 Answers5

Linked