OpenID Specification Work Update OpenID Retail Summit – March 8, 2011 Mike Jones – Microsoft
Spec Work Ongoing Existing OpenID 2.0 specifications in use now Already work fine for many use cases Active working occurring to extend specifications for new use cases Mobile phones and other limited platforms “Facebook Connect” style functionality for easy registration Easier deployment than OpenID 2.0
Working Group Spec work occurring in “Artifact Binding” working group Incorporates submissions to former “Connect” working group Merger sometimes called “OpenID ABC” Almost certainly not final branding! OpenID specs developed via an open process All free to participate
WG Participants Key working group participants: Nat Sakimura – Nippon Research Institute – Japan John Bradley – Independent – Chile Breno de Medeiros – Google – US Paul Tarjan – Facebook – US Axel Nennker – Deutsche Telekom – Germany Kick Willemse – Independent – Netherlands Tony Nadalin – Microsoft – US Mike Jones – Microsoft – US By no means an exhaustive list!
Spec Structure OpenID AB spec contains in two parts Core – abstract specification Binding – OAuth 2 based binding JSON Web Token (JWT) spec with signing Next version will add encryption Other specs like UMA are looking to adopt it Discovery a separate spec Will refer to OAuth 2.0 specs once finished
Spec Progress Current status Core – 70% done Bindings – 75% done (pending OAuth 2.0 completion) Discovery – 80% (working from SWD) JWT – 90% done for tokens and signature Encryption remains to be specified OAuth 2.0 – 95% Target: Complete drafts by Internet Identity Workshop (IIW) in May
Implementation Status OpenID ABC Demo version of core and artifact binding available in PHP (BitBucket) Code needs updates for current JWT and yesterday’s spec results JSON Web Token (JWT) Implementations for Java, PHP, Python, Ruby, .NET
ABC Capabilities Artifact Binding UserInfo Endpoint Simple RPs Higher LoA Session Management Unregistered Clients OAuth 2 Integration Use of JWTs Single Logout
Open Spec Issues Kinds of identifiers are supported Harmonization with OAuth 2 Permissioning distributed attribute providers Claims specification and integration Trust metadata formats and transports
Identifiers Need to define the supported formats and normalization rules E-mail Address http/https URL Phone Number?
Use of Summits May IIW : Review drafts, make remaining decisions Munich: Brief participants on progress, specs - gather input Tokyo: Test implementations; learn from implementation and deployment experiences Colorado: Interop work – potentially in cooperation with OSIS London: Brief participants on progress, specs - gather input Nov IIW: Spec refinement and/or finalization
Discussion & Resources Artifact Binding Working Group Wiki Page http://wiki.openid.net/w/page/12995134/Artifact-Binding Artifact Binding Mailing List http://lists.openid.net/mailman/listinfo/openid-specs-ab My blog: http://self-issued.info/