성현스토리

오픈아이디(OpenID)는 웹에서 자신의 계정을 통합적으로 관리하는 방식

http://ko.wikipedia.org/wiki/OpenID

http://en.wikipedia.org/wiki/Openid

오픈아이디(OpenID)는 웹에서 자신의 계정을 통합적으로 관리하는 방식으로, 흔히 쓰이는 중앙집중식 로그인에 비해 비교적 느슨한 방식으로 사용자를 인증한다.

즉 각각의 사이트에서 아이디와 비밀번호를 관리하는 대신, 오픈아이디를 지원하는 사이트에서는 사용자 인증을 독립된 각 서비스 제공자에게 맡기고, 그러면 개별 오픈아이디 제공자가 사용자를 인증해 준다.

2007년 현재, 많은 사이트에서 채택하고 있으며, 위키백과테크노라티 같은 곳도 지원을 발표하였으며 모질라 파이어폭스[1]마이크로소프트윈도 비스타[2]에서도 오픈아이디를 지원하기로 했다.

목차

[숨기기]

[편집] 개요

오픈아이디는 분산형 디지털 정체성 시스템으로 모든 사용자들의 온라인 정체성URL로 주어지거나(블로그나 홈페이지처럼) 최근의 버전에서는 XRI로 주어지며 이 프로토콜을 지원하는 어떤 서버를 통해서나 인증될 수 있다. 버전 1.1 부터 OpenID 는 Yadis 서비스 발견 프로토콜을 사용한다. OpenID 가 인증 이외의 다른 정체성 서비스들도 지원하는 좀 더 완결된 프레임워크로 개발되고 있지만 현재 OpenID Authentication 2.0 개발 작업이 진행 중이다.

OpenID 지원 사이트에서 인터넷 사용자들은 모든 사이트에 방문할 때마다 새로운 계정을 만들고 관리할 필요가 없게 된다. 대신, 그들은 identity 제공자 (또는 줄여서 idP, 간혹 i-broker)라고 하는 OpenID 제공하며 그들이 신뢰하는 하나의 사이트에서만 인증하면 된다. 그 identity 제공자는 그 사용자의 해당 ID 에 대한 소유권을 OpenID 지원사이트 (relying parties 또는 RPs) 에 입증해 줄 수 있다. 대부분의 다른 single sign-on 구조와 달리, OpenID 는 특정 인증 메커니즘을 명시하지 않는다. 따라서 OpenID 인증의 강도는 전적으로 OpenID 지원사이트가 OpenID 제공자의 인증 정책에 대해 얼마나 많이 알고 있는가에 달려있다. 만약 그러한 정보가 없다면 OpenID 는 매우 민감한 정보(금융 은행업, 전자상거래 같은 ) 를 다루는 데 쓰이지는 못할 것이다. 그러나 만약 정체성 제공자가 강력한 인증을 사용한다면, OpenID 는 모든 종류의 거래에 사용될 수 있다.

[편집] 개발

OpenID 시스템은 원래 LiveJournalBrad Fitzpatrick가 개발하였지만 VeriSignDavid Recordon, JanRainJosh Hoyt, 그리고 SxipDick Hardt도 현재 공동 개발자이다. 향후의 OpenID 규격은 specs@openid.net 을 통해 능력 위주 방식(meritocratic)으로 개발되고 있다. 더 추가적인 개발을 낳기 위해서 몇몇 업체들이 미화 $50,000 개발자 장려금 프로그램을 2006년 8월에 발표했으며, OpenID 지원을 구현하는 대규모 오픈 소스 프로젝트 처음 10 개에 각각 $5,000 씩을 제안하고 있다. [3]

[편집] 용어

OpenID 에 사용되는 기본 용어들:

  • 최종 사용자 (end user) — 자신의 identity 를 어떤 사이트에 밝히고자 하는 사람.
  • ID (identifier) — 최종 사용자가 그들의 OpenID 아이디로 선택한 URL 이나 XRI.
  • ID 제공자 (identity provider) — OpenID URL 또는 XRI 등록을 제공하고 OpenID 인증 (추가적으로 다른 identity 서비스도) 을 제공하는 서비스 제공자.
  • relying party — 최종 사용자의 ID를 검증하고자 하는 사이트.
  • server 또는 server-agent — 최종 사용자의 ID를 검증해주는 서버로, 최종 사용자의 자체 서버 (블로그 등) 또는 ID 제공자에 의해 운영되는 서버가 될 수 있다.
  • user-agent — 최종 사용자가 ID 제공자나 relying party 에 접속할 때 사용하는 (브라우저 등) 프로그램.

