Connect	
OpenID	
OpenID Connect	
Nat Sakimura
Chairman Senior Researcher
C6b. New School Identity Frameworks Panel
Foundat...
Connect	
OpenID	
OAuth 2.0	
Identity Layer on top of	
Base Protocol
Connect	
OpenID	
Q	
Identity
Connect	
OpenID	
Identity = set of attributes
related to an entity [iso 29115]
Connect	
OpenID	
Entity	
 Identity
Connect	
OpenID	
Entity	
Human	
 Machine	
 Service
Connect	
OpenID	
No direct way to perceive	
Human
Connect	
OpenID	
Blond/grey	
Silver frame
glasses	
6’5” tall
Connect	
OpenID	
Entity	
Identity	
Identity	
Sex	
Mail	
height	
Boy
Friend	
Sex	
 height	
Real
Name	
Self Recognition	
Del...
Connect	
OpenID	
Man	
Identity	
Identity	
Identity
Connect	
OpenID	
Man	
Work	
Husband	
Father
Connect	
OpenID	
daughter	
mother	
wife	
girl
friend
collea-
gue	
boss	
community
member friend
Woman
Connect	
OpenID	
YOU	
Identity
A	
Identity
B	
Identity
C	
Site A	
Site B	
Site C
Connect	
OpenID	
Q	
Why not just OAuth?
Connect	
OpenID	
OAuth is an Access Granting Protocol	
Betty’s
Profile	
Alice	
 Cindy	
Cindy ≠ Betty	
Alice ≠ Betty
Connect	
OpenID	
Facebook extends OAuth with
“signed request”
“ID Token”
in OpenID Connect
Connect	
OpenID	
Token Swap Attack
Connect	
OpenID	
Login with Amazon
Connect	
OpenID	
http://blog.chromium.org/2013/07/richer-
access-to-google-services-and.html?m=1
Connect	
OpenID	
Signed Request	
•  Works only with
a single identity
provider
•  Proprietary
signature format	
ID Token	
...
Connect	
OpenID	
ID Token Claims Example
{
"iss": "https://server.example.com",
"sub": "248289761001",
"aud": "0acf77d4-b4...
Connect	
OpenID	
Stick with OpenID Connect
and not “OAuth Authentication”
Connect	
OpenID	
An Identity Layer provides: 	
•  is the user that got authenticated	
Who 	
•  was he authenticated	
Where...
Connect	
OpenID	
	
