Thursday 5th October 2017
OpenAthens Cloud uses OpenID Connect, an extendable authentication system built on the OAuth 2.0 standard. OpenID Connect offers support for single sign-on to create a better workflow for end users, and it’s also extensible to web-based, native apps, and mobile applications to allow for similar authentication journeys no matter the user’s device.
OpenID Connect represents the third generation of OpenID technology, which was originally established in 2005 by Ben Fitzpatrick, the founder of LiveJournal – where it saw its first widespread use for posting comments. Since it was established, it’s seen increased support from the enterprise and security communities, with companies such as NetMesh, Verisign, Symantec, and Microsoft adopting or helping shape the underlying technology.
OpenID Connect is a simpler technology than SAML and easier to install for content providers, which is why OpenAthens Cloud is our most straightforward product yet – there’s no need for expert developer time to implement it. And with the release of OpenAthens Cloud, we’re also working towards becoming a certified OpenID Connect provider to ensure the trustworthiness of authentication conducted through the software.
OpenAthens Cloud is lightweight by design; it is built to be easy to implement and transfers the minimum data required for a user to gain access to the secure resources they need. Once a user logs into a service or network – for example, their workplace or institutional account – their network ‘vouches’ for them to gain access to authentication-based systems such as subscription resources. In addition, OpenAthens Cloud is fully compatible with SAML and Shibboleth-based products and operating systems.
One key advantage of the approach used by OpenAthens Cloud is that it’s inherently more secure; access to, and management of, the user’s details stays in the hands of their organisation. This provides the ‘best of both worlds’ with enhanced security as well as the ability to create a personalised experience: developers and service providers don’t need to store databases of usernames and passwords, while still being able to offer login-based functionality (such as user profiles, saved searches, and more) for an even better user experience.
This approach is also more flexible and scalable than IP-based and proxy authentication, meaning that content providers can extend the same authentication approaches used by their educational and healthcare customers to services aimed at corporate customers and the general public. OpenID Connect technology’s adoption by public-facing companies also means that the journey will be familiar to users of all backgrounds.
Share this article