[편집] 오픈아이디 작동 방식

사용자가 오픈아이디 로그인을 제공하는 웹 사이트에 로그인을 하려면, 일반적인 사이트에서는 아이디와 비밀번호를 입력해야 하는 것과 달리, 오픈아이디를 이용한 로그인에서는 자신의 오픈아이디만 입력하면 된다. 예를 들어, 만약 Alice라는 사용자가 example.com라는 사이트에 alice.openid-provider.org라는 오픈아이디로 로그인한다고 하면, Alice는 그 사이트의 오픈아이디 로그인 폼에 alice.openid-provider.org를 입력하면 된다.


만약 ID 가 URL 이라면, relying party (example.com) 는 먼저 URL 을 대표형태(canonical form), 예를 들면 http://alice.openid-provider.org/, 로 변형한다. 그러면 OpenID 1.0 에서 relying party 는 그 URL 이 가리키는 웹페이지를 요청하고 HTML link 태그를 통해서 ID 제공 서버가 http://openid-provider.org/openid-auth.php 임을 알아낸다. 또한 위임된 식별자(delegated identity) (아래를 보시오) 를 사용하는 지도 알아낸다. OpenID 1.1 부터 클라이언트는 콘텐츠 유형이 application/xrds+xmlXRDS 문서 (Yadis 문서라고도 함)를 요청해서 알아낼 수도 있으며, 이때 그 문서는 그 URL 로 접근하거나 XRI 로 항상 접근할 수 있다.

relying party 가 ID 제공자와 통신하는 두 가지 모드가 있다:

  • checkid_immediate, 이것은 컴퓨터 중심의 방식으로 두 서버 간의 모든 통신이 사용자 간섭 없이 이루어진다.
  • checkid_setup, 여기선 사용자가 직접 웹브라우저를 통해서 ID 제공자 서버와 통신을 하여 relying party 사이트에 접속한다.

두 번째 방식이 웹에서는 좀더 많이 사용된다; 또한 자동 처리가 불가능할 경우 checkid_immediate 대신 checkid_setup 방식이 사용된다.

첫 번째 단계는 (선택적이지만) relying party 와 제공자간에 공유되는 보안정보(associate handle)를 만들고, relying party 가 그 보안정보를 저장해 두는 것이다. checkid_setup 를 사용하는 경우 relying party 는 사용자의 웹브라우저를 제공자에게 보낸다. 이 경우 Alice 의 브라우저는 openid-provider.org 로 보내지고 Alice 는 제공자와 직접 인증을 할 수 있게 된다.

인증 방식은 달라질 수 있지만, 전형적으로는, OpenID 제공자가 비밀번호 입력을 요청한다 (그러면, 비밀번호 기반 인증을 사용하는 많은 웹사이트들처럼, 쿠키로 사용자 세션을 저장하거나 할 수 있다). Alice 는 아직 openid-provider.org 에 로그인 하지 않은 경우라면 비밀번호 입력을 요청받을 것이며, http://example.com/openid-return.php 를 신뢰하는지 묻는다. 이때 그 페이지는 인증 완료후 돌아가게 될 example.com 의 한 페이지로 그녀의 identity 세부사항이 전달된다. 만약 그녀가 허용할 경우 OpenID 인증이 성공된 것으로 간주되며 브라우저는 인증서(credentials)를 가지고 그 페이지로 돌려보내 진다. 만약 Alice 가 그 relying party 를 신뢰하지 않는다고 해도 브라우저는 그 페이지로 돌려보내지지만, 요청이 거부된 것이 통보되기 때문에 이번엔 example.com 이 Alice 를 인증하지 않을 것이다.

그러나 아직 로그인 절차가 끝나지 않았다. 왜냐하면 이 단계에서 example.com 은 받은 인증서(credential)가 정말 openid-provider.org 에서 온 것인지 결정할 수 없기 때문이다. 만약 이전에 공유된 보안정보를 만들어 두었다면 consumer 가 받은 인증서(credential)을 그 보안정보로 검증할 수 있다. 이러한 cunsumer 는 세션간의 공유된 보안정보를 저장해 두기 때문에 stateful 하다고 말한다. 반면 stateless 또는 dumb consumer 는 하나의 서버간 요청 (check_authentication)을 더해야만 그 데이터가 정말 openid-provider.org 에서 온 것인지 보장할 수 있다.

