922:
662:(a number used just once) to allow a user to log into the site once and fail all the consecutive attempts. The nonce solution works if the user is the first one to use the URL. However, a fast attacker who is sniffing the wire can obtain the URL and immediately reset a user's TCP connection (as an attacker is sniffing the wire and knows the required TCP sequence numbers) and then execute the replay attack as described above. Thus nonces only protect against passive attackers, but cannot prevent active attackers from executing the replay attack. Use of TLS/SSL in the authentication process can significantly reduce this risk.
791:
than a full identity URL. With this, as well as the addition of extensions and XRI support underway, OpenID was evolving into a full-fledged digital identity framework, with
Recordon proclaiming "We see OpenID as being an umbrella for the framework that encompasses the layers for identifiers, discovery, authentication and a messaging services layer that sits atop and this entire thing has sort of been dubbed 'OpenID 2.0'. " In late July, Sxip began to merge its Digital Identity Exchange (DIX) protocol into OpenID, submitting initial drafts of the OpenID Attribute Exchange (AX) extension in August. Late in 2006, a
73:"). An extension to the standard (the OpenID Attribute Exchange) facilitates the transfer of user attributes, such as name and gender, from the OpenID identity provider to the relying party (each relying party may request a different set of attributes, depending on its requirements). The OpenID protocol does not rely on a central authority to authenticate a user's identity. Moreover, neither services nor the OpenID standard may mandate a specific means by which to authenticate users, allowing for approaches ranging from the common (such as passwords) to the novel (such as
3140:
425:. I-names are reassignable (like domain names), while i-numbers are never reassigned. When an XRI i-name is used as an OpenID identifier, it is immediately resolved to the synonymous i-number (the CanonicalID element of the XRDS document). This i-number is the OpenID identifier stored by the relying party. In this way, both the user and the relying party are protected from the end user's OpenID identity ever being taken over by another party as can happen with a URL based on a reassignable DNS name.
936:
then the user can impersonate the house owner to the application who requested their authenticity. If the key is compromised by any point in the chain of trust, a malicious user may intercept it and use it to impersonate user X for any application relying on OAuth2 for pseudo authentication against the same OAuth authorization server. Conversely, the notarized letter contains the user's signature, which can be checked by the requesting application against the user, so this attack is not viable.
908:
API. It doesn't know anything about who authorized the application or if there was even a user there at all. In fact, much of the point of OAuth is about giving this delegated access for use in situations where the user is not present on the connection between the client and the resource being accessed. This is great for client authorization, but it's really bad for authentication where the whole point is figuring out if the user is there or not (and who they are).
3414:
581:
says "An attacker could forge an OpenID request that doesn't ask for the user's email address, and then insert an unsigned email address into the IDPs response. If the attacker relays this response to a website that doesn't notice that this attribute is unsigned, the website may be tricked into logging the attacker in to any local account." The research paper claims that many popular websites have been confirmed vulnerable, including
22:
3424:
434:
June 2007 and serves as a public trust organization representing an open community of developers, vendors and users. OIDF assists the community by providing needed infrastructure and help in promoting and supporting adoption of OpenID. This includes managing intellectual property and trade marks as well a fostering viral growth and global participation in OpenID.
630:
Foundation approved version 1.0 of the
Provider Authentication Policy Extension (PAPE), which "enables Relying Parties to request that OpenID Providers employ specified authentication policies when authenticating users and for OpenID Providers to inform the Relying Parties which policies were actually used."
692:
The announcement of OpenID is: "'Covert
Redirect', publicized in May 2014, is an instance of attackers using open redirectors – a well-known threat, with well-known means of prevention. The OpenID Connect protocol mandates strict measures that preclude open redirectors to prevent this vulnerability."
348:
If the end user accepts the OpenID provider's request to trust the relying party, then the user-agent is redirected back to the relying party along with the end user's credentials. That relying party must then confirm that the credentials really came from the OpenID provider. If the relying party and
935:
Note that the valet key does not describe the user in any way, it only provides limited access rights, to some house (which is not even necessarily the user's, they just had a key). Therefore if the key becomes compromised (the user is malicious and managed to steal the key to someone else's house),
907:
However, OAuth tells the application none of that. OAuth says absolutely nothing about the user, nor does it say how the user proved their presence or even if they're still there. As far as an OAuth client is concerned, it asked for a token, got a token, and eventually used that token to access some
625:
attacks. For example, a malicious relaying party may forward the end user to a bogus identity provider authentication page asking that end user to input their credentials. On completion of this, the malicious party (who in this case also controls the bogus authentication page) could then have access
550:
Nobody should own this. Nobody's planning on making any money from this. The goal is to release every part of this under the most liberal licenses possible, so there's no money or licensing or registering required to play. It benefits the community as a whole if something like this exists, and we're
530:
The OIDF ensures that OpenID specifications are freely implementable therefore the OIDF requires all contributors to sign a contribution agreement. This agreement both grants a copyright license to the
Foundation to publish the collective specifications and includes a patent non-assertion agreement.
219:
When a user visits a website that supports OpenID authentication, the website will redirect the user to their chosen IDP. The IDP will then prompt the user to authenticate themselves (e.g., by entering a username and password). Once the user is authenticated, the IDP will generate an OpenID and send
215:
OpenID is a decentralized authentication protocol that allows users to authenticate with multiple websites using a single set of credentials, eliminating the need for separate usernames and passwords for each website. OpenID authenticates with user with an identity provider (IDP), who then provides
199:
Many if not all of the larger organizations require users to provide authentication in the form of an existing email account or mobile phone number in order to sign up for an account (which then can be used as an OpenID identity). There are several smaller entities that accept sign-ups with no extra
986:
OpenID Connect allows a range of parties, including web-based, mobile and JavaScript clients, to request and receive information about authenticated sessions and end users. The OpenID Connect specification is extensible, supporting optional features such as encryption of identity data, discovery of
790:
left Six Apart, joining VeriSign to focus more on digital identity and guidance for the OpenID spec. By early June, the major differences between the SXIP 2.0 and OpenID projects were resolved with the agreement to support multiple personas in OpenID by submission of an identity provider URL rather
781:
In
December, developers at Sxip Identity began discussions with the OpenID/Yadis community after announcing a shift in the development of version 2.0 of its Simple Extensible Identity Protocol (SXIP) to URL-based identities like LID and OpenID. In March 2006, JanRain developed a Simple Registration
657:
Another important vulnerability is present in the last step in the authentication scheme when TLS/SSL are not used: the redirect-URL from the identity provider to the relying party. The problem with this redirect is the fact that anyone who can obtain this URL (e.g. by sniffing the wire) can replay
580:
In March, 2012, a research paper reported two generic security issues in OpenID. Both issues allow an attacker to sign in to a victim's relying party accounts. For the first issue, OpenID and Google (an
Identity Provider of OpenID) both published security advisories to address it. Google's advisory
521:
OIDF is a global organization to promote digital identity and to encourage the further adoption of OpenID, the OIDF has encouraged the creation of member chapters. Member chapters are officially part of the
Foundation and work within their own constituency to support the development and adoption of
433:
The OpenID Foundation (OIDF) promotes and enhances the OpenID community and technologies. The OIDF is a non-profit international standards development organization of individual developers, government agencies and companies who wish to promote and protect OpenID. The OpenID Foundation was formed in
903:
Authentication in the context of a user accessing an application tells an application who the current user is and whether or not they're present. Authentication is all about the user and their presence with the application, and an internet-scale authentication protocol needs to be able to do this
384:
that can be used to log into OpenID-enabled websites, a user registers an OpenID identifier with an identity provider. Identity providers offer the ability to register a URL (typically a third-level domain, e.g. username.example.com) that will automatically be configured with OpenID authentication
227:
One of the key benefits of OpenID is that it allows users to control their own identity information, rather than relying on individual websites to store and manage their login credentials. This can be particularly important in cases where websites are vulnerable to security breaches or where users
867:
In
January 2009, PayPal joined the OpenID Foundation as a corporate member, followed shortly by Facebook in February. The OpenID Foundation formed an executive committee and appointed Don Thibeau as executive director. In March, MySpace launched their previously announced OpenID provider service,
916:
for authentication. Note that with OpenID, the process starts with the application asking the user for their identity (typically an OpenID URI), whereas in the case of OAuth, the application directly requests a limited access OAuth Token (valet key) to access the APIs (enter the house) on user's
629:
In an attempt to combat possible phishing attacks, some OpenID providers mandate that the end user needs to be authenticated with them prior to an attempt to authenticate with the relying party. This relies on the end user knowing the policy of the identity provider. In
December 2008, the OpenID
223:
OpenID is built on top of several existing standards, including HTTP, HTML, and XML. OpenID relies on a number of technologies, including a discovery mechanism that allows websites to find the IDP associated with a particular OpenID, as well as security mechanisms to protect against phishing and
978:
authorization framework. It allows computing clients to verify the identity of an end user based on the authentication performed by an authorization server, as well as to obtain the basic profile information about the end user in an interoperable and REST-like manner. In technical terms, OpenID
810:
digital identity platform, with particular focus on developing a phishing-resistant authentication solution for OpenID. As part of the collaboration, Microsoft pledged to support OpenID in its future identity server products and JanRain, Sxip, and VeriSign pledged to add support for
Microsoft's
835:
for managing the OpenID brand and property. The same month, an independent OpenID Europe Foundation was formed in Belgium by Snorri Giorgetti. By early December, non-assertion agreements were collected by the major contributors to the protocol and the final OpenID Authentication 2.0 and OpenID
830:
began working with the OpenID community, announcing an OpenID program, as well as entering a non-assertion covenant with the OpenID community, pledging not to assert any of its patents against implementations of OpenID. In June, OpenID leadership formed the OpenID Foundation, an Oregon-based
668:
IF (Both RP1 and RP2 have Bob as a client) AND // a common case (Bob uses the same IDP with both RP1 and RP2) AND // a common case (RP1 does not use VPN/SSL/TLS to secure their connection with the client) // preventable! THEN RP2 could obtain credentials sufficient to
699:
A patch was not immediately made available. Ori Eisen, founder, chairman and chief innovation officer at 41st Parameter told Sue Marquette Poremba, "In any distributed system, we are counting of the good nature of the participants to do the right thing. In cases like OAuth and OpenID, the
539:
The OpenID trademark in the United States was assigned to the OpenID Foundation in March 2008. It had been registered by NetMesh Inc. before the OpenID Foundation was operational. In Europe, as of August 31, 2007, the OpenID trademark is registered to the OpenID Europe Foundation.
