Martin Atkins (mart) wrote in apparentlymart,
Martin Atkins

Proxies between OpenID and other identity providers

Back in the early days of OpenID I put together an OpenID to LID proxy as a proof of concept. The goal of this proxy was to allow anyone already using LID to use OpenID. However, a similar principle can be easily applied to any browser-based authentication service or provider.

The basic method of operation is this: the user points their identity's openid.server at the proxy URL. The proxy acts as both an OpenID identity server and a client for our target authentication system. An authentication request causes the relying party to redirect the user to the proxy, which in turn redirects the user to the third-party authentication provider. When the provider responds, the proxy massages the response into OpenID format and redirects the user back to the RP.

In a hetrogenous identity environment, this sort of thing can be helpful since it allows users to adopt OpenID without having to create “yet another account”. More potential OpenID identifiers means more interest from potential relying parties, which can only be a good thing.

Tags: identity, openid

  • The next evolution for OpenID?

    This morning at IIW Dick Hardt presented his vision for solving the issue whereby a user is dependent on his OpenID provider being up and non-evil.…

  • HTML 5 vs. Yadis

    One of the ways that the Yadis specification allows for the XRDS document location to be declared is via the X-XRDS-Location header embedded via a…

  • Client Certificates: It's easy, man! recently added support for logging in with client certificates. I've heard people talking about client certificates lots of times, but…

  • Post a new comment


    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.