What is OpenSignOn ?

From OpenSignOn

Jump to: navigation, search

OpenSignOn is a technology that eliminates the need for multiple usernames while protecting your digital identity. It provides cross domain identity for domains that are in a so-called domain cloud. An OpenSignOn provider can consist of multiple domain clouds. On each domain cloud you have a different identity and it is unknown to websites in a domain cloud what username was used on the OpenSignOn provider. This provides total anonymity for someone logging in via an OpenSignOn provider.

For example: if you login through an OpenSignOn provider to a poker site and through the same OpenSignOn provider on a job search site that are not in the same domain cloud there are only two ways your identity on the poker site can be linked to the identity on the job search site. You can guess that the same IP number identifies you as you, or if the same “Optional Required Identity Provider” is used on both domain clouds. This almost total anonymity OpenSignOn provides seems fantastic from a user's perspective, but for Internet shop owners and Blog owners etc. it provides a way for “Bad actors” to compromise their webstore or site.

To solve this issue OpenSignOn has an “Optional Required Identity Provider” enabling sites to control the Identities in a domain cloud. This can be used to block the “Bad actors” or enable things like age identification. You can also add an Identity provider that works as a reputation system. To be clear: the OpenSignOn “Optional Required Identity Provider” is a kind of “Root” identity provider for a cloud, and not for the Users identity. Each cloud can use a different “Optional Required Identity Provider”.

The last main feature OpenSignOn provides, is roles. In the same way you have a different identity per domain cloud you can also have different identities within a domain cloud. This means you can use a "business" and a "private" identity on a socialnetworking site using one OpenSignOn username.

When you need to sign in to some site you just press a "Sign In" button on a unsecure http or secure https site and you enter your credentials on a secure https OpenSignOn Provider. OpenSignOn will not use guessable names to identify users but long random character tokens. OpenSignOn only needs to know if the username/password combination provided for an Identity Provider is valid and therefore has no need to store passwords. This means that even when an OpenSignOn provider is hacked, your passwords are safe because they are not there.

Personal tools