843:
announced initial OpenID 2.0 support, both as a provider and as a relying party, releasing the provider service by the end of the month. In early February, Google, IBM, Microsoft, VeriSign and Yahoo! joined the OpenID Foundation as corporate board members. Around early May,
349:
OpenID provider had previously established a shared secret, then the relying party can validate the identity of the OpenID provider by comparing its copy of the shared secret against the one received along with the end user's credentials; such a relying party is called
875:
announced that MyOpenID.com would be shut down on February 1, 2014; a pie chart showed Facebook and Google dominate the social login space as of Q2 2013. Facebook has since left OpenID; it is no longer a sponsor, represented on the board, or permitting OpenID logins.
344:
If the end user declines the OpenID provider's request to trust the relying party, then the user-agent is redirected back to the relying party with a message indicating that authentication was rejected; the relying party in turn refuses to authenticate the end user.
882:
In March 2018, Stack Overflow announced an end to OpenID support, citing insufficient usage to justify the cost. In the announcement, it was stated that based on activity, users strongly preferred Facebook, Google, and e-mail/password based account authentication.
566:
covering OpenID 1.1 specifications. The covenants state that the companies will not assert any of their patents against OpenID implementations and will revoke their promises from anyone who threatens, or asserts, patents against OpenID implementors.
863:
would support OpenID. In November, JanRain announced a free hosted service, RPX Basic, that allows websites to begin accepting OpenIDs for registration and login without having to install, integrate and configure the OpenID open source libraries.
340:
The method of authentication may vary, but typically, an OpenID provider prompts the end user for a password or some cryptographic token, and then asks whether the end user trusts the relying party to receive the necessary identity details.
231:
OpenID has been widely adopted by a number of large websites and service providers, including Google, Yahoo!, and PayPal. The protocol is also used by a number of open source projects and frameworks, including Ruby on Rails and Django.
868:
enabling all MySpace users to use their MySpace URL as an OpenID. In May, Facebook launched their relying party functionality, letting users use an automatic login-enabled OpenID account (e.g. Google) to log into Facebook.
388:
Once they have registered an OpenID, a user can also use an existing URL under their own control (such as a blog or home page) as an alias or "delegated identity". They simply insert the appropriate OpenID tags in the
612:
were initially confirmed vulnerable. OpenID published a vulnerability report on the flaw. The report says Google and PayPal have applied fixes, and suggest other OpenID vendors to check their implementations.
240:
The end user interacts with a relying party (such as a website) that provides an option to specify an OpenID for the purposes of authentication; an end user typically has previously registered an OpenID (e.g.
696:"The general consensus, so far, is that Covert Redirect is not as bad, but still a threat. Understanding what makes it dangerous requires a basic understanding of Open Redirect, and how it can be exploited."
304:, in which the relying party requests that the OpenID provider not interact with the end user. All communication is relayed through the end user's user-agent without explicitly notifying the end user.
1295:
368:
After the OpenID has been verified, authentication is considered successful and the end user is considered logged into the relying party under the identity specified by the given OpenID (e.g.
782:(SREG) extension for OpenID enabling primitive profile-exchange and in April submitted a proposal to formalize extensions to OpenID. The same month, work had also begun on incorporating full
62:
login systems, and allowing users to log in to multiple unrelated websites without having to have a separate identity and password for each. Users create accounts by selecting an OpenID
2166:
They were looking for a name and managed to email me about openid.net right before I was going to offer it to them. So I gave it to them for the new and improved OpenID project.
965:
The application encrypts a random phrase using the received encryption key, and asks that the user do the same, then compares the results, if they match, the user is authentic.
96:
As of March 2016, there are over 1 billion OpenID-enabled accounts on the Internet (see below) and approximately 1,100,934 sites have integrated OpenID consumer support:
66:, and then use those accounts to sign on to any website that accepts OpenID authentication. Several large organizations either issue or accept OpenIDs on their websites.
1627:
3213:
3060:
955:
The authentication server encrypts a document containing an encryption key which corresponds to a one-way hash of a secret the user knows (e.g. passphrase) for
260:
With OpenID 1.0, the relying party then requests the HTML resource identified by the URL and reads an HTML link tag to discover the OpenID provider's URL (e.g.
2544:
974:
Published in February 2014 by the OpenID Foundation, OpenID Connect is the third generation of OpenID technology. It is an authentication layer on top of the
1391:
1299:
400:
Starting with OpenID Authentication 2.0 (and some 1.1 implementations), there are two types of identifiers that can be used with OpenID: URLs and XRIs.
337:
mode, the relying party redirects the end user's user-agent to the OpenID provider so the end user can authenticate directly with the OpenID provider.
216:
the user with a unique identifier (called an OpenID). This identifier can then be used to authenticate the user with any website that supports OpenID.
917:
behalf. If the user can grant that access, the application can retrieve the unique identifier for establishing the profile (identity) using the APIs.
2511:
762:
discovery protocol, adopting the name originally used for OpenID. The new Yadis was announced on October 24, 2005. After a discussion at the 2005
1661:"Signing Me onto Your Accounts through Facebook and Google: a Traffic-Guided Security Study of Commercially Deployed Single-Sign-On Web Services"
921:
895:
facilitates the authorization of one site to access and use information related to the user's account on another site. Although OAuth is not an
685:
2.0 and OpenID" was disclosed. It was discovered by mathematics doctoral student Wang Jing at the School of Physical and Mathematical Sciences,
69:
The OpenID standard provides a framework for the communication that must take place between the identity provider and the OpenID acceptor (the "
2899:
594:
2610:
2092:
3219:
649:
much easier. A compromised OpenID account is also likely to be a more serious breach of privacy than a compromised account on a single site.
604:
For the second issue, the paper called it "Data Type Confusion Logic Flaw", which also allows attackers to sign in to victims' RP accounts.
3370:
2014:
2851:
1523:
3280:
3269:
932:
OpenID provides a cryptographic verification mechanism that prevents the attack below against users who misuse OAuth for authentication.
859:
announced support for OpenID as a provider. In late October, Google launched support as an OpenID provider and Microsoft announced that
543:
The OpenID logo was designed by Randy "ydnar" Reddig, who in 2005 had expressed plans to transfer the rights to an OpenID organization.
