Posted at 11:15 am on August 22, 2011 by Karinhanson
The OpenID Foundation is launching its third OpenID Summits for 2011. This event is co-sponsored by Microsoft and will be held at the Microsoft Research Campus in Mountain View. The OpenID Foundation’s 2011 series of OpenID Summits focuses on use cases and topics of interest to key developers, executives and analysts in the online identity industry.
This OpenID summit gives web site developers and technologists a closer look at the OpenID Connect protocol, its use cases and adoption plans by leading companies. We will introduce “Account Chooser” its implementation and user experience and provide interop testing and feedback for next generation OpenID adoption.
Please join us on Monday, September 12, 2011 from 12:00 Noon until 5:00pm PDT and Tuesday, September 13, 2011 from 10:00am to 5:00pm PDT.
Registration is now open at the following link: REGISTER NOW!
Location: Microsoft Research Silicon Valley Campus – 1288 Pear Avenue, Mountain View, CA 94043
OpenID Connect Tech Summit
AGENDA: Monday,
September 12, 2011 – 12:00pm-5:00pm
Noon: Lunch will be provided for attendees
12:00-12:20 – Welcome
Don Thibeau, Executive Director, The OpenID Foundation
Technical Sessions
12:20-1:00 – Overview and Update of OpenID Connect and OAuth 2.0, Mike Jones, Microsoft,
Director of Identity Partnerships
1:00-3:00 – OpenID Connect Spec development (Working Group Review led by Allen Tom and Mike Jones)
[2 hours]
Timing goals for ratification
Core protocol
Dynamic RP registration and IDP discovery
Claims
Session Management
Artifact Binding
US Government OpenID Connect profile
3:20-4:00 – Open time for Technical Interop, Allen Tom & Mike Jones [60 min]
4:00-4:40 – OpenID Connect: Building Test Infrastructure, Roland Hedberg
4:40-5:00 – Wrap-up, Don Thibeau, Executive Director, The OpenID Foundation
AGENDA: Tuesday, September 13, 2011 – 10:00am-5:00pm
Business Session
10:00-10:20 - Welcome Don Thibeau, Executive Director, The OpenID Foundation
10:20-11:00 - Feedback Review OpenID Connect Mike Jones, Microsoft
and Allen Tom, Directors, The OpenID Foundation
11:00-11:40 - Overview and Update of Account Chooser, A presentation on a new sign in experience for the web, how to get involved, and an update on the legal status of related IP. Scott David, K&L Gates, Basheer Tome, Independent & Eric Sachs, Google
11:40-12:20 – Migrating Users to Identity Providers From Email/Password Logins”, A Summary of the experience of websites, including Google, that have started to migrate users from traditional logins to identity providers. Eric Sachs, Google, Product Manager
12:20-1:00 – Lunch
1:00-1:40 – Microsoft as an RP and IDP, Speaker (TBD)
1:40-2:20 – Way Beyond Single Sign On, Greg Keegstra, Janrain
2:20-3:00 – The Value Proposition for OpenID Connect & Account Chooser in the Enterprise, Pam Dingle, Ping Identity
3:00-3:20 – Break
3:20-4:00 – Open Identity and Online Adoption, A discussion on trends in the adoption of social login among online businesses. Patrick Salyer, Gigya
4:00-4:40 – OpenID Connect & UMA Synergies, OpenID Connect and User-Managed Access (UMA) solve interestingly complementary problems. This session will explore use cases and proposals for combining them. Macie Machulak
4:40-5:00 - Wrap up Don Thibeau, Executive Director, The OpenID Foundation
This entry was posted
on Monday, August 22nd, 2011 at 11:15 am and is filed under Foundation, Summit Events.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Posted at 5:00 pm on July 15, 2011 by Nat Sakimura
There is now a set of functionally complete specifications for OpenID Connect. The diagram below shows the relationships between the current specs and contains links to each of them. These specifications are ready for early developer feedback and prototype implementation work. Please send feedback on them to the OpenID Artifact Binding Working Group Mailing List.
OpenID Connect uses the best practices of widely used OAuth/REST/JSON based APIs to define a standard and interoperable way to authenticate users. Developers should care because rather than having to learn an new and slightly different version of essentially the same API every time they want to integrate with a different identity provider, they can just do it in a standard way using a consistent interface. In the long run, OpenID Connect will make the web more interoperable, because it makes it easier for developers to integrate with multiple services.
FYI, the working group *is* planning to reorganize the specs to have the minimal set of OpenID Connect functionality be contained in a single document, although this will likely not be in place for a few weeks. Even before that is done, we wanted to make people aware of this set of specs now so early implementation work and technical feedback can occur. Remaining edits to the specs should consist of corrections, clarifications, and reorganization, rather than additions of significant new functionality. For now, developers should start with the (admittedly awkwardly named) OpenID Connect HTTP Redirect Binding spec.
