OpenID

Introduction

OpenID is an authentication protocol that allows a user to sign on to many sites without providing a password to the website. Many websites do not use SSL for user login, and thus usernames and passwords are sent unencrypted over the network. An example of an openid is "jane.smith.myopenid.com".

Recent concerns about phishing can be alleviated by using an information card instead of a password to sign on or register to the OpenID provider (e.g. http://myopenid.com) or by visually checking to make sure it is indeed the OpenID provider (OP) site.

Typing in an OpenID url can be used to register to websites, or if the user already has an account on a website which is OpenID enabled as a Relying Party (RP), the account can be linked to the OpenID url, so that the next time the user can just type in the OpenID url instead of the username and password to login to the site.

Workflow

- Create an OpenID account or login to the OpenID Provider (OP).
- Type in your OpenID url to any website that is a Relying Party (RP) to login or register.
- as long as you are not logged out of the OP site, it is just one step to login to any RP.

Terminology

- OpenID Provider (OP) or Identity Provider (IdP) or "homesite" or in Drupal 4.7 "OpenID server".
- Relying Party (RP) or "membersite" or in Drupal 4.7 "OpenID client".
- Simple Registration (SREG) pass eight commonly requested pieces of information upon registration; nickname, email, full name, date of birth, gender, country, language.

Drupal modules

In Drupal6 core included the openid module which when enabled, made the drupal site to be an OpenID Relying Party or 'OpenID client', the module also allowed for simple registration using just username and email, so that a drupal account can be automatically created, as long as the OP sends SREG.

Other modules: OpenID provider, OpenID attribute exchance, OpenID Url