AUTHENTICATION COMPARATIVE STUDY

Comparative Study between Basic Authentication and OpenID Authentication

by

ACKNOWLEDGEMENT

I would like to take this chance for thanking my research facilitator, friends & family for support they provided and their belief in me as well as guidance they provided without which, I would have never been able to do this research.

Signature: ______________________

Date: _______________________

DECLARATION

I, (name of the author), would like to declare that all contents included in this dissertation stand for my individual work without any aid, and this dissertation has not been submitted for any examination at academic as well as professional level previously. It is also representing my very own views and not essentially which are associated with university.

Signed: __________________Date: ________________

ABSTRACT

This study focuses on the comparison between basic authentication, which required username and password to access to the system, and OpenID authentication that required user's online identity to gain access to the system, about the development, and implement to the system, and using the system in developer view, and user view. Moreover this study also discusses about OpenID and OAuth, which developed from OpenID model. The study also aims at proving that OpenID has advantage over basic authentication and further discusses the protocol that is used to implement OpenID. The problems in implementing OpenID authentication area also studied. The objective of this study is to find out that OpenID protocol is good enough to replace basic authentication that required username and password to access to the system, or not. In this study also shows information, and results from develop, and implement OpenID to the system including example code that use to develop and implement, or problem, which occurred when developing, or implementing OpenID to the system.

TABLE OF CONTENTS

ACKNOWLEDGEMENTII

DECLARATIONIII

ABSTRACTIV

LIST OF FIGURESVII

CHAPTER 1: INTRODUCTION1

Outline of the Study1

Background1

Problem Statement4

Research Aims and Objectives5

Research Questions6

Time Scale for the Study6

CHAPTER 2: LITERATURE REVIEW9

Overview of Authentication9

Security Issues and Considerations in Authentication11

Technical Background of Basic Authentication12

Overview of OpenID Authentication14

Technical Background of OpenID Authentication15

Advantages of OpenID Authentication18

Protocol Details of OpenID Authentication19

Technical Background of OAuth27

CHAPTER 3: METHODOLOGY28

Research Design28

Research Method29

Data Analysis Method29

Ethical Considerations30

CHAPTER 4: ANALYSIS AND FINDINGS31

Analysis of OpenID Protocol31

Working of the OpenID Technology37

Comparison between Basic Authentication and OpenID40

Development of OpenID in Web Based Application42

Setting up an OpenID with Google44

Analysis of OAuth49

Comparison between OpenID and OAuth52

Problems with OpenID's Implementation54

CHAPTER 5: CONCLUSION56

Summary of Findings56

Future of OpenID59

REFERENCES61

LIST OF FIGURES

Figure 1: The initialization phase of the OpenID protocol (Dashed lines represent optional)20

Figure 2: The authentication phase of the OpenID protocol (Dashed lines represent optional messages)24

Figure 3: The verification phase of the OpenID protocol (Dashed lines represent optional messages)26

Figure 4: Working of the OpenID Technology40



CHAPTER 1: INTRODUCTION

Outline of the Study

This research focuses on comparing basic authentication and OpenID authentication. The study comprises of the following sections:

The first chapter introduces the topic of the research and provides the background, research scope, aims and objectives, research questions and time scale for the study.

The second chapter provides the appropriate and significant literature review for the selected research topic that signifies the past study in this field.

The third chapter provides a general idea about the research ...