일단 Alice 의 ID 가 검증된 후에는 그녀는 example.comalice.openid-provider.org 으로 로그인한 것으로 간주된다. 그러면 그 사이트는 세션을 저장하거나, 만약 처음 로그인 하는 경우라면, 가입을 완료하기 위해서 example.com 고유의 추가 정보를 입력하도록 요구될 수도 있다.

[편집] 비판

OpenID는 피싱 공격에 취약하다는 비판이 있다([1]).

[편집] 참조

  1. Firefox 3 Requirements
  2. The Register: “Gates: protect Windows Vista users with IP”
  3. I Want My OpenID 공공 장려금 프로그램을 포함한 커뮤니티 마케팅 사이트(장려금 스폰서)

[편집] 바깥 링크

원본 주소 ‘http://ko.wikipedia.org/wiki/OpenID


OpenID is an open, decentralized user identification standard, allowing users to log onto many services with the same digital identity.

An OpenID is in the form of a URL, and is unique in that the user is authenticated by their 'OpenID provider' (that is, the entity hosting their OpenID URL). The OpenID protocol does not rely on a central authority to authenticate a user's identity. Since neither the OpenID protocol nor web sites requiring identification may mandate a specific type of authentication, non-standard forms of authentication can be used, such as smart cards, biometrics, or ordinary passwords.

OpenID authentication is used and provided by several large websites. Organizations like AOL, BBC,[1] Google,[2] IBM, Microsoft,[3] MySpace, Orange, PayPal, VeriSign, Yandex, Ustream and Yahoo! act as providers.[4][5][6]

Contents

[hide]

[edit] History

[edit] 2005

The original OpenID authentication protocol was developed in May 2005[7][8] by Brad Fitzpatrick, creator of popular community website LiveJournal, while working at Six Apart.[9] OpenID support was soon implemented on LiveJournal and fellow LiveJournal engine community DeadJournal for blog post comments, and quickly gained attention in the digital identity community. [10][11] Web developer JanRain was an early supporter of OpenID, providing OpenID software libraries and expanding its business around OpenID-based services.

In late June, discussions started between OpenID developers and developers from enterprise software company NetMesh, leading to collaboration on interoperability between OpenID and NetMesh's similar Light-Weight Identity (LID) protocol. The direct result of the collaboration was the Yadis discovery protocol, which was announced on October 24, 2005.[12] After a discussion at the 2005 Internet Identity Workshop a few days later, XRI/i-names developers joined the Yadis project,[13] contributing their Extensible Resource Descriptor Sequence (XRDS) format for utilization in the protocol.[14]

In December, developers at Sxip Identity began discussions with the OpenID/Yadis community[15] after announcing a shift in the development of version 2.0 of its Simple Extensible Identity Protocol (SXIP) to URL-based identities like in LID and OpenID.[16]

[edit] 2006

In March 2006, JanRain developed a Simple Registration Extension for OpenID for primitive profile-exchange,[17] and in April submitted a proposal to formalize extensions to OpenID. The same month, work had also begun on incorporating full XRI support into OpenID.[18]

Around early May, key OpenID developer David Recordon left Six Apart, joining VeriSign to focus more on digital identity and guidance for the OpenID spec.[11][19] By early June, the major differences between the SXIP 2.0 and OpenID projects were resolved with the agreement to support multiple personas in OpenID by submission of an identity provider URL rather a full identity URL. With this, as well as the addition of extensions and XRI support underway, OpenID was evolving into a full-fledged digital identity framework, with Recordon proclaiming,

We see OpenID as being an umbrella for the framework that encompasses the layers for identifiers, discovery, authentication, and a messaging services layer that sits atop and this entire thing has sort of been dubbed "OpenID 2.0".[20]

In late July, Sxip began to merge its Digital Identity Exchange (DIX) protocol into OpenID, submitting initial drafts of the OpenID Attribute Exchange extension in August.

