The Name is the Thing: “The ARPU of Identity”

The name is the thing. The name of this Open Identity Exchange White Paper, the “ARPU of Identity”, is deliberate. ARPU, Average Revenue Per User, is one metric telcos use to measure success. By deliberately using a traditional lens that telcos use, this paper puts emerging Internet identity markets into a pragmatic perspective. The focus of the white paper is [...]


Crossing the Chasm of Consumer Consent

This week Open Identity Exchange publishes a white paper on the “ARPU of Identity”.   The focus of the white paper is on how MNOs and telecommunications companies can monetize identity markets and thereby improve their average revenue per user, or ARPU.   Its author and highly regarded data scientist, Scott Rice, makes a point that [...]


Crossing the Chasm In Mobile Identity: OpenID Foundation’s Mobile Profile Working Group

Mobile Network Operators (MNOs) worldwide are in various stages of “crossing the chasm” in the Internet identity markets. As Geoffrey A. Moore noted in his seminal work, the most difficult step is making the transition between early adopters and pragmatists. The chasm crossing Moore refers to points to the bandwagon effect and the role standards [...]


General Availability of Microsoft OpenID Connect Identity Provider

Microsoft has announced the general availability of the Azure Active Directory OpenID Connect Identity Provider.  It supports the discovery of provider information as well as session management (logout).  On this occasion, the OpenID Foundation wants to recognize Microsoft for its contributions to the development of the OpenID Connect specifications and congratulate them on the general availability of their [...]


Review of Proposed Errata to OpenID Connect Specifications

The OpenID Connect Working Group recommends the approval of Errata to the following specifications: OpenID Connect Core 1.0 – Defines the core OpenID Connect functionality: authentication built on top of OAuth 2.0 and the use of Claims to communicate information about the End-User OpenID Connect Discovery 1.0 – Defines how Relying Parties dynamically discover information [...]


Review of Proposed Implementer’s Draft of OpenID 2.0 to OpenID Connect Migration Specification

The OpenID Connect Working Group recommends approval of the following specification as an OpenID Implementer’s Draft: OpenID 2.0 to OpenID Connect Migration 1.0 – Defines how to migrate from OpenID 2.0 to OpenID Connect An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. This note [...]


The Economics of Identity 3

Those of us working on Internet identity issues have lots of conferences to attend when it comes to technology and privacy. Less attention has been paid to how to make money, how value is created, and how business models and monetization works across sectors. Meanwhile governments and companies are reorganizing to better address Internet identity [...]


Covert Redirect

“Covert Redirect”, publicized in May, 2014, is an instance of attackers using open redirectors – a well-known threat, with well-known means of prevention. The OpenID Connect protocol mandates strict measures that preclude open redirectors to prevent this vulnerability. Please see Section 4.2.4 of RFC 6819 (http://tools.ietf.org/html/rfc6819#section-4.2.4) for more information on open redirector threats and their [...]


More Momentum: OpenID Connect Adoption 6

In my last blog, I noted, “it’s time to build out the final elements of OpenID Connect and move to mobile.” We’ll soon announce the official working group with the GSMA focused on a OpenID Connect mobile profile. Foundation members, partners and independent developers continue to integrate OpenID Connect in robust and interoperable identity services [...]