How does Single login work for many websites – OpenID

As we browse the web, we realize that each of the websites asks for authentication. So for example, if you are at Google Mail, it asks for entering the name and password combination. Browse to another site like Amazon and they ask for their own authentication.

These name and password combinations are tedious to remember but also difficult from a security point of view. For your account, they are stored on web servers that keep them in a secure area that is hopefully well encrypted. In many cases, since the name/password combinations are difficult to remember, the users like to make the browser store them.

However, there has to be a better way. One example of that technology is called OpenID. This is a single authentication scheme that works across different websites. Google login’s for example work with other providers. How does it work?

What is it: OpenID allows you to use one account to sign into multiple websites. You can choose to share more information about you, or limit them – it is upto you. However, it does make the task much simpler.

How does it work? OpenID uses existing internet technologies, HTTP, SSL that can be used to create OpenID’s. Interestingly, the website that you login does not know you identity but rather will let you login as long as the server where you are authenticated on (say Yahoo! Or Google) allows the transaction to continue.

The steps for authentication are as follows:

User requests access to a website. The website asks for User’s OpenID identity
User enters their identity which is usually a website URL like address: xyz.server.com
Website server looks up up the website (xyz.server.com)
The website POSTs an “associate” request to the identity server and they both establish a Diffie-Hellman key exchange without passing anything through the internet.
The server provides a handle for future requests
The user is sent to the server website HTML code to authenticate the password
The server then redirects the authenticated user with a trust user message back to the website to continue the transaction.

There are several steps that are taken to prevent spoofing, hackers through exchange codes that enables continued authenticity.

OpenID is becoming extremely popular with nearly a billion user accounts and >10 million websites, so but since no one really owns it, it is decentralized. Anyone could become a server as well as a client, though the server needs to be an openID provider. There are a few blogs that talk about the process but it should be used more often by users.

http://www.windley.com/archives/2006/04/how_does_openid.shtml

http://tinisles.blogspot.com/2008/02/how-does-openid-work.html

Diagram from OpenID

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.