[edit] 2007

On January 31, 2007, Symantec announced support for OpenID in its Identity Initiative products and services.[21] A week later, on February 6 Microsoft made a joint announcement with JanRain, Sxip, and VeriSign to collaborate on interoperability between OpenID and Microsoft's Windows CardSpace digital identity platform, with particular focus on developing a phishing-resistant authentication solution for OpenID. As part of the collaboration, Microsoft pledged to support OpenID in its future identity server products, and JanRain, Sxip, and VeriSign pledged to add support for Microsoft's Information Card profile to their future identity solutions.[22] In mid-February, AOL announced that an experimental OpenID provider service was functional for all AOL and AOL Instant Messenger (AIM) accounts.[23]

In May, Sun Microsystems began working with the OpenID community, announcing an OpenID program,[24] as well as entering a non-assertion covenant with the OpenID community, pledging not to assert any of its patents against implementations of OpenID.[25] In June, OpenID leadership formed the OpenID Foundation, an Oregon-based public benefit corporation for managing the OpenID brand and property.[26] The same month, an independent OpenID Europe Foundation was officially incorporated in Belgium by Snorri Giorgetti.[27] By early December, non-assertion agreements were collected by the major contributors to the protocol, and the final OpenID Authentication 2.0 and OpenID Attribute Exchange 1.0 specifications were ratified on December 5.[28]

[edit] 2008

In mid-January 2008, Yahoo! announced initial OpenID 2.0 support, both as a provider and as a relying party, releasing the provider service by the end of the month.[29] In early February, Google, IBM, Microsoft, VeriSign, and Yahoo! joined the OpenID Foundation as corporate board members.[30] Around early May, SourceForge, Inc. introduced OpenID provider and relying party support to leading open source software development website SourceForge.net.[31] In late July, popular social network service MySpace announced support for OpenID as a provider.[32] In late October, Google launched support as an OpenID provider, and Microsoft announced that Windows Live ID would support OpenID.[33] In November, JanRain announced a free hosted service, RPX Basic, that allows websites to begin accepting OpenIDs for registration and login without having to install, integrate, and configure the OpenID open source libraries.[34]

[edit] Using OpenID

A basic glossary of the terms used with OpenID:

End-user 
The person who wants to assert his or her identity to a site.
Identifier 
The URL or XRI chosen by the end-user as their OpenID identifier.
Identity provider or OpenID provider
A service provider offering the service of registering OpenID URLs or XRIs and providing OpenID authentication (and possibly other identity services). Note that the OpenID specifications use the term "OpenID provider" or "OP".
See also: List of OpenID providers
Relying party 
The site that wants to verify the end-user's identifier. Sometimes also called a "service provider".
Server or server-agent 
The server that verifies the end-user's identifier. This may be the end-user's own server (such as their blog), or a server operated by an identity provider.
User-agent 
The program (such as a browser) that the end-user is using to access an identity provider or a relying party.
Consumer 
An obsolete term for the relying party.

[edit] Logging in

The user visits a relying party web site (e.g. website.example.com) which displays an OpenID login form somewhere on their page. Unlike a typical login form with fields for the user name and password, the OpenID login form has only one field - for the OpenID identifier, typically along with a small OpenID logo: . This form is connected to an implementation of an OpenID client library.

A user typically will have previously registered an OpenID identifier (e.g. alice.openid.example.org) with an OpenID identity provider (e.g. openid.example.org). The user types his OpenID identifier into the aforementioned OpenID login form.

The relying party web site typically transforms the OpenID identifier into a canonical URL form (e.g. http://alice.openid.example.org/). With OpenID 1.0, the relying party then requests the web page located at that URL and reads an HTML link tag to discover the identity provider service URL (e.g. http://openid.example.org/openid-auth.php). The relying party also discovers whether to use a delegated identity (see below). With OpenID 2.0, the client discovers the identity provider service URL by requesting the XRDS document (also called the Yadis document) with the content type application/xrds+xml that may be available at the target URL and is always available for a target XRI.

There are two modes in which the relying party can communicate with the identity provider:

  • checkid_immediate, in which the relying party requests that the provider not interact with the user. All communication is relayed through the user's browser without explicitly notifying the user;
  • checkid_setup, in which the user communicates with the provider server directly using the same web browser used to access the relying party site.

The second option is more popular on the Web; also, checkid_immediate can fallback to checkid_setup if the operation cannot be automated.