220:
it back to the website. The website can then use this OpenID to authenticate the user without needing to know their actual credentials.
3468:
1857:
2759:
1233:
720:. Initially referred to as Yadis (an acronym for "Yet another distributed identity system"), it was named OpenID after the openid.net
1446:
879:
In May 2016, Symantec announced that they would be discontinuing their pip.verisignlabs.com OpenID personal identity portal service.
3231:
3176:
3463:
2877:
2059:
2697:
806:
made a joint announcement with JanRain, Sxip, and VeriSign to collaborate on interoperability between OpenID and Microsoft's
3358:
2577:
2428:
2145:
832:
952:
The requesting application provides its encryption public key to the user, which provides it to the authentication server.
645:
The Identity Provider does, however, get a log of your OpenID logins; they know when you logged into what website, making
3237:
3021:
1637:
3309:
2999:
1829:
1096:
1037:
310:, in which the end user communicates with the OpenID provider via the same user-agent used to access the relying party.
2825:
2208:
1787:
1219:
626:
to the end user's account with the identity provider, and then use that end user's OpenID to log into other services.
372:). The relying party typically then stores the end user's OpenID along with the end user's other session information.
531:
The non-assertion agreement states that the contributor will not sue someone for implementing OpenID specifications.
3453:
3382:
3364:
2973:
2554:
1493:
1376:
1321:
686:
1970:
1926:
1882:
1688:
700:
distribution is so vast that it is unreasonable to expect each and every website to patch up in the near future".
3427:
3388:
3225:
84:
may also refer to an identifier as specified in the OpenID standard; these identifiers take the form of a unique
3293:
1012:
783:
442:
The OpenID Foundation's board of directors has six community board members and eight corporate board members:
3145:
2811:
1395:
2974:"Symantec Personal Identification Portal banner indicates service will be discontinued on 12 September 2016"
1948:
3169:
802:
announced support for OpenID in its Identity Initiative products and services. A week later, on February 6
2521:
2178:
642:. However, this problem is not unique to OpenID and is simply the state of the Internet as commonly used.
3458:
2345:
1814:
848:
introduced OpenID provider and relying party support to leading open source software development website
149:
85:
2698:"Yahoo! Announces Support for OpenID; Users Able to Access Multiple Internet Sites with Their Yahoo! ID"
3085:
1471:
204:
3275:
2036:
2903:
1702:
1442:
3448:
2926:
2319:
2100:
754:
company NetMesh, leading to collaboration on interoperability between OpenID and NetMesh's similar
381:
63:
2267:
2241:
1674:
1600:
3417:
3254:
3162:
1660:
945:
774:
developers joined the Yadis project, contributing their Extensible Resource Descriptor Sequence (
601:. The researchers have notified the affected parties, who have then fixed their vulnerable code.
43:
2855:
2402:
2376:
638:
Other security issues identified with OpenID involve lack of privacy and failure to address the
3315:
2460:
1717:
1554:
1531:
956:
853:
563:
1251:
621:
Some observers have suggested that OpenID has security weaknesses and may prove vulnerable to
80:
The final version of OpenID is OpenID 2.0, finalized and published in December 2007. The term
2786:"MySpace Announces Support for "OpenID" and Introduces New Data Availability Implementations"
1161:
1043:
1032:
820:
755:
413:
designed specifically for cross-domain digital identity. For example, XRIs come in two forms—
165:
2763:
2122:
1237:
2785:
2730:"Technology Leaders Join OpenID Foundation to Promote Open Identity Management on the Web"
1234:"Technology Leaders Join OpenID Foundation to Promote Open Identity Management on the Web"
8:
3326:
3304:
1182:
1140:
751:
744:
659:
646:
297:
There are two modes in which the relying party may communicate with the OpenID provider:
113:
891:
OpenID is a way to use a single set of user credentials to access multiple sites, while
289:; this document may be available at the target URL and is always available for a target
3201:
3139:
795:
opinion piece made the case for OpenID to users, web site operators and entrepreneurs.
736:
for blog post comments and quickly gained attention in the digital identity community.
658:
it and get logged into the site as the victim user. Some of the identity providers use
271:
With OpenID 2.0, the relying party discovers the OpenID provider URL by requesting the
54:, or RP) using a third-party identity provider (IDP) service, eliminating the need for
2069:
819:
announced that an experimental OpenID provider service was functional for all AOL and
724:
was given to Six Apart to use for the project. OpenID support was soon implemented on
196:, although some of those organizations also have their own authentication management.
2707:
2486:
1344:
845:
807:
129:
2729:
2671:
2153:
2951:
1605:
1579:
1356:
1027:
1022:
827:
812:
709:
590:
555:
157:
1118:
962:
The user passes the encrypted document back to the application, which decrypts it.
252:
The relying party typically transforms the OpenID into a canonical URL form (e.g.
3207:
1007:
860:
849:
729:
678:
193:
2588:
2437:
1992:
3352:
3336:
3185:
2516:
1048:
896:
799:
787:
586:
161:
40:
88:(URI), and are managed by some "OpenID provider" that handles authentication.
3442:
1204:
1068:
997:
912:
The following drawing highlights the differences between using OpenID versus
737:
326:
173:
145:
70:
51:
37:
33:
3035:
1833:
2829:
2545:"VeriSign, Microsoft & Partners to Work together on OpenID + Cardspace"
2218:
1791:
1583:
1420:
1361:
750:
In late June, discussions started between OpenID users and developers from
639:
325:
First, the relying party and the OpenID provider (optionally) establish a
3399:
3331:
2659:
2615:
2512:"Symantec Unveils Security 2.0 Identity Initiative at DEMO 07 Conference"
2432:
2213:
2064:
733:
725:
721:
713:
708:
The original OpenID authentication protocol was developed in May 2005 by
582:
546:
Since the original announcement of OpenID, the official site has stated:
121:
2977:
2293:
1846:(originally published on The Identity Corner at www.idcorner.org/?p=161)
1501:
562:
and a number of smaller companies involved in OpenID have issued patent
2737:
1002:
975:
410:
117:
109:
74:
1904:
207:. Blogger also used OpenID, but since May 2018 no longer supports it.
50:. It allows users to be authenticated by co-operating sites (known as
3321:
1058:
1017:
803:
717:
598:
353:
because it stores the shared secret between sessions. In contrast, a
125:
55:
525:
3299:
2826:"JanRain Releases Free Version of Industry Leading OpenID Solution"
2549:
1632:
836:
Attribute Exchange 1.0 specifications were ratified on December 5.
652:
622:
559:
422:
418:
407:
169:
1743:
886:
3286:
3154:
3107:
872:
856:
740:
522:
OpenID as a framework for user-centric identity on the internet.
137:
2639:
1345:"Extending OpenID Connect Towards Mission Critical Applications"
1273:
365:) to ensure that the data indeed came from the OpenID provider.
21:
3394:
3376:
3149:
2927:"MyOpenID to shut down. Will be turned off on February 1, 2014"
2828:(Press release). JanRain, Inc. 14 November 2008. Archived from
2702:
2182:
1949:"Nasty Covert Redirect Vulnerability found in OAuth and OpenID"
1766:
1689:"Security advisory to websites using OpenID Attribute Exchange"
840:
771:
758:(LID) protocol. The direct result of the collaboration was the
609:
605:
414:
228:
are concerned about the privacy of their personal information.
189:
177:
141:
105:
101:
3061:"Why is it a bad idea to use plain oauth2 for authentication?"
2353:
1658:
3342:
2762:(Press release). SourceForge, Inc. 7 May 2008. Archived from
1063:
913:
892:
815:
profile to their future identity solutions. In mid-February,
792:
759:
682:
394:
280:
153:
2902:. Wiki.developers.facebook.com. 26 June 2009. Archived from
786:
support into OpenID. Around early May, key OpenID developer
3264:
3243:
2015:"'Covert Redirect' vulnerability impacts OAuth 2.0, OpenID"
1971:"Math student detects OAuth, OpenID security vulnerability"
1053:
980:
775:
763:
390:
273:
133:
1474:. United States Patent and Trademark Office. 27 March 2006
1296:"Facebook, Google launch data portability programs to all"
2637:
2582:
816:
767:
747:
and expanding its business around OpenID-based services.
