boarspring
/
repo_zf1
Mirror von https://github.com/bluescreen/zf1-php7.2.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190
							<?xml version="1.0" encoding="UTF-8"?>
<!-- Reviewed: no -->
<sect1 id="zend.openid.introduction">
    <title>Introduction</title>

    <para>
        <classname>Zend_OpenId</classname> is a Zend Framework component that provides a
        simple <acronym>API</acronym> for building OpenID-enabled sites and identity providers.
    </para>

    <sect2 id="zend.openid.introduction.what">
        <title>What is OpenID?</title>

        <para>
            OpenID is a set of protocols for user-centric digital identities.
            These protocols allows users to create an identity online, using an identity
            provider. This identity can be used on any site that supports OpenID.
            Using OpenID-enabled sites, users do not need to remember traditional
            authentication tokens such as usernames and passwords for each site. All OpenID-enabled
            sites accept a single OpenID identity. This identity is typically a
            <acronym>URL</acronym>. It may be the <acronym>URL</acronym> of the user's personal
            page, blog or other resource that may provide additional information about them. That
            mean a user needs just one identifier for all sites he or she uses. services. OpenID is
            an open, decentralized, and free user-centric solution. Users may choose which OpenID
            provider to use, or even create their own personal identity server. No central authority
            is required to approve or register OpenID-enabled sites or identity providers.
        </para>

        <para>
            For more information about OpenID visit the <ulink url="http://www.openid.net/">OpenID
                official site</ulink>.
        </para>
    </sect2>

    <sect2 id="zend.openid.introduction.how">
        <title>How Does it Work?</title>

        <para>
            The purpose of the <classname>Zend_OpenId</classname> component is to
            implement the OpenID authentication protocol as described in the following
            sequence diagram:
        </para>

        <para>
            <inlinegraphic align="center" fileref="figures/zend.openid.protocol.jpg" format="JPEG"
                scale="100" valign="middle" width="559" />
        </para>

        <orderedlist>
            <listitem>
                <para>
                    Authentication is initiated by the end user, who passes their
                    OpenID identifier to the OpenID consumer through a User-Agent.
                </para>
            </listitem>

            <listitem>
                <para>
                    The OpenID consumer performs normalization and discovery on the user-supplied
                    identifier. Through this process, the consumer obtains the claimed identifier,
                    the <acronym>URL</acronym> of the OpenID provider and an OpenID protocol
                    version.
                </para>
            </listitem>

            <listitem>
                <para>
                    The OpenID consumer establishes an optional association with the
                    provider using Diffie-Hellman keys. As a result, both parties have
                    a common "shared secret" that is used for signing and verification
                    of the subsequent messages.
                </para>
            </listitem>

            <listitem>
                <para>
                    The OpenID consumer redirects the User-Agent to the <acronym>URL</acronym> of
                    the OpenID provider with an OpenID authentication request.
                </para>
            </listitem>

            <listitem>
                <para>
                    The OpenID provider checks if the User-Agent is already
                    authenticated and, if not, offers to do so.
                </para>
            </listitem>

            <listitem>
                <para>
                    The end user enters the required password.
                </para>
            </listitem>

            <listitem>
                <para>
                    The OpenID provider checks if it is allowed to pass the user
                    identity to the given consumer, and asks the user if necessary.
                </para>
            </listitem>

            <listitem>
                <para>
                    The user allows or disallows passing his identity.
                </para>
            </listitem>

            <listitem>
                <para>
                    The OpenID Provider redirects the User-Agent back to the OpenID
                    consumer with an "authentication approved" or "failed" request.
                </para>
            </listitem>

            <listitem>
                <para>
                    The OpenID consumer verifies the information received from the
                    provider by using the shared secret it got in step 3 or by
                    sending an additional direct request to the OpenID provider.
                </para>
            </listitem>
        </orderedlist>
    </sect2>

    <sect2 id="zend.openid.introduction.structure">
        <title>Zend_OpenId Structure</title>

        <para>
            <classname>Zend_OpenId</classname> consists of two sub-packages. The first one
            is <classname>Zend_OpenId_Consumer</classname> for developing OpenID-enabled sites,
            and the second is <classname>Zend_OpenId_Provider</classname> for developing OpenID
            servers. They are completely independent of each other and may be used
            separately.
        </para>

        <para>
            The only common code used by these sub-packages are the OpenID Simple
            Registration Extension implemented by
            <classname>Zend_OpenId_Extension_Sreg</classname> class and a set of utility
            functions implemented by the <classname>Zend_OpenId</classname> class.
        </para>

        <note>
            <para>
                <classname>Zend_OpenId</classname> takes advantage of the <ulink
                    url="http://php.net/gmp">GMP extension</ulink>, where available. Consider
                enabling the GMP extension for enhanced performance when using
                <classname>Zend_OpenId</classname>.
            </para>
        </note>
    </sect2>

    <sect2 id="zend.openid.introduction.standards">
        <title>Supported OpenID Standards</title>

        <para>
            The <classname>Zend_OpenId</classname> component supports the following
            standards:
        </para>

        <itemizedlist>
            <listitem>
                <para>
                    OpenID Authentication protocol version 1.1
                </para>
            </listitem>

            <listitem>
                <para>
                    OpenID Authentication protocol version 2.0 draft 11
                </para>
            </listitem>

            <listitem>
                <para>
                    OpenID Simple Registration Extension version 1.0
                </para>
            </listitem>

            <listitem>
                <para>
                    OpenID Simple Registration Extension version 1.1 draft 1
                </para>
            </listitem>
        </itemizedlist>
    </sect2>
</sect1>
<!--
vim:se ts=4 sw=4 et:
-->