First, the relying party and the identity provider (optionally) establish a shared secret - referenced by an associate handle, which the relying party then stores. If using checkid_setup, the relying party redirects the user's web browser to the identity provider so the user can authenticate with the provider.

The method of authentication may vary, but typically, an OpenID identity provider prompts the user for a password or an InfoCard, then asks whether the user trusts the relying party web site to receive his credentials and identity details.

If the user declines the identity provider's request to trust the relying party web site, the browser is redirected to the relying party with a message indicating that authentication was rejected. The site in turn refuses to authenticate the user.

If the user accepts the identity provider's request to trust the relying party web site, the browser is redirected to the designated return page on the relying party web site along with the user's credentials. That relying party must then confirm that the credentials really came from the identity provider. If they had previously established a shared secret (see above), the relying party can validate the shared secret received with the credentials against the one previously stored. Such a relying party is called stateful because it stores the shared secret between sessions. In comparison, a stateless or dumb relying party must make one more background request (check_authentication) to ensure that the data indeed came from the identity provider.

After the OpenID identifier has been verified, OpenID authentication is considered successful and the user is considered logged in to the relying party web site with the given identifier (e.g. alice.openid.example.org). The web site typically then stores the OpenID identifier in the user's session.

OpenID does not provide its own form of authentication, but if an identity provider uses strong authentication, OpenID can be used for secure transactions such as banking and e-commerce.

[edit] Identifiers

Starting with OpenID Authentication 2.0 (and some 1.1 implementations), there are two types of identifiers that can be used with OpenID: URLs and XRIs.

There are two ways to obtain an OpenID-enabled URL that can be used to login on all OpenID-enabled websites.

  1. To use an existing URL under one's own control (such as one's blog or home page), and if one knows how to edit HTML, one can insert the appropriate OpenID tags in the HTML code following instructions at the OpenID specification.
  2. The second option is to register an OpenID identifier with an identity provider. They offer the ability to register a URL (typically a third-level domain) that will automatically be configured with OpenID authentication service.

XRIs are a new form of Internet identifier designed specifically for cross-domain digital identity. For example, XRIs come in two forms—i-names and i-numbers—that are usually registered simultaneously as synonyms. I-names are reassignable (like domain names), while i-numbers are never reassigned. When an XRI i-name is used as an OpenID identifier, it is immediately resolved to the synonymous i-number (the CanonicalID element of the XRDS document). This i-number is the OpenID identifier stored by the relying party. In this way both the user and the relying party are protected from the user's OpenID identity ever being taken over by another party as can happen with a URL based on a reassignable DNS name.

[edit] Adoption

As of November 2008, there are over 500 million OpenIDs on the Internet (see below) and approximately 27,000 sites have integrated OpenID consumer support.[35]

Some of the companies (especially the biggest ones) which did enable OpenID have been criticized for being a provider of OpenID identities to third-party websites, without allowing credentials of another website to work with their own websites.[39]

[edit] OpenID Foundation

The OpenID Foundation is a 501(c)(3) non-profit organization incorporated in the United States. The OpenID Foundation was formed to help manage copyright, trademarks, marketing efforts and other activities related to the success of the OpenID community. The single goal of the OpenID Foundation is to protect OpenID.[citation needed]

[edit] People

The OpenID Foundation's board of directors has seven community members and five corporate members:[26]

Community Members:

Corporate Members:

Bill Washburn, Ph.D., of XDI.ORG, is the Foundation's Executive Director.

A European counterpart, the OpenID Europe Foundation headquartered in Paris, was founded in June 2007. It is a non-profit organization to help promote and deploy the OpenID software framework in Europe. OpenID Europe is independent of the OpenID Foundation.[40] Snorri Giorgetti of OpenID Europe also serves as the OpenID Foundation's representative in Europe.

[edit] Legal issues

The OpenID trademark in the United States was assigned to the OpenID Foundation in March 2008.[41] It had been registered by NetMesh Inc. before the OpenID Foundation was operational.[42][43] In Europe, as of August 31, 2007, the OpenID trademark is registered to the OpenID Europe Foundation.[44]

The OpenID logo was designed by Randy "ydnar" Reddig, who in 2005 had expressed plans to transfer the rights to an OpenID organization.[45] The official openid.net domain is registered to Six Apart, which was granted by the previous owner David I. Lehn,[46] and the rights of which were officially transferred on June 16, 2005.[citation needed]

The official site currently states:

Nobody should own this. Nobody's planning on making any money from this. The goal is to release every part of this under the most liberal licenses possible, so there's no money or licensing or registering required to play. It benefits the community as a whole if something like this exists, and we're all a part of the community.

