Posted at 11:00 am on August 21, 2012 by Greg Keegstra
For website owners, enabling web applications to talk to one another within the same web page can be frustrating and can take countless hours of development. How should apps communicate with each other in a meaningful way? The OpenID Foundation’s new Backplane Protocol Work Group is focused on this exact problem — helping website owners, application developers and systems integrators simply and securely integrate apps from different providers into a seamless user experience.
Growing from industry cooperation over the last two years, Backplane Protocol has evolved quickly and is now a mature specification. Backplane Protocol serves as a “message bus” for social applications, enabling applications developed by disparate vendors to communicate with each other in real-time. It builds on proven and popular open standards work by leveraging technologies such as OpenID, OAuth, and Portable Contacts, reducing the need for developers to learn and develop against other vendors’ proprietary APIs.
Announced July 16, 2012 at the OpenID Foundation Summit in Vail, Colorado, this new OpenID work group is seeking additional input and participation from the world wide OpenID community, ultimately enabling application developers and systems integrators to bring more robust solutions to websites faster and more cost effectively.
With the launch of the OpenID Backplane Protocol Work Group, we invite the OpenID community to help greatly expand current use cases and to drive the standard forward. For parties interested in participating in the work group, please join the mailing list and complete an intellectual property agreement.
You can learn more about the adoption and implementation of the Backplane Protocol at http://backplanex.com. Follow @OpenID on Twitter to stay up-to-date on all of the OpenID work groups and events.
This entry was posted
on Tuesday, August 21st, 2012 at 11:00 am and is filed under News.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
The OpenID Foundation is hosting an OpenID workshop on March 28th. It will be held at Microsoft’s office in London. The event was originally going to be held at Google’s offices, but due to the high demand it has been moved to a location with more room. The OpenID Foundation runs a series of workshops like this one for business decision makers, as well as running other OpenID summits that are more technical.
The event is for the owners of consumer websites, citizen oriented government sites, and enterprise SaaS services to discuss how to improve login systems by using techniques such as OAuth, OpenID and an Account Chooser.
Please join us on Wednesday, March 28th, 2012 from 10:00 until 17:30 GMT.
Registration is now open at the following link: REGISTER NOW!
Location:
Microsoft London Office, Cardinal Place, 80-100 Victoria Street, United Kingdom, SW1E 5JL
AGENDA:
10-11am: OAuth as the core Internet identity protocol
Kick Willemse (OpenID Foundation Board Member and CEO of Prooflink)
Description: A high level overview of the protocol, and an explanation of why major technology companies have standardized on it including Google, Microsoft, Facebook, Yahoo, etc. We will also discuss how the functionality of the OpenID v2 protocol has been reimplemented on top of OAuth to create OpenID Connect. The session will also discuss the security problems of websites that run their own password based login systems.
Description: While OAuth is the main protocol for new Internet identity systems, most companies still need to deal with a mix of other protocols, including their own internal sign on system across the different parts of their website, as well as for employee signing sign on. Learn about how to use a token management service to bridge between those different protocols.
Noon-1pm: Lunch
1pm-2pm: Using Social Login to get more out of logins then just an email
Description: While logins used to just be about email and password, there is now the potential to do much more using popular consumer identity providers such as Twitter, Yahoo, Facebook, Google, Microsoft Live, etc. This session will discuss the success many websites have already had with this model.
2pm-3pm: Improving the user experience of sign-in using an Account Chooser
Description: Google and other sites have started to roll out a new login experience called an Account Chooser. Get an overview of how it works, and learn why companies like Google are making this change. The session will also explain why it is so much easier for a website to add support for identity providers (both consumer and enterprise) after first deploying an account chooser.
3pm-3:30pm: Snack break
The second part of the session only has room for 100 people. We will check badges at this point and you will only be able to join the second session if you registered for it online. However everyone is welcome to join the snack break
3:30pm-4:30pm: Verifying real world identity on the Internet
Philip Stradling (Senior Program Manager, Identity, Microsoft)
Andrew Nash (Director of Product Management, Identity, Google)
Description: How do websites know which identity providers to trust, and visa versa? Also learn how governments are using the same techniques discussed at this conference to engage with citizens online.
4:30pm-5:30pm: Strong authentication and identity verification
Andrew Nash (Director of Product Management, Identity, Google)
Description: Hear how large consumer websites like Google are using mobile phones today in addition to passwords. Learn how you can confirm attributes about a user on your website such as name, address, etc. This session will describe the working groups in the Open Identity Exchange that are focused on this topic, and will include demonstrations of live systems.
