| blob | 725102e3cf26ceb80b910775ec3fbc5e6b60ce4f |
1 <?xml version="1.0" encoding="UTF-8"?>
2 <!-- Reviewed: no -->
3 <sect1 id="zend.openid.introduction">
4 <title>Introduction</title>
6 <para>
7 <classname>Zend_OpenId</classname> is a Zend Framework component that provides a
8 simple <acronym>API</acronym> for building OpenID-enabled sites and identity providers.
9 </para>
11 <sect2 id="zend.openid.introduction.what">
12 <title>What is OpenID?</title>
14 <para>
15 OpenID is a set of protocols for user-centric digital identities.
16 These protocols allows users to create an identity online, using an identity
17 provider. This identity can be used on any site that supports OpenID.
18 Using OpenID-enabled sites, users do not need to remember traditional
19 authentication tokens such as usernames and passwords for each site. All OpenID-enabled
20 sites accept a single OpenID identity. This identity is typically a
21 <acronym>URL</acronym>. It may be the <acronym>URL</acronym> of the user's personal
22 page, blog or other resource that may provide additional information about them. That
23 mean a user needs just one identifier for all sites he or she uses. services. OpenID is
24 an open, decentralized, and free user-centric solution. Users may choose which OpenID
25 provider to use, or even create their own personal identity server. No central authority
26 is required to approve or register OpenID-enabled sites or identity providers.
27 </para>
29 <para>
30 For more information about OpenID visit the <ulink url="http://www.openid.net/">OpenID
31 official site</ulink>.
32 </para>
33 </sect2>
35 <sect2 id="zend.openid.introduction.how">
36 <title>How Does it Work?</title>
38 <para>
39 The purpose of the <classname>Zend_OpenId</classname> component is to
40 implement the OpenID authentication protocol as described in the following
41 sequence diagram:
42 </para>
44 <para>
45 <inlinegraphic align="center" fileref="figures/zend.openid.protocol.jpg" format="JPEG"
46 scale="100" valign="middle" width="559" />
47 </para>
49 <orderedlist>
50 <listitem>
51 <para>
52 Authentication is initiated by the end user, who passes their
53 OpenID identifier to the OpenID consumer through a User-Agent.
54 </para>
55 </listitem>
57 <listitem>
58 <para>
59 The OpenID consumer performs normalization and discovery on the user-supplied
60 identifier. Through this process, the consumer obtains the claimed identifier,
61 the <acronym>URL</acronym> of the OpenID provider and an OpenID protocol
62 version.
63 </para>
64 </listitem>
66 <listitem>
67 <para>
68 The OpenID consumer establishes an optional association with the
69 provider using Diffie-Hellman keys. As a result, both parties have
70 a common "shared secret" that is used for signing and verification
71 of the subsequent messages.
72 </para>
73 </listitem>
75 <listitem>
76 <para>
77 The OpenID consumer redirects the User-Agent to the <acronym>URL</acronym> of
78 the OpenID provider with an OpenID authentication request.
79 </para>
80 </listitem>
82 <listitem>
83 <para>
84 The OpenID provider checks if the User-Agent is already
85 authenticated and, if not, offers to do so.
86 </para>
87 </listitem>
89 <listitem>
90 <para>
91 The end user enters the required password.
92 </para>
93 </listitem>
95 <listitem>
96 <para>
97 The OpenID provider checks if it is allowed to pass the user
98 identity to the given consumer, and asks the user if necessary.
99 </para>
100 </listitem>
102 <listitem>
103 <para>
104 The user allows or disallows passing his identity.
105 </para>
106 </listitem>
108 <listitem>
109 <para>
110 The OpenID Provider redirects the User-Agent back to the OpenID
111 consumer with an "authentication approved" or "failed" request.
112 </para>
113 </listitem>
115 <listitem>
116 <para>
117 The OpenID consumer verifies the information received from the
118 provider by using the shared secret it got in step 3 or by
119 sending an additional direct request to the OpenID provider.
120 </para>
121 </listitem>
122 </orderedlist>
123 </sect2>
125 <sect2 id="zend.openid.introduction.structure">
126 <title>Zend_OpenId Structure</title>
128 <para>
129 <classname>Zend_OpenId</classname> consists of two sub-packages. The first one
130 is <classname>Zend_OpenId_Consumer</classname> for developing OpenID-enabled sites,
131 and the second is <classname>Zend_OpenId_Provider</classname> for developing OpenID
132 servers. They are completely independent of each other and may be used
133 separately.
134 </para>
136 <para>
137 The only common code used by these sub-packages are the OpenID Simple
138 Registration Extension implemented by
139 <classname>Zend_OpenId_Extension_Sreg</classname> class and a set of utility
140 functions implemented by the <classname>Zend_OpenId</classname> class.
141 </para>
143 <note>
144 <para>
145 <classname>Zend_OpenId</classname> takes advantage of the <ulink
146 url="http://php.net/gmp">GMP extension</ulink>, where available. Consider
147 enabling the GMP extension for enhanced performance when using
148 <classname>Zend_OpenId</classname>.
149 </para>
150 </note>
151 </sect2>
153 <sect2 id="zend.openid.introduction.standards">
154 <title>Supported OpenID Standards</title>
156 <para>
157 The <classname>Zend_OpenId</classname> component supports the following
158 standards:
159 </para>
161 <itemizedlist>
162 <listitem>
163 <para>
164 OpenID Authentication protocol version 1.1
165 </para>
166 </listitem>
168 <listitem>
169 <para>
170 OpenID Authentication protocol version 2.0 draft 11
171 </para>
172 </listitem>
174 <listitem>
175 <para>
176 OpenID Simple Registration Extension version 1.0
177 </para>
178 </listitem>
180 <listitem>
181 <para>
182 OpenID Simple Registration Extension version 1.1 draft 1
183 </para>
184 </listitem>
185 </itemizedlist>
186 </sect2>
187 </sect1>
188 <!--
189 vim:se ts=4 sw=4 et:
190 -->