This blog can't be viewed on LiveJournal. Instead see http://www.apparently.me.uk/2767.html.

Proxies between OpenID and other identity providers

15th Jan 2007

Back in the early days of OpenID I put together an OpenID to LID proxy as a proof of concept. The goal of this proxy was to allow anyone already using LID to use OpenID. However, a similar principle can be easily applied to any browser-based authentication service or provider.

The basic method of operation is this: the user points their identity's openid.server at the proxy URL. The proxy acts as both an OpenID identity server and a client for our target authentication system. An authentication request causes the relying party to redirect the user to the proxy, which in turn redirects the user to the third-party authentication provider. When the provider responds, the proxy massages the response into OpenID format and redirects the user back to the RP.

In a hetrogenous identity environment, this sort of thing can be helpful since it allows users to adopt OpenID without having to create “yet another account”. More potential OpenID identifiers means more interest from potential relying parties, which can only be a good thing.

Comments