There are a number of pieces -- moving parts. Some are core. Some are not depending on what we might want OpenID to do.
Let's say there are three scenarios:
- We want to build a .NET 2 application that authenticates with OpenID.
- In this application we want to control which OpenIDs will be accepted. We might only want to accept OpenIDs from a subset of our employees or from this subset and a subset of employees at another organization, etc.
- In our application we will want to retrieve attributes of the user's profile to guide .NET 2 authorization.
The first scenario requires that:
In fact, I just set up an OpenID account with Verisign's Personal Identity Provider. As far as a library goes to enable interaction between a .NET 2 app and an OpenID Server goes, see the C# library at OpenID Enabled.
The second scenario can be implemented in a couple of ways. One approach is to use a dedicated OpenID Server. We could host it or have someone else host it. See Host your own OpenID server.
The second way to implement the second scenario uses attribute exchange. Attribute exchange is part of the OpenID 1.0 Simple Registration Extension. It enables an application with the permission of the user to access user attributes that are part of the user's profile stored at the OpenID Server. Currently, some OpenID servers support attribute exchange. Others do not. As an aside, attribute exchange is the path OpenID will grow if it is to compare favorably with CardSpace (Microsoft).
Finally, with regard to our last scenario, OpenID support for .NET 2 authorization and role-based access to pages also depends on attribute exchange.
If you want the skinny on OpenID, CardSpace and attribute exchange see a recent post at Kim Cameron's Weblog.
Technorati Tags: CardSpace, OpenID
No comments:
Post a Comment