Posted at 11:23 am on January 22, 2013 by Greg Keegstra
Since 1999, salesforce.com has been a driving force in enterprise cloud computing, sparking an “end of software” revolution that is now extending into the world of enterprise identity. At its annual Dreamforce conference last year, the company unveiled Salesforce Identity — a Cloud Identity and Access Management Platform that provides a single, social, trusted identity for enterprise applications. As part of this, Salesforce recognized a completely standards-based approach is critical and helped form the OpenID Connect working group. Salesforce.com’s membership role within the OpenID Foundation will help accelerate the maturation and adoption of OpenID Connect, and enable the company to deliver a transformative cloud identity solution that is sorely lacking in the enterprise today.
The explosion of enterprise apps has made managing access and identity needlessly complex. Users are frustrated with juggling multiple log-ins, and enterprise IT is frustrated with managing secure access across all of these apps. Salesforce.com is collaborating with other OpenID Foundation industry leaders to make OpenID Connect more viable for the modern enterprise, with its unique security needs, increasing numbers of connected apps and sprawling mobile device users.
The proliferation of a mature, enterprise-ready OpenID Connect will ultimately be a win-win for technology companies, enterprises and app developers. For their part, Salesforce has built OpenID Connect into its innovative new cloud service that will provide identity and access management services for Web and mobile applications. OpenID Foundation is a non-profit standards development organization focused on developing open identity protocols that provide for easy to use, secure user centric solutions to the challenges of online identity.
Tags: Cloud, Identity, OpenID Connect
This entry was posted
on Tuesday, January 22nd, 2013 at 11:23 am and is filed under News, Press Releases.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Posted at 9:27 am on April 18, 2012 by Nat Sakimura
Today at the European Identity and Cloud Conference it was announced that OpenID Connect has won the 2012 European Identity and Cloud Award for “Best Innovation / New Standard”. The OpenID Foundation and the Connect working group members want to thank Kuppinger Cole for this prestigious award and their vote of confidence in the significance of OpenID Connect.
Dave Kearns of Kuppinger Cole said this about the award:
“I’m pleased that Kuppinger Cole has granted OpenID Connect the award for Best Innovation/New Standard this year. What’s most impressive is that this elegantly simple design resulted from the cooperation of such a diverse global set of contributors. I expect OpenID Connect to have a substantial positive impact on usable, secure identity solutions both for traditional computing platforms and mobile devices. My congratulations to the OpenID Foundation!”
The application presented by the OpenID Foundation that resulted in the award follows.
European Identity & Cloud Awards 2012
| Project company: |
OpenID Foundation |
| Award category: |
Best Innovation / New Standard in Information Security |
1) Name of the Standard
OpenID Connect
2) Brief description of the Standard
OpenID Connect is a simple JSON/REST-based interoperable identity protocol built on top of the OAuth 2.0 family of specifications. Its design philosophy is “make simple things simple and make complicated things possible”.
While OAuth 2.0 is a generic access authorization delegation protocol, thus enabling the transfer of arbitrary data, it does not define ways to authenticate users or communicate information about them. OpenID Connect provides a secure, flexible, and interoperable identity layer on top of OAuth 2.0 so that digital identities can be easily used across sites and applications. While enabling a default set of common claims about the user (such as name, e-mail address, and a user identifier enabling SSO) to be easily employed, OpenID Connect also enables participants to exchange any claims relevant to their application using simple JSON-based data structures.
As it is based in OAuth 2.0, OpenID Connect reaches beyond the Web. OpenID Connect brings identity interactions to “apps” and “native applications” on both smart phones and traditional computing devices, in addition to Web sites.
From a security perspective, OpenID Connect was built to be able to gracefully range from the low security levels typically employed for social networks to medium security levels needed for business applications to high security requirements needed for many government applications. OpenID Connect spans this wide range of applications by using JSON-based digital signature and encryption standards.
From a privacy perspective, OpenID Connect allows the selective sharing of attributes with user consent. It also enables the use of pairwise pseudonymous identifiers, thereby avoiding correlations as appropriate.
From a business perspective, OpenID Connect meets business needs for the use of claims from multiple Claims Providers in a single context (rather than a single Identity Provider being the source of all claims for any given interaction). It enables the use of Aggregated Claims, where signed claim values can be collected and passed on by OpenID Providers and the use of Distributed Claims, where claims are passed by reference, rather than by value, and dynamically retrieved by Relying Parties.