Interoperable	
Simple
&
Mobile
Friendly	
Secure	
Flexible
Connect	
OpenID	
	
Interoperable	
Simple
&
Mobile
Friendly	
Secure	
Flexible
Connect	
OpenID	
	
Interoperable	
Simple
&
Mobile
Friendly	
Secure	
Flexible
Connect	
OpenID	
	
Interoperable	
Simple
&
Mobile
Friendly	
Secure	
Flexible
Connect	
OpenID	
	
Interoperable	
Simple
&
Mobile
Friendly	
Secure	
Flexible
Connect	
OpenID	
Interoperable 	
•  openid, profile, email, address, phone	
Standard scopes	
•  Request object and claims	...
Connect	
OpenID	
Simple & Mobile Friendly	
JSON Based	
REST Friendly	
In simplest cases,
just copy and paste	
Mobile & App...
Connect	
OpenID	
Secure	
•  ISO/IEC 29115 Entity Authentication
Assurance
•  Choice of crypto	
LoA1	
LoA2	
LoA3	
LoA4
Connect	
OpenID	
Flexible	
•  Through Request Object (JSON)	
•  Data Minimization	
Granular
Request	
•  Does not disclose ...
Connect	
OpenID	
Choice of your provider	
Can be Google,
eBay, AOL,
Deutsche
Telecom etc. 	
Can be your
Phone =>
Self-Issu...
Connect	
OpenID	
Details
Connect	
OpenID	
Name: Alice de
Wonderland
Mail: alice@example.com
Notary: Google. 	
Official
Google
Seal
株式会
社グー
グル印
Name...
Connect	
OpenID	
1.  Who are YOU? Give me
a valet key to your house.
Then I will trust that
you are the owner of the house...
Connect	
OpenID	
OpenID Connect Authentication	
1.  Who are you. Get me
a referral letter.
Do not forget about
Your email!...
Connect	
OpenID	
OpenID Connect's Clams aggregation and
distributed claims. 	
Name: Alice de Wanderland
DoB: 1989/3/3
Sex:...
Connect	
OpenID	
Applying it to Enterprise model
Connect	
OpenID	
Entity	
Identity	
Identity	
Sex	
Mail	
height	
Boy
Friend	
Sex	
 height	
Real
Name	
Self Recognition	
Del...
Connect	
OpenID	
Real
Name	
Professional
qualification 	
department	
Geo-location	
Employee
number	
Entity	
 Identity	
 Re...
Connect	
OpenID	
ABAC (Attribute Based Access Control)	
Based on SP800-162 figure on page viii	
identity	
Resource	
Rules
Connect	
OpenID	
Real
Name	
Professional
qualification 	
department	
Geo-location	
Employee
number	
Entity	
 Identity	
Res...
Connect	
OpenID	
Q	
What kind of
“Identity” (set of attributes)
an enterprise needs?
Connect	
OpenID	
Current Standard Claims wont do
Connect	
OpenID	
UserInfo Claims
•  sub
•  name
•  given_name
•  family_name
•  middle_name
•  nickname
•  preferred_usern...
Connect	
OpenID	
UserInfo Claims Example
{
"sub": "248289761001",
"name": "Jane Doe",
"given_name": "Jane",
"family_name":...
Connect	
OpenID	
Perhaps we need standard
“enterprise” claims
Connect	
OpenID	
SCIM?
Connect	
OpenID	
SCIM Enterprise User Schema Extension	
•  employeeNumber
–  Numeric or alphanumeric identifier assigned t...
Connect	
OpenID	
Not Quite.
Connect	
OpenID	
Perhaps we need standard
“enterprise” claims
Connect	
OpenID	
Q	
When shall I start using
OpenID Connect?
Connect	
OpenID	
Timeline	
2nd
Implementers
Draft Public
Review (45
days)
2nd
Implementers
Draft Vote
(14 days)	
Final Rev...
Connect	
OpenID	
Q	
uestions?
Connect	
OpenID	
OAuth and OpenID Connect:
In the Trenches	
Wednesday, July 10, 4:00 – 5:30 PM