403:
290:
185:
181:
97:
1927:"Facebook, Google Users Threatened by New Security Flaw"
927:
468:
Community Representative: George Fletcher (Capital One)
16:
Open and decentralized authentication protocol standard
3133:
2854:. Developers.facebook.com. 18 May 2009. Archived from
1985:
1141:"OpenID Authentication 2.0 specification – Final"
3086:"Final OpenID Connect Core 1.0 - Appendix C. Notices"
2852:"Facebook Developers | Facebook Developers News"
1274:"Steam Community :: Steam Web API Documentation"
361:
relying party must make one more background request (
264:). The relying party also discovers whether to use a
333:, which the relying party then stores. If using the
2377:"OpenID + Simple Registration Information Exchange"
1883:"Serious security flaw in OAuth, OpenID discovered"
1858:"Single Sign-On for the Internet: A Security Story"
1620:
1343:Deeptha, R.; Mukesh, Rajeswari (1 September 2018).
743:was an early supporter of OpenID, providing OpenID
471:
Corporate Representative: Ashish Jain (Arkose Labs)
1595:
1593:
1097:"Single sign-on service OpenID getting more usage"
203:Facebook did use OpenID in the past, but moved to
2403:"Proposal for an XRI (i-name) profile for OpenID"
2179:"OpenID: an actually distributed identity system"
1628:"VeriSign's OpenID Non-Assertion Patent Covenant"
526:Intellectual property and contribution agreements
3440:
653:Authentication hijacking in unsecured connection
2900:"OpenID Requirements – Facebook Developer Wiki"
2233:
2051:
1897:
1659:Rui Wang; Shuo Chen; XiaoFeng Wang (May 2012).
1590:
887:OpenID versus pseudo-authentication using OAuth
421:—that are usually registered simultaneously as
2812:"Microsoft and Google announce OpenID support"
2090:
2029:
3220:Java Authentication and Authorization Service
3170:
1941:
1827:
1415:
1413:
1342:
3371:Protected Extensible Authentication Protocol
2878:"Facebook now accepts Google account logins"
2037:"Lessons to be Learned from Covert Redirect"
1919:
1162:"OpenID Attribute Exchange 1.0 – Final"
979:Connect specifies a RESTful HTTP API, using
3281:Challenge-Handshake Authentication Protocol
3022:"Support for OpenID ended on July 25, 2018"
3000:"Is Symantec failing hard at being Google?"
2924:
2611:"Sun Microsystems Announces OpenID Program"
2206:
2057:
1578:
1524:"OpenID Europe Trademark & Logo Policy"
633:
456:Chairman: Nat Sakimura (NAT Consulting LLC)
322:mode if the operation cannot be automated.
3177:
3163:
3138:
2918:
2760:"SourceForge Implements OpenID Technology"
2631:
2504:
2007:
1963:
1815:"PAPE Approved as an OpenID Specification"
1443:"Trademark Assignment, Serial #: 78899244"
1410:
987:OpenID providers, and session management.
778:) format for utilization in the protocol.
2638:OpenID Board of Directors (1 June 2007).
2536:
2268:"Implementing YADIS with no new software"
1447:United States Patent and Trademark Office
1360:
899:protocol, it can be used as part of one.
262:http://openid.example.org/openid-auth.php
3232:Simple Authentication and Security Layer
2458:
2426:
2337:
2239:
2209:"brad's life – OpenID and SixApart"
1741:
1349:Cybernetics and Information Technologies
1217:
1090:
1088:
1086:
1084:
969:
904:across network and security boundaries.
20:
2202:
2200:
1855:
1715:
1464:
1389:
1322:"It's spring cleaning time for Blogger"
939:
712:, creator of popular community website
3441:
2575:
2542:
2484:
2084:
1703:"Vulnerability report: Data confusion"
1552:
1377:"OpenID Authentication 1.1#Delegation"
1294:Perez, Juan Carlos (4 December 2008).
575:
504:Yahoo Ad Tech – Arvind Kumar Garg
498:Ping Identity – Wesley Dunnington
47:
3158:
2814:. OpenID Foundation. 30 October 2008.
2664:
2603:
2569:
2343:
2317:
2171:
1812:
1767:"Beginner's guide to OpenID phishing"
1293:
1094:
1081:
210:
3423:
3359:Password-authenticated key agreement
3036:"User Authentication with OAuth 2.0"
2400:
2374:
2368:
2311:
2291:
2265:
2259:
2240:Recordon, David (24 December 2005).
2197:
2143:
2125:. LiveJournal Server: Technical Info
1875:
1601:"Sun OpenID: Non-Assertion Covenant"
1298:. Network World, Inc. Archived from
928:Attack against pseudo-authentication
459:Vice Chairman: Bjorn Hjelm (Verizon)
445:
428:
3238:Security Support Provider Interface
3065:Information Security Stack Exchange
2543:Graves, Michael (6 February 2007).
2292:Reed, Drummond (30 November 2008).
2181:. 24 September 2005. Archived from
1675:"Attribute Exchange Security Alert"
1392:"Easy OpenID Delegation with Yadis"
1183:"OpenID Authentication 2.0 - Final"
959:using the application's public key.
13:
3377:Remote Access Dial In User Service
3310:Extensible Authentication Protocol
3184:
2792:. MySpace. 22 July 2008. p. 2
2266:Reed, Dummond (31 December 2005).
2091:Waters, John K (1 December 2007).
1038:Security Assertion Markup Language
672:
669:impersonate Bob with RP1 END-IF
492:NRI Secure – Takehisa Shibata
14:
3480:
3469:Computer access control protocols
3125:
3108:"OpenID Connect FAQ and Q&As"
2706:. 17 January 2008. Archived from
2576:Panzer, John (16 February 2007).
2520:. 31 January 2007. Archived from
2427:Recordon, David (29 April 2006).
2207:Fitzpatrick, Brad (30 May 2006).
2058:Fitzpatrick, Brad (16 May 2005).
1236:. 7 February 2008. Archived from
465:Secretary: Mike Jones (Microsoft)
3422:
3413:
3412:
3383:Resource Access Control Facility
3365:Password Authentication Protocol
3270:Authentication and Key Agreement
3226:Pluggable Authentication Modules
2925:Kane, Zee M (4 September 2013).
2485:Becker, Phil (4 December 2006).
2459:Recordon, David (16 June 2006).
2344:Hardt, Dick (10 December 2005).
2318:Hardt, Dick (18 December 2005).
1828:Stefan Brands (22 August 2007).
1813:Jones, Mike (31 December 2008).
1764:
1218:bashburn, bill (22 April 2008).
920:
687:Nanyang Technological University
462:Treasurer: John Bradley (Yubico)
254:http://alice.openid.example.org/
245:) with an OpenID provider (e.g.
3389:Secure Remote Password protocol
3100:
3078:
3053:
3028:
3014:
2992:
2966:
2944:
2892:
2870:
2844:
2818:
2804:
2778:
2752:
2722:
2690:
2653:
2478:
2452:
2420:
2394:
2285:
2137:
2115:
1849:
1821:
1806:
1780:
1758:
1735:
1709:
1695:
1681:
1667:
1652:
1572:
1546:
1516:
1494:"NetMesh: Company / Management"
1486:
1435:
1383:
1369:
1336:
1314:
1287:
1266:
1252:"PayPal Access Uses OpenID 2.0"
534:
3464:Identity management initiative
3294:Central Authentication Service
2880:. Pocket-lint.com. 19 May 2009
2144:Lehn, David I. (18 May 2005).
2093:"OpenID Updates Identity Spec"
1742:Anderson, Tim (5 March 2007).
1553:Reddig, Randy (29 June 2005).
1244:
1226:
1211:
1197:
1175:
1154:
1133:
1111:
1013:Central Authentication Service
677:On May 1, 2014, a bug dubbed "
375:
1:
3214:Generic Security Services API
2401:Grey, Victor (2 April 2006).
2060:"Distributed Identity: Yadis"
1951:. The Hacker News. 3 May 2014
1716:Crowley, Paul (1 June 2005).
1220:"BBC Joins OpenID Foundation"
1095:Eldon, Eric (14 April 2009).
1075:
501:Visa Inc. – Luis DaSilva
495:Okta – Vittorio Bertocci
483:Cisco – Nancy Cam-Winget
235:
3244:XCert Universal Database API
2578:"AOL and 63 Million OpenIDs"
2375:Hoyt, Josh (15 March 2006).
