Spec Update - OpenID Retail Summit at PayPal
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,115
On Slideshare
1,115
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
5
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. OpenID Specification Work Update
    OpenID Retail Summit – March 8, 2011
    Mike Jones – Microsoft
  • 2. Spec Work Ongoing
    Existing OpenID 2.0 specifications in use now
    Already work fine for many use cases
    Active working occurring to extend specifications for new use cases
    Mobile phones and other limited platforms
    “Facebook Connect” style functionality for easy registration
    Easier deployment than OpenID 2.0
  • 3. Working Group
    Spec work occurring in “Artifact Binding” working group
    Incorporates submissions to former “Connect” working group
    Merger sometimes called “OpenID ABC”
    Almost certainly not final branding!
    OpenID specs developed via an open process
    All free to participate
  • 4. WG Participants
    Key working group participants:
    Nat Sakimura – Nippon Research Institute – Japan
    John Bradley – Independent – Chile
    Breno de Medeiros – Google – US
    Paul Tarjan – Facebook – US
    Axel Nennker – Deutsche Telekom – Germany
    Kick Willemse – Independent – Netherlands
    Tony Nadalin – Microsoft – US
    Mike Jones – Microsoft – US
    By no means an exhaustive list!
  • 5. New Spec Building Blocks
    Build on OAuth 2.0
    Use JavaScript Object Notation (JSON)
    JSON Web Token (JWT) claims representation
    Goal: Easy implementation on all modern web platforms
  • 6. Spec Structure
    OpenID AB spec contains in two parts
    Core – abstract specification
    Binding – OAuth 2 based binding
    JSON Web Token (JWT) spec with signing
    Next version will add encryption
    Other specs like UMA are looking to adopt it
    Discovery a separate spec
    Will refer to OAuth 2.0 specs once finished
  • 7. Spec Progress
    Current status
    Core – 70% done
    Bindings – 75% done (pending OAuth 2.0 completion)
    Discovery – 80% (working from SWD)
    JWT – 90% done for tokens and signature
    Encryption remains to be specified
    OAuth 2.0 – 95%
    Target: Complete drafts by Internet Identity Workshop (IIW) in May
  • 8. Implementation Status
    OpenID ABC
    Demo version of core and artifact binding available in PHP (BitBucket)
    Code needs updates for current JWT and yesterday’s spec results
    JSON Web Token (JWT)
    Implementations for Java, PHP, Python, Ruby, .NET
  • 9. ABC Capabilities
    Artifact Binding
    UserInfo Endpoint
    Simple RPs
    Higher LoA
    Session Management
    Unregistered Clients
    OAuth 2 Integration
    Use of JWTs
    Single Logout
  • 10. Open Spec Issues
    Kinds of identifiers are supported
    Harmonization with OAuth 2
    Permissioning distributed attribute providers
    Claims specification and integration
    Trust metadata formats and transports
  • 11. Identifiers
    Need to define the supported formats and normalization rules
    E-mail Address
    http/https URL
    Phone Number?
  • 12. Use of Summits
    May IIW : Review drafts, make remaining decisions
    Munich:  Brief participants on progress, specs - gather input
    Tokyo:  Test implementations; learn from implementation and deployment experiences
    Colorado:  Interop work – potentially in cooperation with OSIS
    London:  Brief participants on progress, specs - gather input
    Nov IIW:  Spec refinement and/or finalization
  • 13. Discussion & Resources
    Artifact Binding Working Group Wiki Page
    http://wiki.openid.net/w/page/12995134/Artifact-Binding
    Artifact Binding Mailing List
    http://lists.openid.net/mailman/listinfo/openid-specs-ab
    My blog:
    http://self-issued.info/