问题描述
我有点想知道 OpenID 身份验证的工作原理.
OpenID 身份验证和网站专门为自己使用的身份验证有什么区别吗?
什么是 OpenID?
OpenID 是一个开放、去中心化、免费的框架,用于以用户为中心的数字身份.OpenID 利用现有的互联网技术(URI、HTTP、SSL、Diffie-Hellman)并意识到人们已经在为自己创建身份,无论是在他们的博客、照片流、个人资料页面等.使用 OpenID,您可以轻松地转换身份将这些现有 URI 合并到一个帐户中,该帐户可在支持 OpenID 登录的站点上使用.
OpenID 和传统认证形式的区别?
不同之处在于身份识别将分散到外部站点(例如 Wordpress、雅虎...).网站会知道识别是否正常并让您登录.传统的网站认证会与私人数据库中的数据进行比较,因此您的用户名和密码只能用于登录本网站.借助 OpenID,您可以在多个网站上使用相同的凭据.
它是如何工作的?
步骤
- 用户连接到启用了 OpenID 的网站.
- 用户输入凭据信息.
- POST 使用 BASE64(网站到提供商)
- 构建了一个答案(包含过期时间)
- 网站将用户重定向到提供者进行登录.
- 用户输入密码并提交.
- 验证已完成.
- 登录!
I am a little curious to know about how OpenID authentication works.
Is there any difference between OpenID authentication and the authentication which sites use exclusively for themselves?
What is OpenID?
Difference between OpenID and conventional authentification form?
The difference is that the identification will be decentralized to an external site (for example Wordpress, Yahoo, ...). The website will know whether or not the identification is OK and let you login. Conventional website authentication performs a comparison with data held in a private database, so your username and password can be used to login to this website only. With OpenID you can use the same credentials on multiple websites.
How it works?
- You can see the Flow of operation here (image)
- Step-by-step activities here
- Step-by-step activities here (other blog)
Steps
- User connects to OpenID enabled website.
- User enters credential information.
- A POST is made with a BASE64 (website to provider)
- An answer is built (that contains expiration)
- The website redirects the user to the provider to login.
- User enters password and submit.
- Verification is done.
- Login!
这篇关于OpenID 身份验证如何工作?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!