2039:. 41st Parameter. 5 May 2014
1830:"The problem(s) with OpenID"
1744:"OpenID still open to abuse"
1718:"Phishing attacks on OpenID"
551:all a part of the community.
380:To obtain an OpenID-enabled
7:
2952:"OpenID Sponsoring Members"
1254:. OpenID ·. 19 October 2011
990:
616:
570:
516:
200:identity details required.
91:
86:Uniform Resource Identifier
46:promoted by the non-profit
10:
3485:
2320:"Sxip concerns with YADIS"
2242:"Announcing YADIS...again"
2152:. Advogato. Archived from
833:public benefit corporation
764:Internet Identity Workshop
703:
486:Google – Filip Verley
318:mode can fall back to the
3408:
3276:CAVE-based authentication
3253:
3192:
2672:"OpenID 2.0...Final(ly)!"
2017:. SC Magazine. 2 May 2014
1973:. Tech Xplore. 3 May 2014
1205:"OpenID Usage Statistics"
665:This can be restated as:
489:KDDI – Kosuke Koiwai
437:
2660:OpenID Europe Foundation
1528:OpenID Europe Foundation
852:. In late July, popular
634:Privacy and trust issues
370:alice.openid.example.org
285:) with the content type
243:alice.openid.example.org
3454:Password authentication
2461:"Moving OpenID Forward"
2150:Advogato blog for dlehn
1584:"Intellectual Property"
946:public-key cryptography
728:and fellow LiveJournal
564:non-assertion covenants
478:Corporate board members
451:Community board members
3316:Host Identity Protocol
2097:Redmond Developer News
1362:10.2478/cait-2018-0041
910:
854:social network service
553:
26:
2487:"The case for OpenID"
1995:. OpenID. 15 May 2014
1907:. Tetraph. 1 May 2014
1856:Tsyrklevich, Eugene.
1044:Shibboleth (software)
1033:Light-weight Identity
970:OpenID Connect (OIDC)
948:to be authenticated.
901:
839:In mid-January 2008,
821:AOL Instant Messenger
798:On January 31, 2007,
756:Light-weight Identity
548:
166:Universal Music Group
58:to provide their own
24:
2185:on 24 September 2005
1817:. OpenID Foundation.
1472:"Latest Status Info"
1240:on 10 February 2008.
1119:"What is an OpenID?"
940:Verifying the letter
363:check_authentication
287:application/xrds+xml
2906:on 23 December 2009
2858:on 23 December 2009
2832:on 18 December 2008
2640:"OpenID Foundation"
2156:on 21 December 2010
1929:. Yahoo. 2 May 2014
1794:on 13 November 2008
1459:Exec Dt: 03/27/2008
1423:. openID Foundation
944:The letter can use
871:In September 2013,
752:enterprise software
716:, while working at
647:cross-site tracking
576:Authentication bugs
329:, referenced by an
3459:Federated identity
3202:BSD Authentication
3110:. 20 February 2014
2524:on 9 February 2007
2440:on 20 October 2006
2103:on 8 February 2008
1885:. CNET. 2 May 2014
1788:"Verisign PIP FAQ"
1582:(10 August 2009).
983:as a data format.
957:challenge–response
766:a few days later,
745:software libraries
406:are a new form of
266:delegated identity
247:openid.example.org
211:Technical overview
27:
3436:
3435:
2740:. 7 February 2008
2734:OpenID Foundation
2678:. 5 December 2007
2676:OpenID Foundation
2585:Developer Network
2465:Danga Interactive
2407:Danga Interactive
2381:Danga Interactive
2356:on 14 August 2007
2346:"SXIP 2.0 Teaser"
2324:Danga Interactive
2272:Danga Interactive
2246:Danga Interactive
1993:"Covert Redirect"
1905:"Covert Redirect"
1722:Danga Interactive
1580:Fitzpatrick, Brad
1559:Danga Interactive
1504:on 30 August 2007
1185:. 5 December 2007
1099:. venturebeat.com
846:SourceForge, Inc.
808:Windows CardSpace
513:
512:
429:OpenID Foundation
316:checkid_immediate
302:checkid_immediate
278:(also called the
130:Microsoft account
64:identity provider
48:OpenID Foundation
3476:
3426:
3425:
3416:
3415:
3179:
3172:
3165:
3156:
3155:
3142:
3137:
3136:
3134:Official website
3120:
3119:
3117:
3115:
3104:
3098:
3097:
3095:
3093:
3082:
3076:
3075:
3073:
3071:
3057:
3051:
3050:
3048:
3046:
3032:
3026:
3025:
3018:
3012:
3011:
3009:
3007:
2996:
2990:
2989:
2987:
2985:
2976:. Archived from
2970:
2964:
2963:
2961:
2959:
2954:. 7 October 2009
2948:
2942:
2941:
2939:
2937:
2922:
2916:
2915:
2913:
2911:
2896:
2890:
2889:
2887:
2885:
2874:
2868:
2867:
2865:
2863:
2848:
2842:
2841:
2839:
2837:
2822:
2816:
2815:
2808:
2802:
2801:
2799:
2797:
2782:
2776:
2775:
2773:
2771:
2756:
2750:
2749:
2747:
2745:
2726:
2720:
2719:
2717:
2715:
2694:
2688:
2687:
2685:
2683:
2668:
2662:
2657:
2651:
2650:
2648:
2646:
2635:
2629:
2628:
2626:
2624:
2607:
2601:
2600:
2598:
2596:
2587:. Archived from
2573:
2567:
2566:
2564:
2562:
2553:. Archived from
2540:
2534:
2533:
2531:
2529:
2508:
2502:
2501:
2499:
2497:
2482:
2476:
2475:
2473:
2471:
2456:
2450:
2449:
2447:
2445:
2436:. Archived from
2424:
2418:
2417:
2415:
2413:
2398:
2392:
2391:
2389:
2387:
2372:
2366:
2365:
2363:
2361:
2352:. Archived from
2341:
2335:
2334:
2332:
2330:
2315:
2309:
2308:
2306:
2304:
2289:
2283:
2282:
2280:
2278:
2263:
2257:
2256:
2254:
2252:
2237:
2231:
2230:
2228:
2226:
2221:on 25 April 2007
2217:. Archived from
2204:
2195:
2194:
2192:
2190:
2175:
2169:
2168:
2163:
2161:
2141:
2135:
2134:
2132:
2130:
2119:
2113:
2112:
2110:
2108:
2099:. Archived from
2088:
2082:
2081:
2079:
2077:
2068:. Archived from
2055:
2049:
2048:
2046:
2044:
2033:
2027:
2026:
2024:
2022:
2011:
2005:
2004:
2002:
2000:
1989:
1983:
1982:
1980:
1978:
1967:
1961:
1960:
1958:
1956:
1945:
1939:
1938:
1936:
1934:
1923:
1917:
1916:
1914:
1912:
1901:
1895:
1894:
1892:
1890:
1879:
1873:
1872:
1870:
1868:
1862:
1853:
1847:
1845:
1843:
1841:
1832:. Archived from
1825:
1819:
1818:
1810:
1804:
1803:
1801:
1799:
1790:. Archived from
1784:
1778:
1777:
1775:
1773:
1762:
1756:
1755:
1753:
1751:
1739:
1733:
1732:
1730:
1728:
1713:
1707:
1706:
1705:. 15 March 2012.
1699:
1693:
1692:
1685:
1679:
1678:
1671:
1665:
1664:
1656:
1650:
1649:
1647:
1645:
1640:on 15 April 2008
1636:. Archived from
1624:
1618:
1617:
1615:
1613:
1606:Sun Microsystems
1597:
1588:
1587:
1576:
1570:
1569:
1567:
1565:
1550:
1544:
1543:
1541:
1539:
1530:. Archived from
1520:
1514:
1513:
1511:
1509:
1500:. Archived from
1490:
1484:
1483:
1481:
1479:
1468:
1462:
1461:
1456:
1454:
1439:
1433:
1432:
1430:
1428:
1417:
1408:
1407:
1405:
1403:
1394:. Archived from
1387:
1381:
1380:
1373:
1367:
1366:
1364:
1340:
1334:
1333:
1331:
1329:
1318:
1312:
1311:
1309:
1307:
1291:
1285:
1284:
1282:
1280:
1270:
1264:
1263:
1261:
1259:
1248:
1242:
1241:
1230:
1224:
1223:
1215:
1209:
1208:
1201:
1195:
1194:
1192:
1190:
1179:
1173:
1172:
1170:
1168:
1158:
1152:
1151:
1149:
1147:
1137:
1131:
1130:
1128:
1126:
1121:. 8 October 2007
1115:
1109:
1108:
1106:
1104:
1092:
1028:Liberty Alliance
1023:Information card
924:
828:Sun Microsystems
823:(AIM) accounts.
