|
Mission Statement
To deliver a secure, easy to use, flexible and lightweight interplatform authentication system.
But what does this actually mean and how does Open Passport actually deliver these promises? Let's take a look at these promises one at a time.
Open Passport is an authentication system. It is used to provide identification information between two parties. These parties may not trust or even have heard of each other. Open Passport works as a trusted middleman to ensure that both parties can communicate safely and that sensitive information is not shared between these parties.
For example when Open Passport authenticates a user for a website, that website never sees that user's password. It is never at any time sent to the website and is used only briefly by Open Passport to verify the user's identity against the organisation they are from. After this the password is discarded, it is never held or saved anywhere by Open Passport.
Of course these secure practices are built on top of a secure application that is in turn running on a secure operating system. All updates are religiously applied and constant monitoring ensures that the systems remain as secure as possible.
Open Passport uses SSL to secure all transactions between itself and where possible with the organisations that are providing sensitive information. Open Passport is planning to make free certificates available for these organisations to use to further improve security. Open Passport uses the same standards as those adopted by international banks and ecommerce websites.
This is from everyone's point of view, not just the developer or programmer but also for the end users and the companies and organisations that wish to integrate and use Open Passport themselves. By providing step by step documentation and a simple and easy to understand interface, Open Passport promotes simplicity and transparency. How this translates to each type of user can be found in the overview section.
Open Passport makes no assumptions on how a particular application works or what it does. In fact it really doesn't care! Open Passport simply provides information to an application - it's entirely up to that application what to do with this information and Open Passport is not involved in anything past this point. There is no complex software to install, no strange systems to learn and no additional hardware or setup is required. By using Open Source Software and Open Standards, Open Passport really is the most flexible authentication system currently on the market.
Open Passport doesn't need to be installed on site, nor does it require any additional hardware or scary changes to firewalls or applications. Open Passport is lightweight because it uses simple HTTP to provide the service and doesn't come with the headache and hassle associated with other authentication systems. For the most part, organisations who wish to use it to provide user information have to make NO changes whatsoever. Changes to applications wishing to receive authentication information are minor and don't interfere with the rest of the application.
As Open Passport uses Open Standards such as HTTP, SOAP, and XMLRPC it is possible for any platform that supports these standards to integrate Open Passport into their applications. This means it is perfectly possible for a Linux system to authenticate to an application hosted on .NET and vice versa. The individual platforms are abstracted due to the nature of Open Passport and allows seamless integration amongst the various platforms.
|