Salon C/D/E	
to be continue...
Connect	
OpenID	
Details …
Connect	
OpenID	
Working Together
OpenID Connect
Connect	
OpenID	
Working Group Members
•  Key working group participants:
–  Nat Sakimura – Nomura Research Institute – Ja...
Connect	
OpenID	
Design Philosophy
Simple Things Simple	
Complex Things
Possible
Connect	
OpenID	
Simple Things Simple
UserInfo endpoint for
simple claims about
user	
Designed to work well
on mobile phon...
Connect	
OpenID	
How We Make It Simple
•  Build on OAuth 2.0
•  Use JavaScript Object Notation (JSON)
•  Build only the pi...
Connect	
OpenID	
Complex Things Possible
Encrypted Claims	
Aggregated Claims	
Distributed Claims
Connect	
OpenID	
A Look Under the Covers
•  ID Token
•  Claims Requests
•  UserInfo Claims
•  Example Protocol Messages
Connect	
OpenID	
OpenID Connect Authentication	
1.  Who are you. Get me
a referral letter.
Do not forget about
Your email!...
Connect	
OpenID	
ID Token
•  JWT representing logged-in session
•  Claims:
–  iss – Issuer
–  sub – Identifier for subject...
Connect	
OpenID	
ID Token Claims Example
{
"iss": "https://server.example.com",
"sub": "alice",
"aud": "https://bob.exampl...
Connect	
OpenID	
at_hash makes
ID Token
a detached signature
for the access token
Connect	
OpenID	
azp allows token to be used by another party	
Site X	
Cindy	
Bob	
ID Token
Access Token
Connect	
OpenID	
Using Access Token only for Authentication is
Dangerous. 	
1.  Who are you. Get me
a referral letter.
Do ...
Connect	
OpenID	
OpenID Connect's Clams aggregation and
distributed claims. 	
Name: Alice de Wanderland
DoB: 1989/3/3
Sex:...
Connect	
OpenID	
Aggregated Claims
Data
Source	
Data
Source	
Identity
Provider
Relying
Party
Signed Claims	
Claim Values
Connect	
OpenID	
Distributed Claims
Identity
Provider
Signed Claims	
Relying
Party
Claim Refs	
Data
Source	
Data
Source
Connect	
OpenID	
Claims Requests
•  Basic requests made using OAuth scopes:
–  openid – Declares request is for OpenID Con...
Connect	
OpenID	
Request Object
Connect	
OpenID	
You can register it at registration
time :
request_uri	
Personally Recommended
Connect	
OpenID	
Authorization Request Example
https://server.example.com/authorize
?response_type=token%20id_token
&clien...
Connect	
OpenID	
Authorization Response Example
HTTP/1.1 302 Found
Location: https://client.example.com/cb
#access_token=m...
Connect	
OpenID	
UserInfo Request Example
GET /userinfo?schema=openid HTTP/1.1
Host: server.example.com
Authorization: Bea...
Connect	
OpenID	
Connect Specs Overview
Connect	
OpenID	
Resources
•  OpenID Connect
–  http://openid.net/connect/
•  OpenID Connect Working Group Mailing List
– ...
Connect	
OpenID	
Current Status	
•  Waiting for dependencies to be completed
•  JWS, JWE, JWA, JWK	
IETF JOSE
WG	
•  JSON ...
Connect	
OpenID	
Interop testing underway	
AOL, Google, IBM,
Layer 7, Mitre, NRI,
@nov, Orange, eBay,
Gluu, Ping Identity,...
Connect	
OpenID	
Start Building
Connect	
OpenID	
Start Building	
Now!
Connect	
OpenID	
http://nat.sakimura.org/
Upcoming SlideShare
Loading in …5
×