813:Information Card
710:Brad Fitzpatrick
556:Sun Microsystems
446:
371:
364:
336:
331:associate handle
321:
317:
309:
303:
288:
263:
255:
248:
244:
205:Facebook Connect
77:or biometrics).
3484:
3483:
3479:
3478:
3477:
3475:
3474:
3473:
3449:Cloud standards
3439:
3438:
3437:
3432:
3404:
3256:
3249:
3208:eAuthentication
3194:
3188:
3183:
3132:
3131:
3128:
3123:
3113:
3111:
3106:
3105:
3101:
3091:
3089:
3084:
3083:
3079:
3069:
3067:
3059:
3058:
3054:
3044:
3042:
3034:
3033:
3029:
3020:
3019:
3015:
3005:
3003:
2998:
2997:
2993:
2983:
2981:
2980:on 11 June 2016
2972:
2971:
2967:
2957:
2955:
2950:
2949:
2945:
2935:
2933:
2923:
2919:
2909:
2907:
2898:
2897:
2893:
2883:
2881:
2876:
2875:
2871:
2861:
2859:
2850:
2849:
2845:
2835:
2833:
2824:
2823:
2819:
2810:
2809:
2805:
2795:
2793:
2784:
2783:
2779:
2769:
2767:
2758:
2757:
2753:
2743:
2741:
2728:
2727:
2723:
2713:
2711:
2710:on 4 March 2008
2696:
2695:
2691:
2681:
2679:
2670:
2669:
2665:
2658:
2654:
2644:
2642:
2636:
2632:
2622:
2620:
2609:
2608:
2604:
2594:
2592:
2574:
2570:
2560:
2558:
2541:
2537:
2527:
2525:
2510:
2509:
2505:
2495:
2493:
2483:
2479:
2469:
2467:
2457:
2453:
2443:
2441:
2425:
2421:
2411:
2409:
2399:
2395:
2385:
2383:
2373:
2369:
2359:
2357:
2342:
2338:
2328:
2326:
2316:
2312:
2302:
2300:
2298:Equals Drummond
2290:
2286:
2276:
2274:
2264:
2260:
2250:
2248:
2238:
2234:
2224:
2222:
2205:
2198:
2188:
2186:
2177:
2176:
2172:
2159:
2157:
2142:
2138:
2128:
2126:
2121:
2120:
2116:
2106:
2104:
2089:
2085:
2075:
2073:
2056:
2052:
2042:
2040:
2035:
2034:
2030:
2020:
2018:
2013:
2012:
2008:
1998:
1996:
1991:
1990:
1986:
1976:
1974:
1969:
1968:
1964:
1954:
1952:
1947:
1946:
1942:
1932:
1930:
1925:
1924:
1920:
1910:
1908:
1903:
1902:
1898:
1888:
1886:
1881:
1880:
1876:
1866:
1864:
1860:
1854:
1850:
1839:
1837:
1826:
1822:
1811:
1807:
1797:
1795:
1786:
1785:
1781:
1771:
1769:
1763:
1759:
1749:
1747:
1740:
1736:
1726:
1724:
1714:
1710:
1701:
1700:
1696:
1687:
1686:
1682:
1673:
1672:
1668:
1657:
1653:
1643:
1641:
1626:
1625:
1621:
1611:
1609:
1599:
1598:
1591:
1577:
1573:
1563:
1561:
1551:
1547:
1537:
1535:
1534:on 9 March 2008
1522:
1521:
1517:
1507:
1505:
1492:
1491:
1487:
1477:
1475:
1470:
1469:
1465:
1452:
1450:
1441:
1440:
1436:
1426:
1424:
1419:
1418:
1411:
1401:
1399:
1388:
1384:
1375:
1374:
1370:
1341:
1337:
1327:
1325:
1320:
1319:
1315:
1305:
1303:
1302:on 22 June 2014
1292:
1288:
1278:
1276:
1272:
1271:
1267:
1257:
1255:
1250:
1249:
1245:
1232:
1231:
1227:
1216:
1212:
1203:
1202:
1198:
1188:
1186:
1181:
1180:
1176:
1166:
1164:
1160:
1159:
1155:
1145:
1143:
1139:
1138:
1134:
1124:
1122:
1117:
1116:
1112:
1102:
1100:
1093:
1082:
1078:
1073:
1008:Mozilla Persona
993:
972:
942:
930:
889:
861:Windows Live ID
850:SourceForge.net
706:
679:Covert Redirect
675:
673:Covert Redirect
670:
655:
636:
619:
578:
573:
537:
528:
519:
514:
440:
431:
378:
369:
362:
334:
319:
315:
307:
301:
286:
261:
253:
246:
242:
238:
224:other attacks.
213:
128:(provider name
116:(provider name
94:
52:relying parties
25:The OpenID logo
17:
12:
11:
5:
3482:
3472:
3471:
3466:
3461:
3456:
3451:
3434:
3433:
3431:
3430:
3420:
3409:
3406:
3405:
3403:
3402:
3397:
3392:
3386:
3380:
3374:
3368:
3362:
3356:
3353:OpenID Connect
3350:
3345:
3340:
3337:NT LAN Manager
3334:
3329:
3324:
3319:
3313:
3307:
3302:
3297:
3291:
3290:
3289:
3278:
3273:
3267:
3261:
3259:
3255:Authentication
3251:
3250:
3248:
3247:
3241:
3235:
3229:
3223:
3217:
3211:
3205:
3198:
3196:
3193:Authentication
3190:
3189:
3186:Authentication
3182:
3181:
3174:
3167:
3159:
3153:
3152:
3143:
3127:
3126:External links
3124:
3122:
3121:
3099:
3077:
3052:
3027:
3013:
2991:
2965:
2943:
2917:
2891:
2869:
2843:
2817:
2803:
2777:
2766:on 13 May 2008
2751:
2721:
2689:
2663:
2652:
2630:
2602:
2591:on 11 May 2008
2568:
2535:
2503:
2477:
2451:
2429:"Movin' On..."
