Yearly Archives: 2014

US Government Office of the National Coordinator for Health Information Technology (ONC) Joins the OpenID Foundation 1

The Office of the National Coordinator for Health Information Technology (ONC) located within the Office of the Secretary for the U.S. Department of Health and Human Services (HHS) has joined the OpenID Foundation (OIDF). ONC is the principal federal entity charged with coordination of nationwide efforts to implement and utilize […]

The Economics of Identity 3

Those of us working on Internet identity issues have lots of conferences to attend when it comes to technology and privacy. Less attention has been paid to how to make money, how value is created, and how business models and monetization works across sectors. Meanwhile governments and companies are reorganizing […]

Covert Redirect

“Covert Redirect”, publicized in May, 2014, is an instance of attackers using open redirectors – a well-known threat, with well-known means of prevention. The OpenID Connect protocol mandates strict measures that preclude open redirectors to prevent this vulnerability. Please see Section 4.2.4 of RFC 6819 ( for more information on […]

Growing list of OpenID Connect libraries available 4

The list of publicly available OpenID Connect libraries is growing, with implementations available for numerous development platforms and environments, including Drupal, Java, PHP, Python, and Ruby. See the Libraries page for a list of OpenID Connect libraries, as well as libraries implementing the related JSON Web Token (JWT) and JSON […]

Last Call on the Launch and the Move to Mobile

This is my first blog after a successful OpenID Connect launch in San Francisco, Barcelona and Japan on February 26th. The launch generated global buzz and coverage. Below are a few links to my previous posts highlighting statements of support and press coverage: Statements of Support Additional Statements of Support […]

The OpenID Foundation Launches the OpenID Connect Standard 27

Providing Increased Security, Usability, and Privacy on the Internet RSA 2014 and Mobile World Congress- San Francisco, CA, and Barcelona, Spain – Feb. 26, 2014 – The OpenID Foundation announced today that its membership has ratified the OpenID Connect standard.  Organizations and businesses can now use OpenID Connect to develop […]

A Great Day for Internet Identity 2

Passwords are a pain. Internet security is difficult. But getting consensus among competing vendors, independent developers, privacy advocates seemed impossible. But OpenID Connect is finally done. This internet identity layer is already helping websites, enterprises and mobile network operators identify people. OpenID Connect enables better privacy controls and stronger (and […]

OpenID Connect FAQ Now Available

With the OpenID Connect specifications expected to be approved on Tuesday, February 25, 2014, a set of answers to Frequently Asked Questions has been published at to help answer questions people might have about OpenID Connect. OpenID Connect is an interoperable authentication protocol based on the OAuth 2.0 family […]