Presentation is loading. Please wait.

Presentation is loading. Please wait.

OpenID Connect Working Group

Published byAnita Skaarup Modified over 5 years ago

Similar presentations

Presentation on theme: "OpenID Connect Working Group"— Presentation transcript:

1 OpenID Connect Working Group
April 29, 2019 Michael B. Jones Identity Standards Architect – Microsoft

2 Working Together OpenID Connect

3 You’re Probably Already Using OpenID Connect!
If you have an Android phone or log in at AOL, Deutsche Telekom, Google, Microsoft, NEC, NTT, Salesforce, Softbank, Symantec, Verizon, or Yahoo! Japan, you’re already using OpenID Connect Many other sites and apps large and small also use OpenID Connect

4 OpenID Connect

5 Numerous Awards OpenID Connect won 2012 European Identity Award for Best Innovation/New Standard OAuth 2.0 won in 2013 JWT/JOSE won in 2014 OpenID Certification program won 2018 Identity Innovation Award and 2018 European Identity Award

6 Session Management / Logout
Three approaches being pursued by the working group: Session Management Uses HTML5 postMessage to communicate state change messages between OP and RP iframes Front-Channel Logout Uses HTTP GET to load image or iframe, triggering logout Similar to options in SAML, WS-Federation Back-Channel Logout Server-to-communication not using the browser Can be used by native applications, which have no active browser All support multiple logged in sessions from OP at RP Unfortunately, no one approach best for all use cases Certification tests being developed WG plans to test multiple implementations before making specs Final

7 Federation Specification
OpenID Connect Federation specification Enables establishment and maintenance of multi-party federations using OpenID Connect Defines hierarchical JSON-based metadata structures for federation participants Implementer’s Draft status reached Substantial changes since then Please review!

8 Identity Assurance OpenID Connect for Identity Assurance
Representation for verified person data Enables legal compliance for some use cases New specification by Torsten Lodderstedt Please review!

9 Native SSO Specification
Enables SSO across apps by the same vendor Assigns a device secret issued by the AS New specification being written by George Fletcher Watch the mailing list for WG draft soon to come

10 Second Errata Set Errata process corrects typos, etc. discovered
Makes no normative changes Edits under way for second errata set See for current Core errata draft I plan to work on the errata edits during IIW

11 Current Related Work International Government Profile (iGov) WG
Developing OpenID Connect profile for government & high-value commercial applications Enhanced Authentication Profile (EAP) WG Enables Token Bound ID Tokens Enables integration with FIDO and other phishing-resistant authentication solutions Mobile Operator Discovery, Registration & autheNticAtion (MODRNA) WG Mobile operator profiles for OpenID Connect Financial-grade API (FAPI) WG Enables secure API access to high-value services

12 OpenID Certification Enables OpenID Connect and FAPI implementations to be certified as meeting requirements of defined conformance profiles Now OP and RP Connect certification profiles for: Basic OP and Basic RP Implicit OP and Implicit RP Hybrid OP and Hybrid RP OP Publishing and RP Using Configuration Information Dynamic OP and Dynamic RP Form Post Response Mode for OP and RP FAPI OP certification launched April 1, 2019 See And accompanying certification presentation!

13 Open Conversation How are you using OpenID Connect?
What would you like the working group to know and do?

Download ppt "OpenID Connect Working Group"

Similar presentations

Suchin Rengan Principal Technical Architect Salesforce.com

Suchin Rengan Principal Technical Architect Salesforce.com
How is OpenID helping Google? Steven Bazyl Developer Advocate

How is OpenID helping Google? Steven Bazyl Developer Advocate
Oracle IDM at First National Bank

Oracle IDM at First National Bank
FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.

FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.
WSO2 Identity Server Road Map

WSO2 Identity Server Road Map
By: Ansuya Chauhan.

By: Ansuya Chauhan.
December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.

December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.
OpenID Connect Update and Discussion Mountain View Summit – September 12, 2011 Mike Jones – Microsoft John Bradley – Independent Nat Sakimura – Nomura.

OpenID Connect Update and Discussion Mountain View Summit – September 12, 2011 Mike Jones – Microsoft John Bradley – Independent Nat Sakimura – Nomura.
Finalize RESTful Application Programming Interface (API) Security Recommendations Transport & Security Standards Workgroup January 28, 2014.

Finalize RESTful Application Programming Interface (API) Security Recommendations Transport & Security Standards Workgroup January 28, 2014.
OpenID Connect Working Group April 6, 2015 Mike Jones Identity Standards Architect – Microsoft.

OpenID Connect Working Group April 6, 2015 Mike Jones Identity Standards Architect – Microsoft.
Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.

Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.
UMA Could I Manage My Own Data. Please?. Agenda Business Trends & Technical Solutions Distributed Business (Decentralisation) Mobility & Automation Delegation.

UMA Could I Manage My Own Data. Please?. Agenda Business Trends & Technical Solutions Distributed Business (Decentralisation) Mobility & Automation Delegation.
SWITCHaai Team Introduction to Shibboleth.

SWITCHaai Team Introduction to Shibboleth.
Chad La Joie Shibboleth’s Future.

Chad La Joie Shibboleth’s Future.
Openid Connect https://store.theartofservice.com/the-openid-connect-toolkit.html.

Openid Connect
Authority of Information Technology Application National Center of Digital Signature Authentication Ninh Binh, June 25, 2010.

Authority of Information Technology Application National Center of Digital Signature Authentication Ninh Binh, June 25, 2010.
101 ways to authenticate with Azure Active Directory

101 ways to authenticate with Azure Active Directory
All Rights Reserved 2014 © CMG Consulting LLC Federated Identity Management and Access Andres Carvallo Dwight Moore CMG Consulting, LLC October 2015 1.

All Rights Reserved 2014 © CMG Consulting LLC Federated Identity Management and Access Andres Carvallo Dwight Moore CMG Consulting, LLC October
Adxstudio Portals Training

Adxstudio Portals Training
Slavko Kukrika MVP Connect Windows 10 to the Cloud – Cloud Join.

Slavko Kukrika MVP Connect Windows 10 to the Cloud – Cloud Join.

Similar presentations

Ads by Google