CIS13: Introduction to OpenID Connect

1,747 views

Published on

Nat Sakimura, Senior Researcher, Information Tech. Research Dept, Nomura Research Institute
OpenID Connect is a layer on top of the OAuth 2.0 protocol that adds critical identity-related information and validation to API interactions. Targeted both towards Web SSO and native application scenarios, OpenID Connect defines all the pieces necessary for an IT department to deliver an industry best practice identity regime based on the OAuth 2.0 protocol. Join Nat Sakimura to find out about ID Tokens, userinfo REST endpoints, dynamic client registration, session management, discovery, and all the other important concepts that OpenID Connect standardizes.

Published in: Technology, News & Politics
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,747
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
42
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

CIS13: Introduction to OpenID Connect

  1. 1. Connect OpenID OpenID Connect Nat Sakimura Chairman Senior Researcher C6b. New School Identity Frameworks Panel Foundation
  2. 2. Connect OpenID OAuth 2.0 Identity Layer on top of Base Protocol
  3. 3. Connect OpenID Q Identity
  4. 4. Connect OpenID Identity = set of attributes related to an entity [iso 29115]
  5. 5. Connect OpenID Entity Identity
  6. 6. Connect OpenID Entity Human Machine Service
  7. 7. Connect OpenID No direct way to perceive Human
  8. 8. Connect OpenID Blond/grey Silver frame glasses 6’5” tall
  9. 9. Connect OpenID Entity Identity Identity Sex Mail height Boy Friend Sex height Real Name Self Recognition Delta between Self and 3rd Party Recognition = interpersonal problem Delta between Self and 3rd Party Recognition= interpersonal problem Role Relatio nship 3rd Party Recognition Relationship Friends Boss Self Recognition 3rd Party Recognition Street Address Nickname Birthday Street Address Employee number licnese performance
  10. 10. Connect OpenID Man Identity Identity Identity
  11. 11. Connect OpenID Man Work Husband Father
  12. 12. Connect OpenID daughter mother wife girl friend collea- gue boss community member friend Woman
  13. 13. Connect OpenID YOU Identity A Identity B Identity C Site A Site B Site C
  14. 14. Connect OpenID Q Why not just OAuth?
  15. 15. Connect OpenID OAuth is an Access Granting Protocol Betty’s Profile Alice Cindy Cindy ≠ Betty Alice ≠ Betty
  16. 16. Connect OpenID Facebook extends OAuth with “signed request” “ID Token” in OpenID Connect
  17. 17. Connect OpenID Token Swap Attack
  18. 18. Connect OpenID Login with Amazon
  19. 19. Connect OpenID http://blog.chromium.org/2013/07/richer- access-to-google-services-and.html?m=1
  20. 20. Connect OpenID Signed Request •  Works only with a single identity provider •  Proprietary signature format ID Token •  Works with multiple identity providers •  IETF JSON Web Signature
  21. 21. Connect OpenID ID Token Claims Example { "iss": "https://server.example.com", "sub": "248289761001", "aud": "0acf77d4-b486-4c99-bd76-074ed6a64ddf", "iat": 1311280970, "exp": 1311281970, "nonce": "n-0S6_WzA2Mj" }
  22. 22. Connect OpenID Stick with OpenID Connect and not “OAuth Authentication”
  23. 23. Connect OpenID An Identity Layer provides: •  is the user that got authenticated Who •  was he authenticated Where •  was he authenticated When •  was he authenticated How •  attributes he can give you What •  he is providing them Why
  24. 24. Connect OpenID Interoperable Simple & Mobile Friendly Secure Flexible
  25. 25. Connect OpenID Interoperable Simple & Mobile Friendly Secure Flexible
  26. 26. Connect OpenID Interoperable Simple & Mobile Friendly Secure Flexible
  27. 27. Connect OpenID Interoperable Simple & Mobile Friendly Secure Flexible
  28. 28. Connect OpenID Interoperable Simple & Mobile Friendly Secure Flexible
  29. 29. Connect OpenID Interoperable •  openid, profile, email, address, phone Standard scopes •  Request object and claims Method to ask for more granular claims •  Info about the authenticated user ID Token •  Get attributes about the user •  Translate the tokens UserInfo endpoint
  30. 30. Connect OpenID Simple & Mobile Friendly JSON Based REST Friendly In simplest cases, just copy and paste Mobile & App Friendly e.g., ID Token is signed JSON { "iss": "https://client.example.com", ”sub": "24400320", "aud": "s6BhdRkqt3", "nonce": "n-0S6_WzA2Mj", "exp": 1311281970, "iat": 1311280970, "auth_time": 1311280969, "acr": "2", "at_hash": "MTIzNDU2Nzg5MDEyMzQ1Ng" }
  31. 31. Connect OpenID Secure •  ISO/IEC 29115 Entity Authentication Assurance •  Choice of crypto LoA1 LoA2 LoA3 LoA4
  32. 32. Connect OpenID Flexible •  Through Request Object (JSON) •  Data Minimization Granular Request •  Does not disclose data recipients to data sources Aggregated Claims •  Decentralized Data Storage Distributed Claims
  33. 33. Connect OpenID Choice of your provider Can be Google, eBay, AOL, Deutsche Telecom etc. Can be your Phone => Self-Issued Provider