Sun Microsystems, VeriSign and a number of smaller companies involved in OpenID have issued patent non-assertion covenants covering OpenID 1.1 specifications. The covenants state that neither company will assert any of their patents against OpenID implementations and will revoke their promises from anyone who threatens, or asserts, patents against OpenID implementors.[25][47]

[edit] Security and phishing

Some observers have suggested that OpenID has security weaknesses and may prove vulnerable to phishing attacks.[48][49][50] For example, a malicious relying party may forward the end-user to a bogus identity provider authentication page asking that end-user to input their credentials. On completion of this, the malicious party (who in this case also control the bogus authentication page) could then have access to the end-user's account with the identity provider, and as such then use that end-user’s OpenID to log into other services.

In an attempt to combat possible phishing attacks some OpenID providers mandate that the end-user needs to be authenticated with them prior to an attempt to authenticate with the relying party.[51] This relies on the end-user knowing the policy of the identity provider. In December 2008, the OpenID Foundation approved version 1.0 of the Provider Authentication Policy Extension (PAPE), which "enables Relying Parties to request that OpenID Providers employ specified authentication policies when authenticating users and for OpenID Providers to inform the Relying Parties which policies were actually used."[52] Regardless, this issue remains a significant additional vector for man-in-the-middle phishing attacks.

