Website/OpenID

This page concerns OpenID, a series of authentication protocols.

Need an OpenID for one of our services?
A few examples:


 * Launchpad (recently rebranded as 'Ubuntu One'), a system set up by Canonical, new account
 * Fedora

There are many other OpenID providers, too!

Logging-in
To log-in using OpenID, simply provide your OpenID url.

Example:
 * 1) Go to the Ask LibreOffice site
 * 2) Click on the Hi there! Please sign in! link
 * 3) Click on the OpenID icon
 * 4) Enter your OpenID url in the provided text-entry box
 * 5) * Your url might look something like https://launchpad.net/~your-nickname
 * 6) Click the Sign in button

What is OpenID?

 * OpenID is an open standard that allows users to be
 * authenticated by certain co-operating sites (known as Relying
 * Parties or RP) using a third party service, eliminating the need
 * for webmasters to provide their own ad hoc systems and allowing
 * users to consolidate their digital identities.


 * Users may create accounts with their preferred OpenID identity
 * providers, and then use those accounts as the basis for signing
 * on to any website which accepts OpenID authentication. The OpenID
 * standard provides a framework for the communication that must
 * take place between the identity provider and the OpenID
 * acceptor (the "relying party")

Like technical details?

If you're a self-identified tech whiz, keep on reading for more nitty-gritty details about OpenID at TDF/LibreOffice. For a more basic introduction to the technology, we suggest you.

Glossary :

 * End User : The entity which want to use an identity
 * Identifier : The URL or XRI (Extensible Resource Identifier) corresponding to the End User.
 * OpenID Provider : The third party which provides the OpenID URL/XRI. It's named OP. It will be requested by the Relying Party to provide a proof of the End User identity.
 * Relying party : The site which needs the End User to be authenticaded by the OpenID Provider.
 * User Agent : The program used by the End User, typically the Browser.

The OpenID mechanism
The OpenID should be used to get the same account for severals websites. The user need to get an ID from the OpenID Provider. This can be done the first time when logging on the Relying Party.


 * Beginning : The Relying party and the OpenID Provider creates a shared secrets stored by the relying party.


 * Logging : The End User wants to authenticate on the Relying Party (eg. a website) which provides the mechanism to the User Agent to be authenticated via the OpenID Provider.
 * The OpenID Provider will in this case ask the End User for it's password, and then if the End User wants to share it's ID détails with the Relying Party.
 * If the End User accept to share it's details with the Relying Party, the OpenID Provider will redirect the User Angent to the Relying Party with the user's credentials. The shared secret will in this case authenticate the OP to the Relying Party, as it's a part of the user's credentials.
 * If the End User reject to share it's details, then the User Agent will be redirected to the Relying Party with a message that the autentication was rejected.

Some OpenID Providers

 * PIP by VeriSign Labs
 * OpenID France
 * Identity.net

Using OpenID on a Website
There is severals extension for websites to use the OpenID authetication. (see below)
 * Java : NetMeshInfoGrid LID
 * PHP: openid, NetMeshInfoGrid LID, phpMyID, Clamshell
 * Python: DjangoID, PyBlosxom
 * Ruby: HeraldryPIP

Using OpenID on TDF/LO Sites
For MediaWiki : MediaWiki Extension For Silverstripe: Silverstripe Module For PHPBB Forums phpBB Forums

Note on OpenID Provider
There is some possibilities to have our own OpenID provider. Check it here : OpenID Server on Openid.net

Links

 * https://openid.net/ - Official Site