  34. 34. Connect OpenID Details
  35. 35. Connect OpenID Name: Alice de Wonderland Mail: alice@example.com Notary: Google. Official Google Seal 株式会 社グー グル印 Name: Alice de Wonderland Mail: alice@example.com Notary: Google. SAML Authentication 1.  Who are you. Get me a referral letter. Do not forget about Your email! 2. Plz write me a referral letter。 3. Here you are Alice 4. Here is the certificate. notary Eve Official Google Seal
  36. 36. Connect OpenID 1.  Who are YOU? Give me a valet key to your house. Then I will trust that you are the owner of the house. 2. Can you give me a valet key to my house? 3. Here you are! Alice 4. Her is the key! Pseudo-Authentication using OAuth Apartment Controller Eve
  37. 37. Connect OpenID OpenID Connect Authentication 1.  Who are you. Get me a referral letter. Do not forget about Your email! 2. Give Eve the locker Key and a referral letter. 3. Here you are! Alice 4. Here you are Date:2011/5/15 11:00:04 Level of Assurance:2 Verifier:Google Official Google Seal Butler Locker Locker Eve Date:2011/5/15 11:00:04 Level of Assurance:2 Verifier:Google Official Google Seal
  38. 38. Connect OpenID OpenID Connect's Clams aggregation and distributed claims. Name: Alice de Wanderland DoB: 1989/3/3 Sex: F Address: 135 Broadway., NY, NY NY City Official Seal Locker UserInfo Endpoint Site X Site Y Site Z Eve
  39. 39. Connect OpenID Applying it to Enterprise model
  40. 40. Connect OpenID Entity Identity Identity Sex Mail height Boy Friend Sex height Real Name Self Recognition Delta between Self and 3rd Party Recognition = interpersonal problem Delta between Self and 3rd Party Recognition= interpersonal problem Role Relatio nship 3rd Party Recognition Relationship Friends Boss Self Recognition 3rd Party Recognition Street Address Nickname Birthday Street Address Employee number licnese performance
  41. 41. Connect OpenID Real Name Professional qualification department Geo-location Employee number Entity Identity Resource Authentication Policy Enforcement Rules
  42. 42. Connect OpenID ABAC (Attribute Based Access Control) Based on SP800-162 figure on page viii identity Resource Rules
  43. 43. Connect OpenID Real Name Professional qualification department Geo-location Employee number Entity Identity Resource Authentication PEP PDP PAP Boss Metadata Log Log
  44. 44. Connect OpenID Q What kind of “Identity” (set of attributes) an enterprise needs?
  45. 45. Connect OpenID Current Standard Claims wont do
  46. 46. Connect OpenID UserInfo Claims •  sub •  name •  given_name •  family_name •  middle_name •  nickname •  preferred_username •  profile •  picture •  website •  gender •  birthdate •  locale •  zoneinfo •  updated_at •  email •  email_verified •  phone_number •  phone_number_verified •  address
  47. 47. Connect OpenID UserInfo Claims Example { "sub": "248289761001", "name": "Jane Doe", "given_name": "Jane", "family_name": "Doe", "email": "janedoe@example.com", "email_verified": true, "picture": "http://example.com/janedoe/me.jpg" }
  48. 48. Connect OpenID Perhaps we need standard “enterprise” claims
  49. 49. Connect OpenID SCIM?
  50. 50. Connect OpenID SCIM Enterprise User Schema Extension •  employeeNumber –  Numeric or alphanumeric identifier assigned to a person, typically based on order of hire or association with an organization. •  costCenter –  Identifies the name of a cost center. organization Identifies the name of an organization. •  division –  Identifies the name of a division. •  department –  Identifies the name of a department. •  manager –  The User's manager. A complex type that optionally allows Service Providers to represent organizational hierarchy by referencing the "id" attribute of another User.
  51. 51. Connect OpenID Not Quite.
  52. 52. Connect OpenID Perhaps we need standard “enterprise” claims
  53. 53. Connect OpenID Q When shall I start using OpenID Connect?
  54. 54. Connect OpenID Timeline 2nd Implementers Draft Public Review (45 days) 2nd Implementers Draft Vote (14 days) Final Review (60 days) Final We are here! December 2013
  55. 55. Connect OpenID Q uestions?
  56. 56. Connect OpenID OAuth and OpenID Connect: In the Trenches Wednesday, July 10, 4:00 – 5:30 PM Salon C/D/E to be continued at …
  57. 57. Connect OpenID Details …
  58. 58. Connect OpenID Working Together OpenID Connect
  59. 59. Connect OpenID Working Group Members •  Key working group participants: –  Nat Sakimura – Nomura Research Institute – Japan –  John Bradley – Ping Identity – Chile –  Breno de Medeiros – Google – US –  Axel Nennker – Deutsche Telekom – Germany –  Torsten Lodderstedt – Deutsche Telekom – Germany –  Roland Hedberg – Umeå University – Sweden –  Andreas Åkre Solberg – UNINETT – Norway –  Chuck Mortimore – Salesforce – US –  Brian Campbell – Ping Identity – US –  George Fletcher – AOL – US –  Justin Richer – Mitre – US –  Nov Matake – Independent – Japan –  Mike Jones – Microsoft – US •  By no means an exhaustive list!