In addition to the presentations above, Ping Identity is also hosting a similar event the previous day. If you’re a security architect, IT manager, SaaS product manager, eBusiness leader, CSO, CTO, or CIO leveraging the Cloud to change your business, it’s a day of identity security best practices you don’t want to miss.
This entry was posted
on Wednesday, March 7th, 2012 at 9:28 am and is filed under Uncategorized.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
• Basic Client Profile – Simple self-contained specification for a web-based Relying Party. (This spec contains a subset of the information in Messages and Standard.)
• Discovery – Defines how user and provider endpoints can be dynamically discovered.
• Dynamic Registration – Defines how clients can dynamically register with OpenID Providers.
• Messages – Defines all the messages that are used in OpenID Connect. (These messages are used by the Standard binding.)
• Standard – Complete HTTP binding of the Messages, for both Relying Parties and OpenID Providers.
• Multiple Response Type Encoding – Registers OAuth 2.0 response_type values used by OpenID Connect.
The voting results were:
Approve (86 votes)
Disapprove (1 vote)
Abstain (2 votes)
Total Votes: 89 (out of 363 members = 25% > 20% quorum requirement)
An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification.
This entry was posted
on Thursday, February 16th, 2012 at 10:11 pm and is filed under News, Specs.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Posted at 11:15 am on August 22, 2011 by Karinhanson
The OpenID Foundation is launching its third OpenID Summits for 2011. This event is co-sponsored by Microsoft and will be held at the Microsoft Research Campus in Mountain View. The OpenID Foundation’s 2011 series of OpenID Summits focuses on use cases and topics of interest to key developers, executives and analysts in the online identity industry.
This OpenID summit gives web site developers and technologists a closer look at the OpenID Connect protocol, its use cases and adoption plans by leading companies. We will introduce “Account Chooser” its implementation and user experience and provide interop testing and feedback for next generation OpenID adoption.
Please join us on Monday, September 12, 2011 from 12:00 Noon until 5:00pm PDT and Tuesday, September 13, 2011 from 10:00am to 5:00pm PDT.
Registration is now open at the following link: REGISTER NOW!
Location: Microsoft Research Silicon Valley Campus – 1288 Pear Avenue, Mountain View, CA 94043
OpenID Connect Tech Summit
AGENDA: Monday,
September 12, 2011 – 12:00pm-5:00pm
Noon: Lunch will be provided for attendees
12:00-12:20 – Welcome
Don Thibeau, Executive Director, The OpenID Foundation
Technical Sessions
12:20-1:00 – Overview and Update of OpenID Connect and OAuth 2.0, Mike Jones, Microsoft,
Director of Identity Partnerships
1:00-3:00 – OpenID Connect Spec development (Working Group Review led by Allen Tom and Mike Jones)
[2 hours]
Timing goals for ratification
Core protocol
Dynamic RP registration and IDP discovery
Claims
Session Management
Artifact Binding
US Government OpenID Connect profile
3:20-4:00 – Open time for Technical Interop, Allen Tom & Mike Jones [60 min]
4:00-4:40 – OpenID Connect: Building Test Infrastructure, Roland Hedberg
4:40-5:00 – Wrap-up, Don Thibeau, Executive Director, The OpenID Foundation
AGENDA: Tuesday, September 13, 2011 – 10:00am-5:00pm
Business Session
10:00-10:20 - Welcome Don Thibeau, Executive Director, The OpenID Foundation
10:20-11:00 - Feedback Review OpenID Connect Mike Jones, Microsoft
and Allen Tom, Directors, The OpenID Foundation
11:00-11:40 - Overview and Update of Account Chooser, A presentation on a new sign in experience for the web, how to get involved, and an update on the legal status of related IP. Scott David, K&L Gates, Basheer Tome, Independent & Eric Sachs, Google
11:40-12:20 – Migrating Users to Identity Providers From Email/Password Logins”, A Summary of the experience of websites, including Google, that have started to migrate users from traditional logins to identity providers. Eric Sachs, Google, Product Manager
12:20-1:00 – Lunch
1:00-1:40 – Microsoft as an RP and IDP, Speaker (TBD)
1:40-2:20 – Way Beyond Single Sign On, Greg Keegstra, Janrain
2:20-3:00 – The Value Proposition for OpenID Connect & Account Chooser in the Enterprise, Pam Dingle, Ping Identity
3:00-3:20 – Break
3:20-4:00 – Open Identity and Online Adoption, A discussion on trends in the adoption of social login among online businesses. Patrick Salyer, Gigya
4:00-4:40 – OpenID Connect & UMA Synergies, OpenID Connect and User-Managed Access (UMA) solve interestingly complementary problems. This session will explore use cases and proposals for combining them. Macie Machulak
4:40-5:00 - Wrap up Don Thibeau, Executive Director, The OpenID Foundation
This entry was posted
on Monday, August 22nd, 2011 at 11:15 am and is filed under Foundation, Summit Events.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Posted at 5:00 pm on July 15, 2011 by Nat Sakimura
There is now a set of functionally complete specifications for OpenID Connect. The diagram below shows the relationships between the current specs and contains links to each of them. These specifications are ready for early developer feedback and prototype implementation work. Please send feedback on them to the OpenID Artifact Binding Working Group Mailing List.