2419:
2393:
2367:
2336:
2310:
2284:
2258:
2232:
2196:
2170:
2136:
2114:
2083:
2050:
2028:
2006:
1984:
1962:
1940:
1918:
1896:
1874:
1863:. Blackhat USA
1848:
1836:on 16 May 2011
1820:
1805:
1779:
1757:
1734:
1708:
1694:
1680:
1666:
1651:
1619:
1589:
1571:
1545:
1515:
1485:
1463:
1434:
1409:
1398:on 4 July 2009
1382:
1368:
1335:
1324:. Blogger team
1313:
1286:
1265:
1243:
1225:
1210:
1196:
1174:
1153:
1132:
1110:
1079:
1077:
1074:
1072:
1071:
1066:
1061:
1056:
1051:
1049:Single sign-on
1046:
1041:
1035:
1030:
1025:
1020:
1015:
1010:
1005:
1000:
994:
992:
989:
971:
968:
967:
966:
963:
960:
953:
941:
938:
929:
926:
897:authentication
888:
885:
788:David Recordon
705:
702:
674:
671:
667:
654:
651:
635:
632:
618:
615:
587:smartsheet.com
577:
574:
572:
569:
536:
533:
527:
524:
518:
515:
511:
510:
506:
505:
502:
499:
496:
493:
490:
487:
484:
474:
473:
472:
469:
466:
463:
460:
457:
444:
439:
436:
430:
427:
377:
374:
312:
311:
305:
295:
294:
269:
237:
234:
212:
209:
162:Telecom Italia
93:
90:
41:authentication
15:
9:
6:
4:
3:
2:
3481:
3470:
3467:
3465:
3462:
3460:
3457:
3455:
3452:
3450:
3447:
3446:
3444:
3429:
3421:
3419:
3411:
3410:
3407:
3401:
3398:
3396:
3393:
3390:
3387:
3384:
3381:
3378:
3375:
3372:
3369:
3366:
3363:
3360:
3357:
3354:
3351:
3349:
3346:
3344:
3341:
3338:
3335:
3333:
3330:
3328:
3325:
3323:
3320:
3317:
3314:
3311:
3308:
3306:
3303:
3301:
3298:
3295:
3292:
3288:
3285:
3284:
3282:
3279:
3277:
3274:
3271:
3268:
3266:
3263:
3262:
3260:
3258:
3252:
3245:
3242:
3239:
3236:
3233:
3230:
3227:
3224:
3221:
3218:
3215:
3212:
3209:
3206:
3203:
3200:
3199:
3197:
3191:
3187:
3180:
3175:
3173:
3168:
3166:
3161:
3160:
3157:
3151:
3147:
3144:
3141:
3135:
3130:
3129:
3109:
3103:
3087:
3081:
3066:
3062:
3056:
3041:
3037:
3031:
3023:
3017:
3001:
2995:
2979:
2975:
2969:
2953:
2947:
2932:
2928:
2921:
2905:
2901:
2895:
2879:
2873:
2857:
2853:
2847:
2831:
2827:
2821:
2813:
2807:
2791:
2790:Business Wire
2787:
2781:
2765:
2761:
2755:
2739:
2735:
2731:
2725:
2709:
2705:
2704:
2699:
2693:
2677:
2673:
2667:
2661:
2656:
2641:
2634:
2618:
2617:
2612:
2606:
2590:
2586:
2584:
2579:
2572:
2557:on 3 May 2008
2556:
2552:
2551:
2546:
2539:
2523:
2519:
2518:
2513:
2507:
2492:
2488:
2481:
2466:
2462:
2455:
2439:
2435:
2434:
2430:
2423:
2408:
2404:
2397:
2382:
2378:
2371:
2355:
2351:
2347:
2340:
2325:
2321:
2314:
2299:
2295:
2288:
2273:
2269:
2262:
2247:
2243:
2236:
2220:
2216:
2215:
2210:
2203:
2201:
2184:
2180:
2174:
2167:
2155:
2151:
2147:
2146:"18 May 2005"
2140:
2124:
2118:
2102:
2098:
2094:
2087:
2072:on 4 May 2006
2071:
2067:
2066:
2061:
2054:
2038:
2032:
2016:
2010:
1994:
1988:
1972:
1966:
1950:
1944:
1928:
1922:
1906:
1900:
1884:
1878:
1859:
1852:
1835:
1831:
1824:
1816:
1809:
1793:
1789:
1783:
1768:
1765:Slot, Marco.
1761:
1745:
1738:
1723:
1719:
1712:
1704:
1698:
1691:. 5 May 2011.
1690:
1684:
1677:. 5 May 2011.
1676:
1670:
1662:
1655:
1639:
1635:
1634:
1629:
1623:
1608:
1607:
1602:
1596:
1594:
1585:
1581:
1575:
1560:
1556:
1555:"OpenID Logo"
1549:
1533:
1529:
1525:
1519:
1503:
1499:
1495:
1489:
1473:
1467:
1460:
1448:
1444:
1438:
1422:
1416:
1414:
1397:
1393:
1390:Paul Tarjan.
1386:
1378:
1372:
1363:
1358:
1355:(3): 93–110.
1354:
1350:
1346:
1339:
1323:
1317:
1301:
1297:
1290:
1275:
1269:
1253:
1247:
1239:
1235:
1229:
1221:
1214:
1206:
1200:
1184:
1178:
1163:
1157:
1142:
1136:
1120:
1114:
1098:
1091:
1089:
1087:
1085:
1080:
1070:
1069:WS-Federation
1067:
1065:
1062:
1060:
1057:
1055:
1052:
1050:
1047:
1045:
1042:
1039:
1036:
1034:
1031:
1029:
1026:
1024:
1021:
1019:
1016:
1014:
1011:
1009:
1006:
1004:
1001:
999:
998:Authorization
996:
995:
988:
984:
982:
977:
964:
961:
958:
954:
951:
950:
949:
947:
937:
933:
925:
923:
918:
915:
909:
905:
900:
898:
894:
884:
880:
877:
874:
869:
865:
862:
858:
855:
851:
847:
842:
837:
834:
829:
824:
822:
818:
814:
809:
805:
801:
796:
794:
789:
785:
779:
777:
773:
769:
765:
761:
757:
753:
748:
746:
742:
739:
738:Web developer
735:
731:
727:
723:
719:
715:
711:
701:
697:
694:
690:
689:, Singapore.
688:
684:
680:
666:
663:
661:
650:
648:
643:
641:
640:trust problem
631:
627:
624:
614:
611:
607:
602:
600:
596:
592:
588:
584:
568:
565:
561:
557:
552:
547:
544:
541:
532:
523:
509:
503:
500:
497:
494:
491:
488:
485:
482:
481:
480:
479:
475:
470:
467:
464:
461:
458:
455:
454:
453:
452:
448:
447:
443:
435:
426:
424:
420:
416:
412:
409:
405:
401:
398:
396:
392:
386:
383:
373:
366:
360:
356:
352:
346:
342:
338:
335:checkid_setup
332:
328:
327:shared secret
323:
320:checkid_setup
308:checkid_setup
306:
300:
299:
298:
292:
284:
282:
277:
275:
270:
267:
259:
258:
257:
250:
233:
229:
225:
221:
217:
208:
206:
201:
197:
195:
191:
187:
183:
179:
175:
171:
167:
163:
159:
155:
151:
147:
146:OpenStreetMap
143:
139:
135:
131:
127:
123:
119:
115:
111:
107:
103:
99:
89:
87:
83:
78:
76:
72:
71:relying party
67:
65:
61:
57:
53:
49:
45:
42:
39:
38:decentralized
35:
34:open standard
31:
23:
19:
3347:
3112:. Retrieved
3102:
3090:. Retrieved
3080:
3068:. Retrieved
3064:
3055:
3043:. Retrieved
3039:
3030:
3016:
3004:. Retrieved
3002:. 7 May 2016
2994:
2982:. Retrieved
2978:the original
2968:
2956:. Retrieved
2946:
2934:. Retrieved
2931:The Next Web
2930:
2920:
2908:. Retrieved
2904:the original
2894:
2882:. Retrieved
2872:
2860:. Retrieved
2856:the original
2846:
2834:. Retrieved
2830:the original
2820:
2806:
2794:. Retrieved
2789:
2780:
2768:. Retrieved
2764:the original
2754:
2742:. Retrieved
2733:
2724:
2712:. Retrieved
2708:the original
2701:
2692:
2680:. Retrieved
2675:
2666:
2655:
2643:. Retrieved
2633:
2621:. Retrieved
2619:. 7 May 2007
2614:
2605:
2593:. Retrieved
2589:the original
2581:
2571:
2559:. Retrieved
2555:the original
2548:
2538:
2526:. Retrieved
2522:the original
2515:
2506:
2494:. Retrieved
2490:
2480:
2468:. Retrieved
2464:
2454:
2442:. Retrieved
2438:the original
2431:
2422:
2410:. Retrieved
2406:
2396:
2384:. Retrieved
2380:
2370:
2358:. Retrieved
2354:the original
2350:Identity 2.0
2349:
2339:
2327:. Retrieved
2323:
2313:
2301:. Retrieved
2297:
2294:"XRD Begins"
2287:
2275:. Retrieved
2271:
2261:
2249:. Retrieved
2245:
2235:
2223:. Retrieved
2219:the original
2212:
2187:. Retrieved
2183:the original
2173:
2165:
2158:. Retrieved
2154:the original
2149:
2139:
2127:. Retrieved
2117:
2105:. Retrieved
2101:the original
2096:
2086:
2074:. Retrieved
2070:the original
2063:
2053:
2041:. Retrieved
2031:
2019:. Retrieved
2009:
1997:. Retrieved
1987:
1975:. Retrieved
1965:
1953:. Retrieved
1943:
1931:. Retrieved
1921:
1909:. Retrieved
1899:
1887:. Retrieved
1877:
1865:. Retrieved
1851:
1838:. Retrieved
1834:the original
1823:
1808:
1796:. Retrieved
1792:the original
1782:
1770:. Retrieved
1760:
1748:. Retrieved
1737:
1725:. Retrieved
1721:
1711:
1697:
1683:
1669:
1654:
1642:. Retrieved
1638:the original
1631:
1622:
1610:. Retrieved
1604:
1574:
1562:. Retrieved
1558:
1548:
1536:. Retrieved
1532:the original
1527:
1518:
1506:. Retrieved
1502:the original
1497:
1488:
1476:. Retrieved
1466:
1458:
1451:. Retrieved
1449:. 6 May 2008
1437:
1425:. Retrieved
1421:"Leadership"
1400:. Retrieved
1396:the original
1385:
1371:
1352:
1348:
1338:
1328:10 September
1326:. Retrieved
1316:
1304:. Retrieved
1300:the original
1289:
1277:. Retrieved
1268:
1256:. Retrieved
1246:
1238:the original
1228:
1213:
1199:
1187:. Retrieved
1177:
1165:. Retrieved
1156:
1144:. Retrieved
1135:
1123:. Retrieved
1113:
1101:. Retrieved
985:
973:
943:
934:
931:
919:
911:
906:
902:
890:
881:
878:
870:
866:
838:
825:
797:
780:
749:
707:
698:
695:
691:
676:
664:
656:
644:
637:
628:
620:
603:
595:manymoon.com
579:
554:
549:
545:
542:
538:
535:Legal issues
529:
520:
507:
477:
476:
450:
449:
441:
432:
402:
399:
387:
379:
367:
358:
354:
350:
347:
343:
339:
330:
324:
313:
296:
279:
272:
268:(see below).
