Martin Atkins (mart) wrote in apparentlymart,
Martin Atkins

Proxies between OpenID and other identity providers

Back in the early days of OpenID I put together an OpenID to LID proxy as a proof of concept. The goal of this proxy was to allow anyone already using LID to use OpenID. However, a similar principle can be easily applied to any browser-based authentication service or provider.

The basic method of operation is this: the user points their identity's openid.server at the proxy URL. The proxy acts as both an OpenID identity server and a client for our target authentication system. An authentication request causes the relying party to redirect the user to the proxy, which in turn redirects the user to the third-party authentication provider. When the provider responds, the proxy massages the response into OpenID format and redirects the user back to the RP.

In a hetrogenous identity environment, this sort of thing can be helpful since it allows users to adopt OpenID without having to create “yet another account”. More potential OpenID identifiers means more interest from potential relying parties, which can only be a good thing.

Tags: identity, openid

  • Moved to TypePad is now hosted on TypePad rather than LiveJournal. All of the old content remains over here in LiveJournal land, but those who are…

  • Moving the Goalposts

    In the few weeks since I published the first drafts of AtomActivity, ActivitySchema and friends several things have come about: FriendFeed is…

  • Activity Streams and Comment Aggregation

    One pain point that exists for activity streams right now is the dispersal of responses over various networks. When I post a blog entry like this…

  • Post a new comment


    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.