Search This Blog

Wednesday, February 20, 2008

Protect Your Project Zero Applications with OpenID

Access control-based security of application resources is one of the
core features of Project Zero. The OpenID Foundation describes OpenID
as an open, decentralized, free framework for user-centric digital
identity. OpenID takes advantage of already existing Internet technology
(URI, HTTP, SSL, Diffie-Hellman) and realizes that people are already
creating identities for themselves whether it be at their blog,
photostream, profile page, and so on. With OpenID you can easily
transform one of these existing URIs into an account you can use at
sites which support OpenID logins. Project Zero adopted the OpenID
technology as part of its security offering. In this article, the third
and final part of the series, you learn about Project Zero Security and
how to leverage OpenID authentication, define security rules for the
application, and extend a user registry... OpenID provides increased
flexibility for application deployment by enabling applications to
leverage third-party authentication providers for handling authentication.
Providers such as OpenID have become very common as more users want
a single user profile across multiple sites for blogs, wikis, and other
social networking activities. Additionally, many Web sites do not want
to maintain, or require users to continually provide, the same
profile-related information just to ensure that the user credentials
are valid. We hope this final article in the series has helped you learn
how to use the OpenID technology in the Project Zero platform to achieve
this decentralized authentication, and that the entire series has helped
you understand best practices for building the all-important security
features into your Zero applications. As a developer of fast-paced,
user-driven Web 2.0 applications, you know how vital security is to
both your customers and your business.

No comments: