Design and Implementation of a Webservice for Identity Management

Most modern web applications need an authentication and user account system. For users this often leads to one of two problems. Either users reuse the same password for different services, putting them at risk should this password ever find its way into the wrong hands, or they use different passwords, making it hard for them to remember all these different passwords. Futhermore, users might face the problem that certain information about them – an email address for example – becomes outdated. A user would now have to change this information on all webservices they have an account for. A central server application, a so-called identity provider, could solve these problems. Users would then only have one user account on the identity provider, containing all important information about them. If users want to use an application, this application can authenticate them through the identity provider and access information about them stored on the identity provider.

The goal of this thesis is the design and implementation of such an identity provider. This thesis will discuss different protocols used by identity providers and present a prototypical implementation.