Security Analysis of OpenID, followed by a Reference Implementation of an nPA-based OpenID Provider

  • Sebastian Feld
  • Norbert Pohlmann


OpenID is an open, decentralized and URL-based standard for Single Sign-On (SSO) on the Internet. In addition, the new electronic identity card (“Neuer Personalausweis”, nPA) will be introduced in Germany in November 2010. This work shows the problems associated with OpenID and addresses possible solutions. There is also a discussion on how to improve the OpenID protocol by the combination of the nPA respectively the Restricted Identification (RI) with an OpenID identity. The concept of an OpenID provider with nPA support will be presented together with its precondition. The added value created by the combination of the two technologies nPA and OpenID in different directions is discussed.


Smart Card Shared Secret Identity Card Domain Name System Authentication Response 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. Recordon, David; Reed, Drummond: OpenID 2.0: a platform for user-centric identity management. In: DIM ‘06: Proceedings of the second ACM workshop on Digital identity management. ACM, 2006, p. 11-16.Google Scholar
  2. Recordon, David; Reed, Drummond: OpenID Authentication 2.0 - Final., 2007.
  3. Margraf, Marian: Der elektronische Identitätsnachweis des zukünftigen Personalausweises. SITSmartCard Workshop 2009, Darmstadt, 2009.Google Scholar
  4. BSI: Advanced Security Mechanisms for Machine Readable Travel Documents; Extended Access Control (EAC), Password Authenticated Connection Establishment (PACE), and Restricted Identification (RI); Version 2.03. Technische Richtlinie TR-03110, 2010.Google Scholar
  5. Berners-Lee, T.; Fielding, R.; Masinter, L.: RFC 3986, Uniform Resource Identifier (URI): Generic Syntax., 2005.
  6. Reisen, Andreas: Die Architektur des elektronischen Personalausweises. 11. Deutscher IT-Sicherheitskongress des BSI, Bonn-Bad Godesberg, 2009.Google Scholar
  7. Hardt, D.; Bufu, J.; Hoyt, J.: OpenID Attribute Exchange 1.0 – Final., 2007.
  8. Tsyrklevich, E.; Tsyrklevich, V.: Single Sign-On for the Internet: A Security Story. BlackHat USA, 2007.Google Scholar
  9. BSI: Technische Richtlinie eID-Server; Version 1.3. Technische Richtlinie TR-03130, 2010.Google Scholar

Copyright information

© Vieweg+Teubner Verlag | Springer Fachmedien Wiesbaden GmbH 2011

Authors and Affiliations

  • Sebastian Feld
    • 1
  • Norbert Pohlmann
    • 2
  1. 1.Institute for Internet-SecurityGelsenkirchen University of Applied SciencesGelsenkirchen
  2. 2.Institute for Internet-SecurityGelsenkirchen University of Applied SciencesGelsenkirchen

Personalised recommendations