OpenID Connect uses the best practices of widely used OAuth/REST/JSON based APIs to define a standard and interoperable way to authenticate users. Developers should care because rather than having to learn an new and slightly different version of essentially the same API every time they want to integrate with a different identity provider, they can just do it in a standard way using a consistent interface. In the long run, OpenID Connect will make the web more interoperable, because it makes it easier for developers to integrate with multiple services.
FYI, the working group *is* planning to reorganize the specs to have the minimal set of OpenID Connect functionality be contained in a single document, although this will likely not be in place for a few weeks. Even before that is done, we wanted to make people aware of this set of specs now so early implementation work and technical feedback can occur. Remaining edits to the specs should consist of corrections, clarifications, and reorganization, rather than additions of significant new functionality. For now, developers should start with the (admittedly awkwardly named) OpenID Connect HTTP Redirect Binding spec.
This entry was posted
on Friday, July 15th, 2011 at 5:00 pm and is filed under News, Specs.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Many in the open standards community have a “what have you done for me lately” chip implanted deep in their programming souls. It’s logical to want the evolution of OpenID technology to keep up with the rate of its adoption. We all want the pace of technology improvement to map onto the promise of what has become the most popular decentralized single-sign-on protocol on the web. Some of the most impatient include members of the Board of the OpenID Foundation who aren’t satisfied with hanging an “over a billion served” on the OpenID Foundation website.
The “co-evolution” of OAuth and OpenID
Late last year, the members of the OpenID Artifact Binding and OpenID Connect Working Groups joined forces to develop a simple, common specification. The result had been informally referred to as “OpenID Artifact Binding/Connect” or “OpenID ABC”. Key contributors from both working groups have been working on a core specification ever since. Weekly specification calls have methodically focused on identifying and closing open issues. A key milestone was reached at IIW earlier this month: the remaining open issues were identified, tradeoffs debated, and all issues closed – with consensus decisions recorded in the Artifact Binding mailing list archives. The working group is now refining the specifications to reflect those decisions, as well as tracking the evolution of closely related specifications like OAuth 2.0.
Having passed this gate, the OpenID board decided to brand the result “OpenID Connect” and solicit as wide and diverse feedback as possible. The OpenID Retail Summit at PayPal, the “Security” Summit at Symantec, and last week’s OpenID Summit in Munich at the European Identity Conference all featured detailed briefings and feedback on OpenID Connect. While still a work in progress, OpenID Connect has achieved the levels of participation and consensus needed to advance to the next phase: interoperability testing for multiple use cases in several venues worldwide. We’ll continue to engage developers and potential deployers about OpenID Connect at upcoming OpenID Summits, including the next summit on July 19 in Colorado sponsored by Ping Identity, in to better understand, critique, refine, test, and ready OpenID Connect for prime time.
A look under the hood of OpenID Connect:
- web and developer friendly, building upon OAuth 2.0 and JSON
- simple site registration functionality (the “Connect” part)
- works well on mobile phones (the “Artifact Binding” part)
- simple JSON-based claims model
- reuses claims definitions from existing Portable Contacts specification
- can achieve a range of security characteristics, spanning use cases from social networks to those needing higher levels of assurance
- modular specifications, so deployers need only implement the functionality their applications need.
