PERSONAL IDENTITY PROVIDER - PIP

= How To Run
View the INSTALL file for more details on installing and running PIP.

= General Overview
PIP is an open-source identity server that utilizes the OpenID 1.1 and Yadis 
1.0 standards to identify and distribute identity resources.  Users utilize 
PIP to manage digital identity information, authenticate themselves for 
consumer sites, and authorize consumer sites for access to their identity 
information. There are three main components to PIP: Yadis, OpenID, and 
Profile Management. These components are explained in more detail below.

== Yadis
Yadis 1.0 is service discovery system that allows consumer sites to know what 
services are provided by PIP. It is provided as a service directly by the 
mongrel server via lib/yadis_handler/lib/yadis_handler.rb. In a Yadis request, 
the consumer site visits the identity url provided by the user looking for 
Yadis headers that indicate where the Yadis document resides. These headers are
provided at [pip_url]/user/[user_login]/yadis by 
lib/yadis_handler/lib/yadis_handler.rb and at [user_login].[pip_url] by 
app/views/account/index.rhtml. The document itself is provided at 
[pip_url]/user/[user_login]/yadis by yadis_handler.rb. Though a Yadis document 
may point to many services, the PIP Yadis document points only to the OpenID 
service provided by PIP.

== OpenID
OpenID 1.1 allows consumer sites to use identity URLs, provided by PIP, to 
authenticate users and gain access to identity data stored within the PIP 
database. Though all OpenID transactions provide authentication of the user, 
not all require or result in identity information being exchanged. All OpenID 
functionality in PIP is provided through the ServerController in 
app/controllers/server_controller.rb. ServerController provides a single point 
of entry, #index, with which consumer sites can associate with the PIP and to 
which consumer sites can redirect their users to perform authentication and 
authorization. Consumer site association provides security against various 
attacks that can be performed on the OpenID process. User authentication and 
authorization are the process of the user logging in to PIP to authenticate 
that they do own the identity url and the process by which the user authorizes
that the consumer site may have access to specific pieces of their identity 
data. Metadata about information shared and consumer sites that have been 
authorized is stored in the Profile and TrustRequest models.

== Profile Management
PIP provides a single location at which a user may maintain his online 
identity. This service is provided by PropertyTypesController in conjunction 
with the PropertyType and Property models. Users have one Property, which 
contains the identity information, per PropertyType, which contains 
meta-information about the Property. Users have a default set of PropertyTypes 
referred to as global property types that they may not remove. In addition, 
they may create new PropertyTypes over which they have full control. 
Currently, there are only eight property types that are used in OpenID 
transactions. These are specified by User::OPEN_ID_MAPPINGS.

== Further Reading
For further insight into the behavior of the system, read the rDoc html files 
for the classes mentioned above. The rDocs can be found in doc/app/index.html. 

= Requirements
Mongrel Web Server - http://mongrel.rubyforge.org/
JanRain ruby-openid and ruby-yadis gems - 
  http://www.openidenabled.com/openid/libraries/ruby/download
MySQL or other database server