问题
How would you design and implement OpenID components?
(Was "How does OpenId work")
I realize this question is somewhat of a duplicate, and yes, I have read the spec and the wikipedia article.
After reading the materials mentioned above, I still don't have a complete picture in my head of how each step in the process is handled. Maybe what's missing is a good workflow diagram for how an implementation of OpenID works.
I'm considering incorporating OpenID into one of my applications to accomodate a B2B single-sign-on scenario, and I will probably go with DotNetOpenID instead of trying to implement it myself, but I still want a better grasp of the particulars before I get started.
Can anyone recommend books or websites that do a good job of explaining it all? It wouldn't hurt to have an answer that covers the basics here on this site as well.
[Edit]
I changed the title to be more implementation-specific, since there are obviously plenty of places to get the ten-thousand-foot view.
回答1:
This page has a nice flow diagram.
I found this link on the OpenID Wiki, you might want to check there for more resources.
回答2:
I recommend Joseph Smarr's Recipe for OpenID-Enabling Your Site.
I haven't read the DotNetOpenID docs, but I would hope whatever implementation you choose would also have some overview documentation and/or examples to illustrate usage of the API.
回答3:
Check out Security Now podcast, episode 95. (Actually audio)
回答4:
Also related:
The super-famous talk by Dick Hardt on Identity 2.0, I suppose almost everyone has watched it, but if you haven't it is a must see.
It is more about the reasoning of the need of things like Open ID and not necessarily about their implementation, though.
回答5:
Jeff has a great article on OpenID where he shares his experiences:
OpenID: Does The World Really Need Yet Another Username and Password?
There are some links to tutorials on the official OpenID site:
http://openid.net/developers/
You can get a nice login-control for OpenID (which also is used here on stackoverflow) here:
http://www.idselector.com/
来源:https://stackoverflow.com/questions/123671/how-is-openid-implemented