|
How does it all work?
Like most great ideas, the idea behind Open Passport is very simple :
Instead of colleges sending username and password lists every now and then, why not just authenticate directly with their own network?
Now, this can be a scary prospect. No one likes other people snooping around and having access to sensitive network resources. On the other hand, logically speaking it is impossible to have SSO without some way to check the usernames and passwords.
Fortunately there was an easy solution! Most colleges have a website that features some form of secure area such as web based email or a VLE or MLE.
When logging in to one of these secure resources, one of two things will happen. Either access will be granted or it will be denied. It is possible to tell which happened programmatically. In short by logging in to a secure website, we can tell if a username and password combination is valid.
Open Passport takes this idea one step further. Because it is trusted by the Service Providers and the Authentication Authorities, it can "broker" the authentication between them.
It does this by allowing users to login to Open Passport via a web form. Open Passport then talks to the Authentication Authority to see if the username and password is correct. If it is, Open Passport will tell the Service Provider that the user is who he or she claims to be. That's all there is to it!
|
