Presentation is loading. Please wait.

Presentation is loading. Please wait.

OpenID Connect Update and Discussion Mountain View Summit – September 12, 2011 Mike Jones – Microsoft John Bradley – Independent Nat Sakimura – Nomura.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "OpenID Connect Update and Discussion Mountain View Summit – September 12, 2011 Mike Jones – Microsoft John Bradley – Independent Nat Sakimura – Nomura."— Presentation transcript:

1 OpenID Connect Update and Discussion Mountain View Summit – September 12, 2011 Mike Jones – Microsoft John Bradley – Independent Nat Sakimura – Nomura Research Institute

2 Working Together OpenID Connect

3 Presentation Overview Recent Timeline OpenID Connect Design Criteria OpenID Connect Overview Developer Feedback Incorporated Next Steps Resources Open Discussion

4 Recent Timeline Weekly spec calls began, January 2011 Open issued closed at IIW, May 2011 Result branded “OpenID Connect”, May 2011 Developer feedback, May 2011 to present Functionally complete specs, July 2011 Formal issue tracking began, July 2011 Interop testing, September 2011 Simpler specs published incorporating developer feedback, September 2011

5 Design Criteria Easy Things EasyHarder Things PossibleModular Design

6 Easy Things Easy Standard UserInfo for Simple “Connect” Ability Designed to Work Well on Mobile Phones

7 How We Make It Easy Build on OAuth 2.0 Use JavaScript Object Notation (JSON) data structures Can only build functionality that you need Goal: Easy implementation on all modern web platforms

8 Harder Things Possible Claims AggregationDistributed ClaimsEncrypted Claims

9 Connect Overview

10 Basic Client Profile Single, simple, self-contained client spec All you need for web-based RP utilizing pre- configured set of OPs http://openid.net/specs/openid-connect-basic-1_0.html

11 Discovery & Registration Enables dynamic configurations in which sets of OPs and RPs are not pre-configured – Necessary for “open” deployments Discovery enables RPs to learn about OP endpoints Registration enables RPs to use OPs they are not pre-registered with http://openid.net/specs/openid-connect-discovery-1_0.html http://openid.net/specs/openid-connect-registration-1_0.html

12 Messages & Standard Messages spec defines data formats exchanged in OpenID Connect messages Standard spec is HTTP binding for Messages (Basic is profile of Messages and Standard) Needed for OPs, native client apps, and RPs needing functionality not in Basic – E.g., claims not in default UserInfo set http://openid.net/specs/openid-connect-messages-1_0.html http://openid.net/specs/openid-connect-standard-1_0.html

13 Session Management For OPs and RPs needing session management capabilities Example capability: Logout http://openid.net/specs/openid-connect-session-1_0.html

14 Underpinnings OAuth 2.0 family of specs – OAuth 2.0 core – OAuth 2.0 bearer JWT family of specs – JSON Web Token (JWT) – JSON Web Signature (JWS) – JSON Web Encryption (JWE) – JSON Web Key (JWK) Simple Web Discovery (SWD)

15 Developer Feedback Incorporated Asked for simpler, more modular specs – Basic Client spec a direct result of this feedback – Messages and Standard also a simpler factoring Asked for UserInfo schema to be more like Facebook Connect – Changed spelling of claim names from camelCase to lowercase_with_underscores – Changed from Portable Contacts schema to current one Asked for more meaningful JSON identifiers – Changed OpenID identifiers to be full words, e.g.: “idt” -> “id_token” “loc” -> “locale” Dozens of corrections and clarifications

16 Connect Next Steps Discuss and close open issues at this Summit – Including those arising from interop work! Incorporate resolutions into specs Membership vote on Implementers Drafts Deployments Incorporate feedback arising from deployments Membership vote on Final Specifications Other Connect-related work happening in parallel

17 Resources OpenID Connect Page – http://openid.net/connect/ http://openid.net/connect/ Artifact Binding Working Group Mailing List – http://lists.openid.net/mailman/listinfo/openid-specs-ab http://lists.openid.net/mailman/listinfo/openid-specs-ab OpenID Connect Interop Mailing List – http://groups.google.com/group/openid-connect-interop http://groups.google.com/group/openid-connect-interop Mike Jones’ Blog – http://self-issued.info/ http://self-issued.info/

18 Open Discussion Taking full advantage of us all being here!

19 Backup Slides

20 Connect Capabilities Dynamic Clients Mobile Support UserInfo Endpoint Simple RPs Session Management OAuth 2 Integration Use of JWTs and JSON data structures Single Logout Aggregated and Distributed Claims Encrypted Claims

21 Claims Aggregation Data Source IdP Relying Party Signed Claims

22 Distributed Claims Data Source IdP Relying Party Permission Signed Claims Better scalability, etc.

23 Working Group Participants Key working group participants: – Nat Sakimura – Nomura Research Institute – Japan – John Bradley – Independent – Chile – Breno de Medeiros – Google – US – Paul Tarjan – Facebook – US – Axel Nennker – Deutsche Telekom – Germany – Kick Willemse – Independent – Netherlands – Chuck Mortimore – Salesforce – US – Mike Jones – Microsoft – US By no means an exhaustive list!