[edit] See also

[edit] Notes

  1. ^ bashburn, bill (2008-04-22). "BBC Joins OpenID Foundation". http://openid.net/2008/04/22/british-broadcasting-corp-bbc-joins-openid-foundation/. 
  2. ^ Riley, Duncan (2008-01-18). "Google Offers OpenID Logins Via Blogger". TechCrunch. http://www.techcrunch.com/2008/01/18/google-offers-openid-logins-via-blogger/. Retrieved on 2008-03-20. 
  3. ^ Brian Krebs (2007-02-06). "Microsoft to Support OpenID". http://blog.washingtonpost.com/securityfix/2007/02/microsoft_to_support_openid.html. Retrieved on 2008-03-01. 
  4. ^ "How do I get an OpenID?". OpenID Foundation. http://openid.net/get/. Retrieved on 2008-03-20. 
  5. ^ "Technology Leaders Join OpenID Foundation to Promote Open Identity Management on the Web". 008-02-07. http://www-03.ibm.com/press/us/en/pressrelease/23461.wss. 
  6. ^ Bergman, Artur (2008-02-07). "OpenID Foundation - Google, IBM, Microsoft, VeriSign and Yahoo". O'Reilly Media. http://radar.oreilly.com/archives/2008/02/openid-foundation-google-ibm-m.html. Retrieved on 19 March 2008. 
  7. ^ Fitzpatrick, Brad (2005-05-16). "Distributed Identity: Yadis". LiveJournal. http://community.livejournal.com/lj_dev/683939.html. Retrieved on 2008-03-20. 
  8. ^ Fitzpatrick, Brad (2005-05-17). "OpenID". LiveJournal. http://community.livejournal.com/lj_dev/684200.html. Retrieved on 2008-03-19. 
  9. ^ Waters, John K (2007-12-01). "OpenID Updates Identity Spec". Redmond Developer News. http://reddevnews.com/news/devnews/article.aspx?editorialsid=913. Retrieved on 20 March 2008. 
  10. ^ "OpenID: an actually distributed identity system". Internet Archive. 2005-09-24. http://web.archive.org/web/20050924033518/www.danga.com/openid/. Retrieved on 2008-03-20. 
  11. ^ a b Fitzpatrick, Brad (2006-05-30). "brad's life - OpenID and SixApart". LiveJournal. http://brad.livejournal.com/2226738.html. Retrieved on 2008-03-20. 
  12. ^ Recordon, David (2005-12-24). "Announcing YADIS...again". Danga Interactive. http://lists.danga.com/pipermail/yadis/2005-October/001511.html. Retrieved on 2008-03-20. 
  13. ^ Reed, Dummond (2005-12-31). "Implementing YADIS with no new software". Danga Interactive. http://lists.danga.com/pipermail/yadis/2005-October/001544.html. Retrieved on 20 March 2008. 
  14. ^ Reed, Drummond (2008-11-30). "XRD Begins". Equals Drummond. http://www.equalsdrummond.name/?p=172. Retrieved on 5 January 2009. 
  15. ^ Hardt, Dick (2005-12-18). "Sxip concerns with YADIS". Danga Interactive. http://lists.danga.com/pipermail/yadis/2005-December/001873.html. Retrieved on 2008-03-20. 
  16. ^ Hardt, Dick (2005-12-10). "SXIP 2.0 Teaser". Identity 2.0. http://identity20.com/?p=44. Retrieved on 2008-03-20. 
  17. ^ Hoyt, Josh (2006-03-15). "OpenID + Simple Registration Information Exchange". Danga Interactive. http://lists.danga.com/pipermail/yadis/2006-March/002304.html. Retrieved on 2008-03-20. 
  18. ^ Grey, Victor (2006-04-02). "Proposal for an XRI (i-name) profile for OpenID". Danga Interactive. http://lists.danga.com/pipermail/yadis/2006-April/002388.html. Retrieved on 2008-03-20. 
  19. ^ Recordon, David (2006-04-29). "Movin' On....". LiveJournal. http://daveman692.livejournal.com/251286.html. Retrieved on 2008-03-20. 
  20. ^ Recordon, David (2006-06-16). "Moving OpenID Forward". Danga Interactive. http://lists.danga.com/pipermail/yadis/2006-June/002631.html. Retrieved on 2008-05-19. 
  21. ^ "Symantec Unveils Security 2.0 Identity Initiative at DEMO 07 Conference". Symantec. 2007-01-31. http://www.symantec.com/about/news/release/article.jsp?prid=20070131_01. Retrieved on 2008-03-20. 
  22. ^ Graves, Michael (2007-02-06). "VeriSign, Microsoft & Partners to Work together on OpenID + Cardspace". VeriSign. http://blogs.verisign.com/infrablog/2007/02/verisign_microsoft_partners_to_1.php. Retrieved on 2008-03-20. 
  23. ^ Panzer, John (2007-02-16). "AOL and 63 Million OpenIDs". AOL Developer Network. http://dev.aol.com/aol-and-63-million-openids. Retrieved on 2008-03-20. 
  24. ^ "Sun Microsystems Announces OpenID Program". PR Newswire. 2007-05-07. http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=104&STORY=/www/story/05-07-2007/0004582105&EDATE=. Retrieved on 2008-03-20. 
  25. ^ a b "Sun OpenID: Non-Assertion Covenant". Sun Microsystems. http://www.sun.com/software/standards/persistent/openid/nac.xml. Retrieved on 2008-03-20. 