This entry was posted
on Friday, July 15th, 2011 at 5:00 pm and is filed under News, Specs.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Many in the open standards community have a “what have you done for me lately” chip implanted deep in their programming souls. It’s logical to want the evolution of OpenID technology to keep up with the rate of its adoption. We all want the pace of technology improvement to map onto the promise of what has become the most popular decentralized single-sign-on protocol on the web. Some of the most impatient include members of the Board of the OpenID Foundation who aren’t satisfied with hanging an “over a billion served” on the OpenID Foundation website.
The “co-evolution” of OAuth and OpenID
Late last year, the members of the OpenID Artifact Binding and OpenID Connect Working Groups joined forces to develop a simple, common specification. The result had been informally referred to as “OpenID Artifact Binding/Connect” or “OpenID ABC”. Key contributors from both working groups have been working on a core specification ever since. Weekly specification calls have methodically focused on identifying and closing open issues. A key milestone was reached at IIW earlier this month: the remaining open issues were identified, tradeoffs debated, and all issues closed – with consensus decisions recorded in the Artifact Binding mailing list archives. The working group is now refining the specifications to reflect those decisions, as well as tracking the evolution of closely related specifications like OAuth 2.0.
Having passed this gate, the OpenID board decided to brand the result “OpenID Connect” and solicit as wide and diverse feedback as possible. The OpenID Retail Summit at PayPal, the “Security” Summit at Symantec, and last week’s OpenID Summit in Munich at the European Identity Conference all featured detailed briefings and feedback on OpenID Connect. While still a work in progress, OpenID Connect has achieved the levels of participation and consensus needed to advance to the next phase: interoperability testing for multiple use cases in several venues worldwide. We’ll continue to engage developers and potential deployers about OpenID Connect at upcoming OpenID Summits, including the next summit on July 19 in Colorado sponsored by Ping Identity, in to better understand, critique, refine, test, and ready OpenID Connect for prime time.
A look under the hood of OpenID Connect:
- web and developer friendly, building upon OAuth 2.0 and JSON
- simple site registration functionality (the “Connect” part)
- works well on mobile phones (the “Artifact Binding” part)
- simple JSON-based claims model
- reuses claims definitions from existing Portable Contacts specification
- can achieve a range of security characteristics, spanning use cases from social networks to those needing higher levels of assurance
- modular specifications, so deployers need only implement the functionality their applications need.
The strength of the open standards is the ongoing scrutiny from a global community of supporters and skeptics. Progress depends on those with the “courage of the first draft.” Our special thanks go to OpenID Board members Mike Jones, Nat Sakimura, and John Bradley, together with Breno de Medeiros from Google and Chuck Mortimore from Salesforce: working group participants whose dedication and perspectives were critical to building consensus, closing the open issues, and setting the stage for OpenID’s next act.
This entry was posted
on Friday, May 20th, 2011 at 11:04 am and is filed under Foundation, Specs.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
We are hoping to use our face 2 face time around IIW to resolve some of the outstanding issues:
Claimed ID type. We have two proposals, one for a single URL and another for a two part identifier where the user_ID and the IdP/OP identifier are separate.
An extension for PAPE/Authentication Context. This will be required for government and other higher security applications.
A formal spec for the User Info Endpoint and defining the base attribute schema.
Defining how other extensions can be added.
Defining a syntax for requesting sets of claims from trusted sources.
We will be producing a implementers guide to make it easier for people to build clients without having to wade through all of the separate specs.
This entry was posted
on Friday, April 29th, 2011 at 5:54 pm and is filed under Specs.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Posted at 12:56 am on November 22, 2010 by Amanda Richardson
by Jesse Stay
Just before the latest Internet Identity Workshop, a few dozen members of the OpenID Foundation met at Facebook for a technology summit. Sessions ranged from the future of OpenID – looking at Connect and Artifact Binding – to details around profile data, signing, and encryption. Over the afternoon the group came to consensus around a number of different technical proposals.
You can find my notes from the day at http://bit.ly/b69H7d and we encourage you to continue discussion on the mailing lists. If you were at the Summit, please feel free to add anything we may have missed.
This entry was posted
on Monday, November 22nd, 2010 at 12:56 am and is filed under Uncategorized.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Posted at 8:59 pm on November 3, 2008 by Brian Kissel
The OpenID Foundation is pleased to share that OpenID Japan has launched with 32 members including merchants, portals, educational institutions, insurance companies, manufacturing companies, airlines, and banks.
This announcement is significant for several reasons:
The number and breadth of industries represented by the new members
The use of OpenID by member companies for commercial transactions
Collaboration between OpenID Japan and Liberty Alliance Japan
An earlier survey by internet.com and Marsh Research of Japanese internet users found that 28% of knew about OpenID and 15% were using OpenID
Congratulations to OpenID Japan on these significant milestones.
