Skip main navigation

OpenID

In this video, you will learn about OpenID, which is formally known as OpenID Foundation.
7
So this group is now known as the OpenID Foundation, and OpenID connect version 1 is an identity layer on top of open authorization version 2. So this enables clients to verify the identity of an end user based on the authentication performed by an authorization server, as well as allowing the basic profile information about the end user to be provided as well. Typically, with these kind of services, we’re looking at JSON REST type technologies, where we’re passing structured data via HTTP requests, backwards and forwards. So we have OpenID, again, as we’ve said with the others, is an open standard. It deals with authentication, and because it’s built on open authorization, it also handles the authorization as well.
54.6
So this supports additional values that allow the authentication to take place. And as at 2018, we have one billion plus enabled accounts. Sorry, 2016, one billion plus enabled accounts. So OpenID Connect is currently in version 3, as of 2014, and the components we have within OpenID Connect include the relying party, which is the application, the user, we then have the IDP, which is the OpenID provider, shortened to the OP, we have the uniform resource identifier, the URI, which is kind of like our URL, this is the link to the service, and JSON REST, so we’re using those JSON REST requests. Let’s take a look then at the OpenID process.
106.8
It is similar to the SAML and also to open authorization, but again, it is subtly different. This is closest to open authorization. So it’s slightly closer to open authorization than SAML. So we have the user who opens the app, and the app here is the relying party, it is relying on other parties for the service. The relying party passes the request to the OpenID provider. The user completes the log on and the OP redirects the user back to the relying party, with a one time code. The relying party then sends that one time code to the token end point, and the token end point grants an access token back to the relying party.
155
So the relying party then sends the request for additional details, such as profile information, your profile picture, your email address, back to the user information end point, and the user information end point sends back the user information profile.

In this video, you will learn about OpenID, which is formally known as OpenID Foundation. You will learn what OpenID does, how it is used, and the processes that occur with using it.

OpenID is an open standard and is an authentication protocol that can also handle authorization. It is currently in version 3 (since 2014) and contains specified components that include:

  • relying parties (RP) – the application
  • the user
  • OpenID provider (IdP)
  • Uniform Resource Identifier (URI)
  • JSON/REST

Reflect and share: Now that you have learned about some specialized technology used in the IdAM context, you know there are various options to choose from, which will largely depend on your context and its resources. If you are using any of these technologies mentioned so far, what are some of the benefits and challenges you have experienced? If you are not using any of these, which would you want to select and why?

This article is from the free online

Cyber Security Foundations: Reinforcing Identity and Access Management

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education