From a design perspective, OpenID Connect’s modular design enables flexible deployments. Implementations can use only the components they need, while still remaining interoperable. For instance, “Discovery” and “Dynamic Client Registration” can used in deployments where OpenID Providers can be chosen dynamically, whereas they aren’t needed if the site or application uses only a fixed set of OpenID Providers.
Unlike the previous version of OpenID, user identities can be e-mail addresses that people already have and know, rather than being URLs that most people have difficulty using.
3) Who is contributing to the standard?
OpenID Connect was developed in an OpenID Foundation working group. OpenID working groups are open to all free of charge who sign the IPR Contribution agreement. Contributors include a diverse international representation of industry and independent technology leaders: AOL, Deutsche Telecom, Facebook, Google, Microsoft, Mitre Corporation, mixi, Nomura Research Institute, PayPal, Salesforce, Yahoo! Japan, and others.
4) When is it expected to be finalized?
OpenID Connect is in the Implementer’s Draft review period. That stage is similar to the DIS (Draft International Standard) phase of the ISO process. The approval vote will complete on February 15, 2012. The OpenID Connect specifications are expected to be competed in the second half of 2012.
5) What are the key Identity management objectives?
- Interoperability
- Security
- Ease of deployment
- Flexibility
- Wide support of devices
- Enabling Claims Providers to be distinct from Identity Providers
6) Does the standard exceed key objectives?
Yes.
7) Are there live deployments?
Yes. e.g., Google, Gakunin (Japanese Universities Network), Nikkei Newspaper, etc.
Mature deployments are under way by working group participants.
8) Does the deployment touch customers/consumers/citizens? If so, what benefit(s) is the application delivering to customers/consumers/citizens?
- More secure and familiar online interactions
- Easier to use authentication and attribute sharing
9) Does the deployment successfully address one of more of the following identity issues? If so, please provide brief examples.
- Help prevent/reduce identity theft? Yes.
- Help address ease of use issues? Yes.
- Help meet regulatory requirement? Yes.
- Meet unique vertical market objectives? Yes.
10) Why should this standard win the European Identity/Cloud Award?
OpenID Connect is a significant advance in digital identity that:
- is simple to build and deploy, being based upon existing JSON/REST standards,
- spans both Web and native applications, including mobile “apps”,
- has wide support from major cloud service providers, enterprise companies, and social networking companies,
- helps combat identity theft by reducing the number of passwords in use,
- enables new Web based services and expands existing online markets,
- spurs global economic growth by enabling simple and secure exchange of verified attributes from multiple sources at Internet scale.
OpenID Connect is an important contribution to a safer, privacy protecting, and easy to use computing environment that spans the cloud, the Web, enterprises, and mobile applications and has broad industry backing. For these reasons, OpenID Connect merits the 2012 European Identity/Cloud Award.
Tags: #eic12, European Identity and Cloud Conference, European Identity Award, OpenID Connect
This entry was posted
on Wednesday, April 18th, 2012 at 9:27 am and is filed under News, Press Releases, Specs.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Posted at 10:11 pm on February 16, 2012 by Nat Sakimura
The OpenID membership has approved the following specifications as OpenID Implementer’s Drafts in the vote held from February 7th to 15th, 2012:
• Basic Client Profile – Simple self-contained specification for a web-based Relying Party. (This spec contains a subset of the information in Messages and Standard.)
• Discovery – Defines how user and provider endpoints can be dynamically discovered.
• Dynamic Registration – Defines how clients can dynamically register with OpenID Providers.
• Messages – Defines all the messages that are used in OpenID Connect. (These messages are used by the Standard binding.)
• Standard – Complete HTTP binding of the Messages, for both Relying Parties and OpenID Providers.
• Multiple Response Type Encoding – Registers OAuth 2.0 response_type values used by OpenID Connect.
The voting results were:
- Approve (86 votes)
- Disapprove (1 vote)
- Abstain (2 votes)
Total Votes: 89 (out of 363 members = 25% > 20% quorum requirement)
An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification.