The strength of the open standards is the ongoing scrutiny from a global community of supporters and skeptics. Progress depends on those with the “courage of the first draft.” Our special thanks go to OpenID Board members Mike Jones, Nat Sakimura, and John Bradley, together with Breno de Medeiros from Google and Chuck Mortimore from Salesforce: working group participants whose dedication and perspectives were critical to building consensus, closing the open issues, and setting the stage for OpenID’s next act.
This entry was posted
on Friday, May 20th, 2011 at 11:04 am and is filed under Foundation, Specs.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
We are hoping to use our face 2 face time around IIW to resolve some of the outstanding issues:
Claimed ID type. We have two proposals, one for a single URL and another for a two part identifier where the user_ID and the IdP/OP identifier are separate.
An extension for PAPE/Authentication Context. This will be required for government and other higher security applications.
A formal spec for the User Info Endpoint and defining the base attribute schema.
Defining how other extensions can be added.
Defining a syntax for requesting sets of claims from trusted sources.
We will be producing a implementers guide to make it easier for people to build clients without having to wade through all of the separate specs.
This entry was posted
on Friday, April 29th, 2011 at 5:54 pm and is filed under Specs.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Posted at 12:56 am on November 22, 2010 by Amanda Richardson
by Jesse Stay
Just before the latest Internet Identity Workshop, a few dozen members of the OpenID Foundation met at Facebook for a technology summit. Sessions ranged from the future of OpenID – looking at Connect and Artifact Binding – to details around profile data, signing, and encryption. Over the afternoon the group came to consensus around a number of different technical proposals.
You can find my notes from the day at http://bit.ly/b69H7d and we encourage you to continue discussion on the mailing lists. If you were at the Summit, please feel free to add anything we may have missed.
This entry was posted
on Monday, November 22nd, 2010 at 12:56 am and is filed under Uncategorized.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Posted at 8:59 pm on November 3, 2008 by Brian Kissel
The OpenID Foundation is pleased to share that OpenID Japan has launched with 32 members including merchants, portals, educational institutions, insurance companies, manufacturing companies, airlines, and banks.
This announcement is significant for several reasons:
The number and breadth of industries represented by the new members
The use of OpenID by member companies for commercial transactions
Collaboration between OpenID Japan and Liberty Alliance Japan
An earlier survey by internet.com and Marsh Research of Japanese internet users found that 28% of knew about OpenID and 15% were using OpenID
Congratulations to OpenID Japan on these significant milestones.
This entry was posted
on Monday, November 3rd, 2008 at 8:59 pm and is filed under News.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Posted at 7:27 pm on October 30, 2008 by The Shared Admin
This is a historic week for OpenID. Google and Microsoft announced the release of code to support OpenID 2.0 across their most important properties. On Monday, Microsoft, announced OpenID 2.0 support for their 460 million users on the LiveID platform. On Wednesday Google said it will be supporting OpenID 2.0 for any user that has a Google account. Both of these deployments are great news for the OpenID community and the Internet at large. It can be safely said that within the coming months, every single user on the Internet will have an OpenID.
There was some discussion from a few people yesterday claiming that Google’s implementation was a fork of OpenID. Today, Eric Sachs, Google’s lead on this effort, has another post responding to some of this early criticism:
That registration requirement also led to some confusion because users wanted to be able to use existing websites that accept OpenID 2.0 compliant logins by simply entering gmail.com (or in some cases their E-mail address) into the login boxes on those websites. … Once the XRDS file is live, end-users should be able to use the service by typing gmail.com in the OpenID field of any login box that supports OpenID 2.0, similar to how Yahoo users can type yahoo.com or their Yahoo E-mail address (In the meantime, if you feel really geeky, you can type https://www.google.com/accounts/o8/id into an OpenID 2.0 login box).
Although these are both considered “preview releases” by both companies, the fact that they have put code out there that developers can start to work with is absolutely fantastic. Both Google and Microsoft have stated that these are testing implementations and as such, their may be certain limitations while they work on localization, scaling and general UI.
Mike Jonestalks about some of the details of the Microsoft LiveID testing:
One feature of the OpenID 2.0 implementation that I’d like to call your attention to is that they give users a choice, on a per-relying party basis, whether to use a site-specific OpenID URL at the site for privacy reasons, or whether to use a public identifier for yourself – explicitly enabling correlation of your identity interactions on different sites.
This entry was posted
on Thursday, October 30th, 2008 at 7:27 pm and is filed under News.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