This entry was posted
on Monday, November 3rd, 2008 at 8:59 pm and is filed under News.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Posted at 7:27 pm on October 30, 2008 by The Shared Admin
This is a historic week for OpenID. Google and Microsoft announced the release of code to support OpenID 2.0 across their most important properties. On Monday, Microsoft, announced OpenID 2.0 support for their 460 million users on the LiveID platform. On Wednesday Google said it will be supporting OpenID 2.0 for any user that has a Google account. Both of these deployments are great news for the OpenID community and the Internet at large. It can be safely said that within the coming months, every single user on the Internet will have an OpenID.
There was some discussion from a few people yesterday claiming that Google’s implementation was a fork of OpenID. Today, Eric Sachs, Google’s lead on this effort, has another post responding to some of this early criticism:
That registration requirement also led to some confusion because users wanted to be able to use existing websites that accept OpenID 2.0 compliant logins by simply entering gmail.com (or in some cases their E-mail address) into the login boxes on those websites. … Once the XRDS file is live, end-users should be able to use the service by typing gmail.com in the OpenID field of any login box that supports OpenID 2.0, similar to how Yahoo users can type yahoo.com or their Yahoo E-mail address (In the meantime, if you feel really geeky, you can type https://www.google.com/accounts/o8/id into an OpenID 2.0 login box).
Although these are both considered “preview releases” by both companies, the fact that they have put code out there that developers can start to work with is absolutely fantastic. Both Google and Microsoft have stated that these are testing implementations and as such, their may be certain limitations while they work on localization, scaling and general UI.
Mike Jonestalks about some of the details of the Microsoft LiveID testing:
One feature of the OpenID 2.0 implementation that I’d like to call your attention to is that they give users a choice, on a per-relying party basis, whether to use a site-specific OpenID URL at the site for privacy reasons, or whether to use a public identifier for yourself – explicitly enabling correlation of your identity interactions on different sites.
This entry was posted
on Thursday, October 30th, 2008 at 7:27 pm and is filed under News.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Posted at 5:45 pm on October 1, 2008 by Brian Kissel
A couple of weeks ago the BBC hosted twenty-six people from seventeen organizations including eight OpenID Providers and eight OpenID Relying Parties (sites which accept OpenID logins) in New York City to kick off an OpenID Content Provider Advisory Committee. The goal of the session was to answer specific questions by the Content Provider community (media companies and national affinity groups) as well as to provide feedback to the OpenID Foundation, its member companies, and the wider community on the future direction of OpenID.
While OpenID has seen rapid adoption in the “user generated content” segment (blogs, discussion groups, wikis, etc.), we were very excited to see increased interest from mainstream media companies and affinity organizations. Participants at this event included AARP, AOL, BBC, Google, Hearst Magazines, JanRain, Meredith, MySpace, National 4-H, National Public Radio (NPR), The New York Times, Reed Business Information, Six Apart, Time Inc., Vidoop, and Yahoo!.
Throughout the day we covered a wide range of topics including:
Business case for OpenID — use cases and economic impact
Best practices for OpenID Providers and Relying Parties in the areas of user experience, data support, security, and product features
Optimal Content Provider user experience
Data Management — sources, integration, industry specific data, accuracy, security & trust
Coming Enhancements — Provider Authentication Policy Extension (PAPE), OAuth, Portable Contacts API, MySpace Data Availability, and integration of OpenID into browsers.
Yahoo!, Google, and MySpace all presented information about their OpenID Provider services, thoughts on user experience and lessons learned, and some future plans. National 4-H presented a summary of an OpenID-based integrated National, State, and Local web platform that they will be deploying in the coming months. We shared a case study on Japan Airlines (JAL) federated partner commerce using OpenID with the proposed Trusted Data Exchange (TX) extension that Nomura Research Institute (NRI) has been developing. There was extensive discussion between existing and potential Relying Parties and the OpenID Providers about what would facilitate faster and broader adoption of OpenID in the Content Provider community. The session was moderated and feedback captured by Market Focus, a strategic marketing consulting firm who will be performing additional customer and market research on behalf of the OpenID Foundation.
If other content providers would like to join this advisory committee, please contact Johannes Ernst or Brian Kisselof the OpenID Foundation Customer Research Committee for further information.
Additionally, many members of the OpenID community will be attending the upcoming Internet Identity Workshop (IIW) on November 10-12 at the Computer History Museum in Mt. View, CA. This will provide a great venue for face to face discussions and additional opportunities to provide input and feedback on the future direction of OpenID.