The specifications are posted at these locations:
• http://openid.net/specs/openid-connect-basic-1_0-15.html
• http://openid.net/specs/openid-connect-discovery-1_0-07.html
• http://openid.net/specs/openid-connect-registration-1_0-08.html
• http://openid.net/specs/openid-connect-messages-1_0-07.html
• http://openid.net/specs/openid-connect-standard-1_0-07.html
• http://openid.net/specs/oauth-v2-multiple-response-types-1_0-03.html
A description of OpenID Connect can be found at http://openid.net/connect/.
The working group page is http://openid.net/wg/connect/.
Tags: Implementer's Draft, openid, OpenID Connect, specification
This entry was posted
on Thursday, February 16th, 2012 at 10:11 pm and is filed under News, Specs.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Posted at 9:25 pm on February 7, 2012 by Nat Sakimura
Link: https://openid.net/foundation/members/polls/62
The OpenID AB+Connect Working Group recommends approval of the following specifications as OpenID Implementer’s Drafts:
• Basic Client Profile – Simple self-contained specification for a web-based Relying Party. (This spec contains a subset of the information in Messages and Standard.)
• Discovery – Defines how user and provider endpoints can be dynamically discovered.
• Dynamic Registration – Defines how clients can dynamically register with OpenID Providers.
• Messages – Defines all the messages that are used in OpenID Connect. (These messages are used by the Standard binding.)
• Standard – Complete HTTP binding of the Messages, for both Relying Parties and OpenID Providers.
• Multiple Response Type Encoding – Registers OAuth 2.0 response_type values used by OpenID Connect.
An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification.
The specifications are posted at these locations:
• http://openid.net/specs/openid-connect-basic-1_0-15.html
• http://openid.net/specs/openid-connect-discovery-1_0-07.html
• http://openid.net/specs/openid-connect-registration-1_0-08.html
• http://openid.net/specs/openid-connect-messages-1_0-07.html
• http://openid.net/specs/openid-connect-standard-1_0-07.html
• http://openid.net/specs/oauth-v2-multiple-response-types-1_0-03.html
A description of OpenID Connect can be found at http://openid.net/connect/. The working group page ishttp://openid.net/wg/connect/.
Please vote at: https://openid.net/foundation/members/polls/62
The vote is open between Feb. 7 to 15.
Tags: Implementer's Draft, OpenID Connect, vote
This entry was posted
on Tuesday, February 7th, 2012 at 9:25 pm and is filed under Foundation, News, Specs.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Posted at 6:41 am on December 23, 2011 by John Bradley
The OpenID AB+Connect Working Group recommends approval of the following specifications as OpenID Implementer’s Drafts:
- Basic Client Profile – Simple self-contained specification for a web-based Relying Party. (This spec contains a subset of the information in Messages and Standard.)
- Discovery – Defines how user and provider endpoints can be dynamically discovered.
- Dynamic Registration – Defines how clients can dynamically register with OpenID Providers.
- Messages – Defines all the messages that are used in OpenID Connect. (These messages are used by the Standard binding.)
- Standard – Complete HTTP binding of the Messages, for both Relying Parties and OpenID Providers.
- Multiple Response Type Encoding – Registers OAuth 2.0 response_type values used by OpenID Connect.
An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. This note starts the 45 days public review period for the specification drafts in accordance with the OpenID Foundation IPR policies and procedures. This review period will end on Monday, February 6, 2012.
Unless issues are identified during the review that the working group believes must be addressed by revising the drafts, this review period will be followed by a seven day voting period during which OpenID Foundation members will vote on whether to approve these drafts as OpenID Implementer’s Drafts.
The specifications are posted at these locations:
A description of OpenID Connect can be found at http://openid.net/connect/. The working group page is http://openid.net/wg/connect/.
Information on joining the OpenID Foundation can be found at https://openid.net/foundation/members/registration. Foundation members will be asked to vote on approving these specifications as Implementer’s Drafts.
You can send feedback on the specifications in a way that enables the working group to act on your feedback by
- signing the contribution agreement at http://openid.net/intellectual-property/ to join the AB+Connect working group,
- joining the working group mailing list at http://lists.openid.net/mailman/listinfo/openid-specs-ab, and
- sending your feedback on that list.
Tags: Implementer's Draft, OpenID Connect, spec, specification, vote
This entry was posted
on Friday, December 23rd, 2011 at 6:41 am and is filed under Foundation, News, Specs.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.