  26. ^ a b OpenID Board of Directors (2007-06-01). "OpenID Foundation". OpenID Foundation. http://openid.net/foundation/. Retrieved on 2008-03-20. 
  27. ^ http://www.openideurope.eu/foundation/bylaws/ Bylaws of OpenID Europe
  28. ^ "OpenID 2.0…Final(ly)!". OpenID Foundation. 2007-12-05. http://openid.net/2007/12/05/openid-2_0-final-ly/. Retrieved on 2008-03-20. 
  29. ^ "Yahoo! Announces Support for OpenID; Users Able to Access Multiple Internet Sites with Their Yahoo! ID". Yahoo!. 2008-01-17. http://biz.yahoo.com/bw/080117/20080117005332.html. Retrieved on 2008-03-20. 
  30. ^ "Technology Leaders Join OpenID Foundation to Promote Open Identity Management on the Web". OpenID Foundation (Marketwire). 2008-02-07. http://www.marketwire.com/mw/release.do?id=818650. Retrieved on 20 March 2008. 
  31. ^ SourceForge, Inc. (May 7, 2008). SourceForge Implements OpenID Technology. Press release. http://www.primenewswire.com/newsroom/news.html?d=142213. Retrieved on 2008-05-21. 
  32. ^ "MySpace Announces Support for ‘OpenID’ and Introduces New Data Availability Implementations". Business Wire. MySpace. 2008-07-22. 2. http://www.businesswire.com/news/home/20080722006024/en. Retrieved on 2008-07-23. 
  33. ^ "Microsoft and Google announce OpenID support". OpenID Foundation. 2008-10-30. http://openid.net/2008/10/30/microsoft-and-google-announce-openid-support/. 
  34. ^ JanRain, Inc. (November 14, 2008). JanRain Releases Free Version of Industry Leading OpenID Solution. Press release. http://www.janrain.com/press/2008/rpxnow. Retrieved on 2008-11-14. 
  35. ^ Drebes, Larry (2008-11-01). "Relying Party Stats as of Nov. 1st, 2008". http://blog.janrain.com/2008/11/relying-party-stats-as-of-nov-1st-2008.html. 
  36. ^ http://wikitravel.org/en/Special:OpenIDLogin
  37. ^ Bylund, Anders (17 January 2008). "Yahoo! No More Password Profusion!". http://www.fool.com/investing/general/2008/01/17/yahoo-no-more-password-profusion.aspx. Retrieved on 2008-02-14. 
  38. ^ http://code.google.com/apis/accounts/docs/OpenID.html
  39. ^ John Timmer, OpenID being Balkanized even as Google, Microsoft sign on.
  40. ^ "OpenID Europe Foundation". http://openideurope.eu/. 
  41. ^ "Trademark Assignment, Serial #: 78899244". United States Patent and Trademark Office. 2008-05-06. http://assignments.uspto.gov/assignments/q?db=tm&sno=78899244. Retrieved on 2008-05-19. "Exec Dt: 03/27/2008" 
  42. ^ "Latest Status Info". United States Patent and Trademark Office. 2006-03-27. http://tarr.uspto.gov/servlet/tarr?regser=serial&entry=78899244. Retrieved on 2008-03-20. 
  43. ^ "NetMesh: Company / Management". NetMesh. http://netmesh.us/company/management/. Retrieved on 2008-03-20. 
  44. ^ "OpenID Europe Trademark & Logo Policy". OpenID Europe Foundation. http://www.openideurope.eu/policies/openid-trademark-policy/. Retrieved on 2008-03-20. 
  45. ^ Reddig, Randy (2005-06-29). "OpenID Logo". Danga Interactive. http://lists.danga.com/pipermail/yadis/2005-June/000990.html. Retrieved on 2008-03-20. 
  46. ^ Fitzpatrick, Brad (2005-05-17). "Yadis.... now OpenID". Danga Interactive. http://lists.danga.com/pipermail/yadis/2005-May/000027.html. Retrieved on 2008-03-20. 
  47. ^ "VeriSign's OpenID Non-Assertion Patent Covenant". VeriSign. http://www.verisign.com/research/Consumer_Identity_and_Profile_Management/042160.html. Retrieved on 20 March 2008. 
  48. ^ Crowley, Paul (2005-06-01). "Phishing attacks on OpenID". Danga Interactive. http://lists.danga.com/pipermail/yadis/2005-June/000470.html. Retrieved on 2008-03-20. 
  49. ^ Anderson, Tim (2007-03-05). "OpenID still open to abuse". IT Week. http://www.itweek.co.uk/2184695. Retrieved on 13 March 2007. 
  50. ^ Slot, Marco. "Beginner's guide to OpenID phishing". http://openid.marcoslot.net/. Retrieved on 2007-07-31. 
  51. ^ "Verisign PIP FAQ". https://pip.verisignlabs.com/faq.do#faq5. Retrieved on 2008-11-13. 
  52. ^ Jones, Mike. "PAPE Approved as an OpenID Specification". OpenID Foundation. http://openid.net/2008/12/31/pape-approved-as-an-openid-specification/. 

[edit] References

[edit] External links

Retrieved from "http://en.wikipedia.org/wiki/OpenID"

'Uncategorized' 관련 글

더 보기

법륜스님의 주례사

  • 2009.02.06
더 읽기

테니스 오심 논란이 잦은 이유

  • 2009.02.06
더 읽기

블로그 새글 등록 후 클릭 한 번 해주어야 하는 곳 , RSS 핑 보내주는 사이트, 외국 검색엔진과 소셜 사이트로..

  • 2009.02.06
더 읽기

生生경제, 국민아이디어 공모

  • 2009.02.06
더 읽기

Copyright © SungHyun.kr All Rights Reserved

티스토리툴바