This entry was posted
on Wednesday, October 1st, 2008 at 5:45 pm and is filed under News.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Posted at 10:33 pm on August 25, 2008 by David Recordon
Last week mixi, the largest social network in Japan, become an OpenID Provider for all of their fifteen-million plus users; one in five Japanese web users are on mixi. While they are another large OpenID Provider — which some argue is a bad thing — they are the first large OpenID Provider to also support exchanging profile information. While early adopters using OpenID Providers such as MyOpenID.com, MyVidoop.com, and VeriSign’s PIP have had the ability to exchange profile information for well over a year with the Simple Registration Extension, this is an important step forward with larger OpenID Providers seeing the value in exchanging profile information as well. This means that when a mixi user logs in to a site using their OpenID, the site is able to request access to things from their profile like their name.
Earlier today, ReadWriteWeb wrote more about how Mixi Brings Sophisticated OpenID to Millions of Japanese Users asking why Facebook isn’t using OpenID for their Connect APIs and providing a good overview of why mixi adopting OpenID with Simple Registration is helping to push the envelope:
The moral of the story, though, is that another major social network now supports OpenID and is pushing the envelope with the features included. They aren’t acting as a relying party yet, allowing users to login with OpenID from other networks, but the functionality of Mixi user profiles has now increased dramatically thanks to open standards.
Along with mixi’s launch last week, Six Apart released a mixi commenting plugin for Movable Type. (Disclosure: I work for Six Apart) This plugin allows mixi users to comment on Movable Type powered blogs and have their name from their profile show up next to their comment.
All in all, great news for OpenID coming out of Japan!
This entry was posted
on Monday, August 25th, 2008 at 10:33 pm and is filed under News.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Posted at 5:00 am on August 10, 2008 by Scott Kveton
Its been an busy week in the world of OpenID. On Friday Ben Laurie announced a security vulnerability around OpenID that relates to existing problems with DNS and certain SSL certificates. Discussions on the OpenID General mailing list have been fruitful and the major OpenID providers out there today have disclosed that they are either not vulnerable or patching quickly. It should also be noted that none of the providers listed at openid.net/get were ever vulnerable to this attack.
One of the greatest parts of the OpenID community is that the people developing this technology react so quickly to problems that inevitably arise. There is no such thing as 100% secure with anything on the Internet but we can (and have) put measures into place to react quickly as a community when issues like this occur.
OpenID has two challenges it faces to increase adoption and use; security and usability. This afternoon, Randall Stross of the New York Times published his “Digital Domain” column criticizing OpenID on both of these points. Its great to see people looking at security with regards to OpenID and asking the hard questions and it also highlights a few common misconceptions:
Authentication is out of scope for OpenID: Because there is no silver bullet for security, the way you authenticate your OpenID is actually out-of-scope of the protocol. As such, you can use whatever level of security you want to protect your OpenID. We have seen vendors offer unique solutions like Verisign’s VIP, JanRain’s CallVerifID and Vidoop’s ImageShield created to provide alternatives to passwords for authenticating users’ OpenID’s. OpenID allows companies both large and small to experiment with ways to authenticate their users without requiring buy-in from sites across the Internet.
Information Cards solve a different problem than OpenID’s: In his article, Randall mentions how Information Cards are more superior in terms of authentication compared to OpenID. In actuality, you can use an Information Card to secure your OpenID if you want and there has been a lot of work on this within the OpenID community. VeriSign’s OpenID provider even supports Information Cards in addition to token based authentication. Information Cards provide the means to securely authenticate you assuming you have the technology installed on your machine. In addition, Information Cards lack the ability to take advantage of one of OpenID’s main strengths, the destination or URL that a user has proved they own. The potential for this end-point for services is limitless and may serve as one of the key components driving OpenID use; the ability to move data from somewhere on the Internet that you have proved you own.
Nobody is really adopting OpenID: I’m always surprised to hear people say that just because the big players are only OpenID providers (and not consumers) that we’re failing here. I always try to remind people that this technology is only three years old and we’ve made tremendous strides since its inception. Not only that, the latest graphs continue to show hyperbolic growth. These things take time and again, security and usability will be key drivers to OpenID adoption moving forward.
I’m excited to see a lot of interesting efforts from the community to help with usability. Tom from Barnraiser.org has been doing a series of articles that describe some of these usability issues. We’ve seen community efforts such as Email Address to URL Translation, which allows users to enter their email addresses instead of URL’s and Identity in the Browser (IDIB) which is hoping to bake OpenID functionality (and increased security) into all of the modern browsers.
On the security front, we’re seeing traction in the development of the OpenID Provider Authentication Policy Extension (PAPE) which will help sites be able to determine which providers they will trust based on the means of authentication the user has used to get access. Both Sxip and JanRain have implemented early prototypes of PAPE on their OpenID providers.
We’ve got a long way to go here with OpenID and getting it to a point where it can stand in the face of criticism but I’m confident of this community that has come together through the first three years to get where we are today. I still firmly believe the best is yet to come.
This entry was posted
on Sunday, August 10th, 2008 at 5:00 am and is filed under News.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