265:
251:
239:
230:
226:
222:
218:
214:
202:
198:
95:
81:
79:
68:
59:
29:
28:
18:
3332:LAN Manager
2936:5 September
2836:14 November
2616:PR Newswire
2496:12 December
2433:LiveJournal
2214:LiveJournal
2065:LiveJournal
2043:10 November
2021:10 November
1999:10 November
1977:10 November
1955:10 November
1933:10 November
1911:10 November
1889:10 November
1840:12 December
1798:13 November
1279:10 February
734:DeadJournal
726:LiveJournal
722:domain name
714:LiveJournal
681:related to
583:Yahoo! Mail
393:or serve a
376:Identifiers
122:LiveJournal
75:smart cards
3443:Categories
3204:(BSD Auth)
2738:Marketwire
2160:13 October
2129:13 October
2123:"Glossary"
1167:24 October
1146:24 October
1076:References
1003:OpenAthens
732:community
411:identifier
397:document.
236:Logging in
118:Ubuntu One
110:Amazon.com
56:webmasters
3361:protocols
3322:IndieAuth
3257:protocols
3114:25 August
3040:OAuth.net
2303:5 January
1746:. IT Week
1059:WebFinger
1018:IndieAuth
976:OAuth 2.0
804:Microsoft
718:Six Apart
599:diigo.com
419:i-numbers
385:service.
355:stateless
174:WordPress
126:Microsoft
114:Canonical
3418:Category
3379:(RADIUS)
3327:Kerberos
3305:Diameter
3300:CRAM-MD5
3216:(GSSAPI)
3092:14 March
3045:19 March
2958:17 April
2744:20 March
2714:20 March
2682:20 March
2645:20 March
2623:20 March
2595:20 March
2561:20 March
2550:VeriSign
2528:20 March
2517:Symantec
2444:20 March
2412:20 March
2386:20 March
2360:20 March
2329:20 March
2277:20 March
2251:20 March
2225:20 March
2189:20 March
2107:20 March
2076:20 March
1867:19 April
1750:13 March
1727:20 March
1644:20 March
1633:VeriSign
1612:20 March
1564:20 March
1538:20 March
1508:20 March
1478:20 March
1103:25 April
991:See also
826:In May,
800:Symantec
623:phishing
617:Phishing
571:Security
560:VeriSign
517:Chapters
423:synonyms
408:Internet
351:stateful
283:document
276:document
170:VeriSign
92:Adoption
44:protocol
3428:Commons
3400:Woo–Lam
3287:MS-CHAP
3283:(CHAP)
3210:(eAuth)
2910:28 July
2884:28 July
2862:28 July
2796:23 July
1772:31 July
1498:NetMesh
1427:19 June
1402:30 June
1306:19 June
1258:19 June
1125:19 June
873:Janrain
857:MySpace
772:i-names
741:JanRain
704:History
415:i-names
138:Myspace
3395:TACACS
3385:(RACF)
3373:(PEAP)
3355:(OIDC)
3348:OpenID
3339:(NTLM)
3246:(XUDA)
3240:(SSPI)
3234:(SASL)
3222:(JAAS)
3150:Curlie
3146:OpenID
3088:. 2014
3070:7 July
3006:17 May
2984:17 May
2770:21 May
2703:Yahoo!
2470:19 May
1453:19 May
1189:18 May
1040:(SAML)
841:Yahoo!
730:engine
660:nonces
610:PayPal
606:Google
508:
438:People
192:, and
190:PayPal
180:, the
178:Yahoo!
150:Orange
142:Novell
106:Google
102:Flickr
82:OpenID
60:ad hoc
32:is an
30:OpenID
3391:(SRP)
3367:(PAP)
3343:OAuth
3318:(HIP)
3312:(EAP)
3296:(CAS)
3272:(AKA)
3228:(PAM)
2491:ZDNet
1861:(PDF)
1064:WebID
914:OAuth
893:OAuth
793:ZDNet
760:Yadis
683:OAuth
395:Yadis
281:Yadis
194:Steam
154:Sears
3265:ACF2
3195:APIs
3116:2014
3094:2024
3072:2018
3047:2015
3008:2016
2986:2016
2960:2014
2938:2013
2912:2009
2886:2009
2864:2009
2838:2008
2798:2008
2772:2008
2746:2008
2716:2008
2684:2008
2647:2008
2625:2008
2597:2008
2563:2008
2530:2008
2498:2010
2472:2008
2446:2008
2414:2008
2388:2008
2362:2008
2331:2008
2305:2009
2279:2008
2253:2008
2227:2008
2191:2008
2162:2009
2131:2009
2109:2008
2078:2008
2045:2014
2023:2014
2001:2014
1979:2014
1957:2014
1935:2014
1913:2014
1891:2014
1869:2012
1842:2010
1800:2008
1774:2007
1752:2007
1729:2008
1646:2008
1614:2008
1566:2008
1540:2008
1510:2008
1480:2008
1455:2008
1429:2014
1404:2009
1330:2019
1308:2014
1281:2012
1260:2014
1191:2014
1169:2011
1148:2011
1127:2014
1105:2009
1054:SQRL
981:JSON
776:XRDS
608:and
591:Zoho
417:and
404:XRIs
391:HTML
359:dumb
314:The
274:XRDS
134:Mixi
36:and
3148:at
2583:AOL
1357:doi
817:AOL
784:XRI
768:XRI
382:URL
357:or
291:XRI
256:).
249:).
186:IBM
182:BBC
158:Sun
132:),
120:),
98:AOL
3445::
3063:.
3038:.
2929:.
2788:.
2736:.
2732:.
2700:.
2674:.
2613:.
2580:.
2547:.
2514:.
2489:.
2463:.
2405:.
2379:.
2348:.
2322:.
2296:.
2270:.
2244:.
2211:.
2199:^
2164:.
2148:.
2095:.
2062:.
1720:.
1630:.
1603:.
1592:^
1557:.
1526:.
1496:.
1457:.
1445:.
1412:^
1353:18
1351:.
1347:.
1083:^
597:,
593:,
589:,
585:,
558:,
188:,
184:,
176:,
172:,
168:,
164:,
160:,
156:,
152:,
148:,
144:,
140:,
136:,
124:,
112:,
108:,
104:,
100:,
3178:e
3171:t
3164:v
3118:.
3096:.
3074:.
3049:.
3024:.
3010:.
2988:.
2962:.
2940:.
2914:.
2888:.
2866:.
2840:.
2800:.
2774:.
2748:.
2718:.
2686:.
2649:.
2627:.
2599:.
2565:.
2532:.
2500:.
2474:.
2448:.
2416:.
2390:.
2364:.
2333:.
2307:.
2281:.
2255:.
2229:.
2193:.
2133:.
2111:.
2080:.
2047:.
2025:.
2003:.
1981:.
1959:.
1937:.
1915:.
1893:.
1871:.
1844:.
1802:.
1776:.
1754:.
1731:.
1663:.
1648:.
1616:.
1586:.
1568:.
1542:.
1512:.
1482:.
1431:.
1406:.
1379:.
1365:.
1359::
1332:.
1310:.
1283:.
1262:.
1222:.
1207:.
1193:.
1171:.
1150:.
1129:.
1107:.
770:/
293:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.