Download ppt "OpenID Connect Update and Discussion Mountain View Summit – September 12, 2011 Mike Jones – Microsoft John Bradley – Independent Nat Sakimura – Nomura."

Similar presentations

Yammer Technical Solutions Overview

Yammer Technical Solutions Overview
Secure RESTful Interface Profile Phase 1 Briefing

Secure RESTful Interface Profile Phase 1 Briefing
© 2014 The MITRE Corporation. All rights reserved. Mark Russell OAuth and OpenID Connect Risks and Vulnerabilities 12/3/2014 Approved for Public Release;

© 2014 The MITRE Corporation. All rights reserved. Mark Russell OAuth and OpenID Connect Risks and Vulnerabilities 12/3/2014 Approved for Public Release;
OpenID Connect Update May 14, 2013 Dr. Michael B. Jones Identity Standards Architect – Microsoft.

OpenID Connect Update May 14, 2013 Dr. Michael B. Jones Identity Standards Architect – Microsoft.
Hannes Tschofenig, Blaine Cook (IETF#79, Beijing).

Hannes Tschofenig, Blaine Cook (IETF#79, Beijing).
WSO2 Identity Server Road Map

WSO2 Identity Server Road Map
© 2003 Open Mobile Alliance Ltd. All Rights Reserved. Used with the permission of the Open Mobile Alliance Ltd. under the terms as stated in this document.

© 2003 Open Mobile Alliance Ltd. All Rights Reserved. Used with the permission of the Open Mobile Alliance Ltd. under the terms as stated in this document.
Proposed Documents for JOSE: JSON Web Signature (JWS) JSON Web Encryption (JWE) JSON Web Key (JWK) Mike Jones Standards Architect – Microsoft IETF 82 –

Proposed Documents for JOSE: JSON Web Signature (JWS) JSON Web Encryption (JWE) JSON Web Key (JWK) Mike Jones Standards Architect – Microsoft IETF 82 –
OpenID Connect Working Group April 6, 2015 Mike Jones Identity Standards Architect – Microsoft.

OpenID Connect Working Group April 6, 2015 Mike Jones Identity Standards Architect – Microsoft.
IIW 2008b Report November 10-12 2008, Mountain View Abbie Barbir Nortel OASIS IDtrust Steering.

IIW 2008b Report November , Mountain View Abbie Barbir Nortel OASIS IDtrust Steering.
The Internet Identity Layer OpenID Connect Update for HIT Standards Committee’s Privacy and Security Workgroup Wednesday, March 12th from 10:00-2:45 PM.

The Internet Identity Layer OpenID Connect Update for HIT Standards Committee’s Privacy and Security Workgroup Wednesday, March 12th from 10:00-2:45 PM.
Workgroup Discussion on RESTful Application Programming Interface (API) Security Transport & Security Standards Workgroup January 12, 2014.

Workgroup Discussion on RESTful Application Programming Interface (API) Security Transport & Security Standards Workgroup January 12, 2014.
Openid Connect https://store.theartofservice.com/the-openid-connect-toolkit.html.

Openid Connect
IETF #91 OAuth Meeting Derek Atkins Hannes Tschofenig.

IETF #91 OAuth Meeting Derek Atkins Hannes Tschofenig.
Hannes Tschofenig, Blaine Cook. 6/4/2016 IETF #77, SAAG 2 The Problem.

Hannes Tschofenig, Blaine Cook. 6/4/2016 IETF #77, SAAG 2 The Problem.
UMA’s relationship to distributed authorization concepts 19 October 2013

UMA’s relationship to distributed authorization concepts 19 October 2013
Observations from the OAuth Feature Survey Mike Jones March 14, 2013 IETF 86.

Observations from the OAuth Feature Survey Mike Jones March 14, 2013 IETF 86.
THE DEVIL IS IN THE (IMPLEMENTATION) DETAILS: AN EMPIRICAL ANALYSIS OF OAUTH SSO SYSTEMS SAN-TSAI SUN & KONSTANTIN BEZNOSOV PRESENTED BY: NAZISH KHAN COMPSCI.

THE DEVIL IS IN THE (IMPLEMENTATION) DETAILS: AN EMPIRICAL ANALYSIS OF OAUTH SSO SYSTEMS SAN-TSAI SUN & KONSTANTIN BEZNOSOV PRESENTED BY: NAZISH KHAN COMPSCI.
Overview and update Pete Raymond. » Purpose of this presentation » Background » JSR Requirements » Key concepts » Relationship to other standards/approaches.

Overview and update Pete Raymond. » Purpose of this presentation » Background » JSR Requirements » Key concepts » Relationship to other standards/approaches.
Access Management 2.0: UMA for the #UMAam20 for questions 20 March 2014 tinyurl.com/umawg for slides, recording, and more 1.

Access Management 2.0: UMA for the #UMAam20 for questions 20 March 2014 tinyurl.com/umawg for slides, recording, and more 1.

Similar presentations

Ads by Google