IIW is rapidly approaching.
We plan to take advantage of face to face discussions on the around the next version of openID.
For those attending and others I want to point to the various potions of the spec work so that people have that in hand for IIW.
One of the changes from openID 2.0 is that the new specification is more modular.
The following diagram illustrates the components and links to the specs:
(Click on the diagram to see each specifications.)
We are supporting multiple OAuth Flows for different device types.
The heart of OpenID Connect is the Core spec that describes the abstract protocol.
Session Management is currently a separate spec, however it may be folded into Core.
We are hoping to use our face 2 face time around IIW to resolve some of the outstanding issues:
- Claimed ID type. We have two proposals, one for a single URL and another for a two part identifier where the user_ID and the IdP/OP identifier are separate.
- An extension for PAPE/Authentication Context. This will be required for government and other higher security applications.
- A formal spec for the User Info Endpoint and defining the base attribute schema.
- Defining how other extensions can be added.
- Defining a syntax for requesting sets of claims from trusted sources.
We will be producing a implementers guide to make it easier for people to build clients without having to wade through all of the separate specs.
Expect an update after IIW in May.