| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169 |
- <?xml version="1.0" encoding="UTF-8"?>
- <!-- Reviewed: no -->
- <sect1 id="zend.openid.introduction">
- <title>Introduction</title>
- <para>
- <classname>Zend_OpenId</classname> is a Zend Framework component that provides a
- simple API for building OpenID-enabled sites and identity providers.
- </para>
- <sect2 id="zend.openid.introduction.what">
- <title>What is OpenID?</title>
- <para>
- OpenID is a set of protocols for user-centric digital identities.
- These protocols allows users to create an identity online, using an identity
- provider. This identity can be used on any site that supports OpenID.
- Using OpenID-enabled sites, users do not need to remember traditional
- authentication tokens such as usernames and passwords for each site. All OpenID-enabled
- sites accept a single OpenID identity. This identity is typically a URL.
- It may be the URL of the user's personal page, blog or other resource that
- may provide additional information about them. That mean a user needs just one identifier for all sites he or she uses.
- services. OpenID is an open, decentralized, and free user-centric
- solution. Users may choose which OpenID provider to use, or even create
- their own personal identity server. No central authority is required to
- approve or register OpenID-enabled sites or identity providers.
- </para>
- <para>
- For more information about OpenID visit the <ulink url="http://www.openid.net/">OpenID official site</ulink>.
- </para>
- </sect2>
- <sect2 id="zend.openid.introduction.how">
- <title>How Does it Work?</title>
- <para>
- The purpose of the <classname>Zend_OpenId</classname> component is to
- implement the OpenID authentication protocol as described in the following
- sequence diagram:
- </para>
- <para>
- <inlinegraphic align="center" fileref="figures/zend.openid.protocol.jpg" format="JPEG" scale="100" valign="middle" width="559" />
- </para>
- <orderedlist>
- <listitem>
- <para>
- Authentication is initiated by the end user, who passes their
- OpenID identifier to the OpenID consumer through a User-Agent.
- </para>
- </listitem>
- <listitem>
- <para>
- The OpenID consumer performs normalization and discovery on the user-supplied
- identifier. Through this process, the consumer obtains the claimed identifier, the URL of the OpenID provider and an OpenID protocol
- version.
- </para>
- </listitem>
- <listitem>
- <para>
- The OpenID consumer establishes an optional association with the
- provider using Diffie-Hellman keys. As a result, both parties have
- a common "shared secret" that is used for signing and verification
- of the subsequent messages.
- </para>
- </listitem>
- <listitem>
- <para>
- The OpenID consumer redirects the User-Agent to the URL of the OpenID
- provider with an OpenID authentication request.
- </para>
- </listitem>
- <listitem>
- <para>
- The OpenID provider checks if the User-Agent is already
- authenticated and, if not, offers to do so.
- </para>
- </listitem>
- <listitem>
- <para>
- The end user enters the required password.
- </para>
- </listitem>
- <listitem>
- <para>
- The OpenID provider checks if it is allowed to pass the user
- identity to the given consumer, and asks the user if necessary.
- </para>
- </listitem>
- <listitem>
- <para>
- The user allows or disallows passing his identity.
- </para>
- </listitem>
- <listitem>
- <para>
- The OpenID Provider redirects the User-Agent back to the OpenID
- consumer with an "authentication approved" or "failed" request.
- </para>
- </listitem>
- <listitem>
- <para>
- The OpenID consumer verifies the information received from the
- provider by using the shared secret it got in step 3 or by
- sending an additional direct request to the OpenID provider.
- </para>
- </listitem>
- </orderedlist>
- </sect2>
- <sect2 id="zend.openid.introduction.structure">
- <title>Zend_OpenId Structure</title>
- <para>
- <classname>Zend_OpenId</classname> consists of two sub-packages. The first one
- is <classname>Zend_OpenId_Consumer</classname> for developing OpenID-enabled sites,
- and the second is <classname>Zend_OpenId_Provider</classname> for developing OpenID
- servers. They are completely independent of each other and may be used
- separately.
- </para>
- <para>
- The only common code used by these sub-packages are the OpenID Simple
- Registration Extension implemented by
- <classname>Zend_OpenId_Extension_Sreg</classname> class and a set of utility
- functions implemented by the <classname>Zend_OpenId</classname> class.
- </para>
- <note>
- <para>
- <classname>Zend_OpenId</classname> takes advantage of the <ulink url="http://php.net/gmp">GMP extension</ulink>,
- where available. Consider enabling the GMP extension for enhanced performance when using
- <classname>Zend_OpenId</classname>.
- </para>
- </note>
- </sect2>
- <sect2 id="zend.openid.introduction.standards">
- <title>Supported OpenID Standards</title>
- <para>
- The <classname>Zend_OpenId</classname> component supports the following
- standards:
- </para>
- <itemizedlist>
- <listitem>
- <para>
- OpenID Authentication protocol version 1.1
- </para>
- </listitem>
- <listitem>
- <para>
- OpenID Authentication protocol version 2.0 draft 11
- </para>
- </listitem>
- <listitem>
- <para>
- OpenID Simple Registration Extension version 1.0
- </para>
- </listitem>
- <listitem>
- <para>
- OpenID Simple Registration Extension version 1.1 draft 1
- </para>
- </listitem>
- </itemizedlist>
- </sect2>
- </sect1>
- <!--
- vim:se ts=4 sw=4 et:
- -->
|
