【正文】 special returnto URL). If the user cannot authenticate, he will probably receive a message from the OP that his authentication attempt failed (at least that39。 it only wants to know whether the OP has successfully authenticated the user. If so, the User Agent (again, probably the user39。s what makes OpenID work. By following stipulations in the OpenID Authentication Specification Version , OpenID RPs are able to decode (or normalize) an identifier to figure out how to authenticate a user. In the operational world of OpenID, where we as developers write code, two identifiers are of interest: UserSupplied Identifier Claimed Identifier As the name suggests, a UserSupplied Identifier is the identifier supplied by the user to the RP. The UserSupplied Identifier must be normalized into a Claimed Identifier, which is just a fancy way to say that the identifier supplied by the user is transformed into a standard form. The Claimed Identifier can then be used to locate the OP through a process called discovery, after which the OP will authenticate the user. OpenID Relying Party It is normally the RP that is presented with a UserSupplied Identifier, which is normalized to a Claimed Identifier. The user39。s identifier and redirects the user to the OP, where he will be required to prove his claim to that ID. Let39。s Web site, and the RP uses OpenID. To access the resource, the user must present his OpenID in a form that can be recognized (normalized) as an OpenID. The OpenID is encoded with the OP39。re associated with. What a pain。re like me, you own many identifiers or userids. I have a userid at Facebook, another at Twitter, and others at dozens of sites that I use around the Inter. I always try to use the same userid but it39。ll learn how to create your own OpenID provider. Throughout the discussion I39。ll also show you how to receive user information with an OpenID Simple Registration Extension (SReg). I39。外文翻譯 1 OpenID for Java Web applications, Part 1: Enable your Java Web applications to use OpenID authentication J Steven Perry, Principal Consultant, Makoto Consulting Group, Inc. Summary: OpenID is a decentralized authentication protocol that makes it easier for users to access resources in your Java? Web applications. In this first half of a twopart article, you39。ll learn about the OpenID Authentication Specification and walk through the steps of incorporating it into a sample Java application. Rather than implement the OpenID Authentication specification by hand, author J. Steven Perry uses the openid4java library and a popular OpenID provider, myOpenID, to create a safe and reliable registration process for a Java application written in Wicket. Tags for this article: authentication, java, openid, openid4java, signon, single, steve_perry, webs OpenID is a decentralized authentication mechanism. Using OpenID, I can prove I own a URI such as and I can use that identity to authenticate myself with any site that supports OpenID — such as Google, Slashdot, or Wordpress. Clearly, Open ID is great for end users. But using it got me to thinking: What about using OpenID to create a standard, reliable authentication system for the Javabased Web applications I write for my customers? In this twopart article I will show you how to use the openid4java library and a wellknown OpenID provider, myOpenID, to create an authentication system for a Javabased Web application. I39。ll start by explaining what OpenID is and showing you how to get an OpenID of your own. Next, I will present a brief overview of how OpenID authentication works. Finally, I will walk through the steps involved in performing OpenID authentication using openid4java. In the second half of this article, you39。ll be working with a Wicketbased Java Web application that I 外文翻譯 2 wrote specifically for this article. You can download the source code for the application any time. You also might want to take a look at the openid4java library (see Resources). Note: This article focuses on using OpenID for Java Web applications, but OpenID works in any software architectural scenario. Introduction to OpenID OpenID is a specification for proving a user owns an identifier. For now, just think of an identifier as a String that uniquely identifies a user. If you39。s not available on every new site I sign up for. So, I have a mental map of all of my userids and the Web sites they39。 I use the Forget your password? feature a lot! It would be great if there were a way to claim a single identifier and use it everywhere. OpenID solves exactly this problem. Using OpenID, I claim an identifier and use it on any site or Web resource that has adopted the protocol. The latest figures (from the OpenID Web site) say that more than 50,000 Websites support OpenID, including Facebook, Yahoo!, Google, and Twitter. OpenID authentication OpenID authentication is at the heart of OpenID, and consists of three main concepts: The OpenID Identifier: A String of text that uniquely identifies the user. The OpenID Relying Party (RP): An online resource (probably a Web site, but it could be a file, an image, or pretty much anything you want to control access to) that uses OpenID to identify who can access it. The OpenID Provider (OP): A site where users can claim an OpenID and subsequently signin and authenticate their identity for the benefit of any RP. The OpenID Foundation is a consortium whose members are interested in promoting open source identity management through the OpenID specification. How does OpenID work? 外文翻譯 3 Suppose a user is attempting to access a resource that is part of an RP39。s location. The RP then takes the user39。s briefly consider each ponent of the OpenID specification and its role in this process. OpenID Identifiers At the heart of OpenID is, of