  60. 60. Connect OpenID Design Philosophy Simple Things Simple Complex Things Possible
  61. 61. Connect OpenID Simple Things Simple UserInfo endpoint for simple claims about user Designed to work well on mobile phones
  62. 62. Connect OpenID How We Make It Simple •  Build on OAuth 2.0 •  Use JavaScript Object Notation (JSON) •  Build only the pieces that you need •  Goal: Easy implementation on all modern development platforms
  63. 63. Connect OpenID Complex Things Possible Encrypted Claims Aggregated Claims Distributed Claims
  64. 64. Connect OpenID A Look Under the Covers •  ID Token •  Claims Requests •  UserInfo Claims •  Example Protocol Messages
  65. 65. Connect OpenID OpenID Connect Authentication 1.  Who are you. Get me a referral letter. Do not forget about Your email! 2. Give Eve the locker Key and a referral letter. 3. Here you are! Alice 4. Here you are Date:2011/5/15 11:00:04 Level of Assurance:2 Verifier:Google Official Google Seal Butler Locker Locker Bob Date:2011/5/15 11:00:04 Level of Assurance:2 Verifier:Google Official Google Seal Access Token ID Token
  66. 66. Connect OpenID ID Token •  JWT representing logged-in session •  Claims: –  iss – Issuer –  sub – Identifier for subject (user) –  aud – Audience for ID Token –  iat – Time token was issued –  exp – Expiration time –  nonce – Mitigates replay attacks –  at_hash – Left hash of the access token –  azp – Authorized Party
  67. 67. Connect OpenID ID Token Claims Example { "iss": "https://server.example.com", "sub": "alice", "aud": "https://bob.example.com", "iat": 1311280970, "exp": 1311281970, "nonce": "n-0S6_WzA2Mj", "at_hash": "MTIzNDU2Nzg5MDEyMzQ1Ng", "azp": "https://cindy.example.com/" }
  68. 68. Connect OpenID at_hash makes ID Token a detached signature for the access token
  69. 69. Connect OpenID azp allows token to be used by another party Site X Cindy Bob ID Token Access Token
  70. 70. Connect OpenID Using Access Token only for Authentication is Dangerous. 1.  Who are you. Get me a referral letter. Do not forget about Your email! 2. Give Eve the locker Key and a referral letter. 3. Here you are! Alice 4. Here you are Butler Access Token Eve
  71. 71. Connect OpenID OpenID Connect's Clams aggregation and distributed claims. Name: Alice de Wanderland DoB: 1989/3/3 Sex: F Address: 135 Broadway., NY, NY NY City Official Seal Locker UserInfo Endpoint Site X Site Y Site Z Bob
  72. 72. Connect OpenID Aggregated Claims Data Source Data Source Identity Provider Relying Party Signed Claims Claim Values
  73. 73. Connect OpenID Distributed Claims Identity Provider Signed Claims Relying Party Claim Refs Data Source Data Source
  74. 74. Connect OpenID Claims Requests •  Basic requests made using OAuth scopes: –  openid – Declares request is for OpenID Connect –  profile – Requests default profile info –  email – Requests email address & verification status –  address – Requests postal address –  phone – Requests phone number & verification status –  offline_access – Requests Refresh Token issuance •  Requests for individual claims can be made using JSON “claims” request parameter
  75. 75. Connect OpenID Request Object
  76. 76. Connect OpenID You can register it at registration time : request_uri Personally Recommended
  77. 77. Connect OpenID Authorization Request Example https://server.example.com/authorize ?response_type=token%20id_token &client_id=0acf77d4-b486-4c99-bd76-074ed6a64ddf &redirect_uri=https%3A%2F%2Fclient.example.com%2Fcb &scope=openid%20profile &state=af0ifjsldkj &nonce=n-0S6_WzA2Mj
  78. 78. Connect OpenID Authorization Response Example HTTP/1.1 302 Found Location: https://client.example.com/cb #access_token=mF_9.B5f-4.1JqM &token_type=bearer &id_token=eyJhbGzI1NiJ9.eyJz9Glnw9J.F9-V4IvQ0Z &expires_in=3600 &state=af0ifjsldkj
  79. 79. Connect OpenID UserInfo Request Example GET /userinfo?schema=openid HTTP/1.1 Host: server.example.com Authorization: Bearer mF_9.B5f-4.1JqM
  80. 80. Connect OpenID Connect Specs Overview
  81. 81. Connect OpenID Resources •  OpenID Connect –  http://openid.net/connect/ •  OpenID Connect Working Group Mailing List –  http://lists.openid.net/mailman/listinfo/openid-specs-ab •  OpenID Connect Interop Wiki –  http://osis.idcommons.net/ •  OpenID Connect Interop Mailing List –  http://groups.google.com/group/openid-connect-interop •  Mike Jones’ Blog –  http://self-issued.info/ •  Nat Sakimura’s Blog –  http://nat.sakimura.org/ •  John Bradley’s Blog –  http://www.thread-safe.com/
  82. 82. Connect OpenID Current Status •  Waiting for dependencies to be completed •  JWS, JWE, JWA, JWK IETF JOSE WG •  JSON Web Token (JWT) IETF OAuth WG •  WebFinger IETF Apps WG
  83. 83. Connect OpenID Interop testing underway AOL, Google, IBM, Layer 7, Mitre, NRI, @nov, Orange, eBay, Gluu, Ping Identity, GÉANT, @ritou, Emmanuel Raviart 120+ feature tests 14 implementations
  84. 84. Connect OpenID Start Building
  85. 85. Connect OpenID Start Building Now!
  86. 86. Connect OpenID http://nat.sakimura.org/

×