Review of Proposed Final OpenID Connect Specifications and Implementer’s Drafts
The OpenID Connect Working Group recommends approval of the following specifications as Final OpenID Specifications: OpenID Connect Core – Defines the core OpenID Connect functionality: authentication built on top of OAuth 2.0 and the use of Claims to communicate information about the End-User. OpenID Connect Discovery – Defines how Relying Parties dynamically discover information about […]
OpenID® Trademark and Service Mark License
The OIDF board recently voted to adopt an OpenID Trademark and Service Mark License policy. The following are some of the guidelines regarding acceptable uses of OIDF trademarks outlined in the license: The owner of OIDF marks must be clearly identified as the “OpenID Foundation”. For example, “OpenID® is a trademark (registered in numerous countries) […]
Microsoft publicly participates in OpenID Connect interoperability testing. | Thread Safe
While the testing of Windows Azure Active Directory (WAAD) support for OpenID Connect has been going on for some months, Microsoft is now publicly participating in the OSIS interoperability testing. While most people think of Connect as being adopted by Social sites like Google for Login, it is also gaining traction in enterprise […]
Login to Your Salesforce Org with OpenID Connect in Winter ’14
The Winter ’14 release includes OpenID Connect Authentication Providers, allowing your org to be an OpenID Connect Client, and leverage an Authorization Server for user login. Let’s take a look at how this works: If you want to walk through the protocol in detail, there’s an excellent, detailed description on Google’s Developer site. (Source) http://blogs.developerforce.com/developer-relations/2013/09/login-to-your-salesforce-org-with-openid-connect-in-winter-14.html
Vulnerability Alert – OpenID 2.0 Implementations Vulnerabilities found in some OPs
Please be advised a number of OpenID Authentication 2.0 server implementations were found to be vulnerable due to non-compliance to the normative requirements of the OpenID Authentication 2.0 specification. The nature of the vulnerability In section 11.4.2.1 of the OpenID Authentication 2.0, it is stated that “For verifying signatures an OP MUST only use private […]
Second OpenID Connect Implementer’s Drafts Approved
The OpenID membership has approved the following specifications as OpenID Implementer’s Drafts in the vote held from July 23 and July 30, 2013: Basic Client Profile – Simple, self-contained profile for a Web-based Relying Parties using the OAuth code flow. Implicit Client Profile – Simple, self-contained profile for a Web-based Relying Parties using the OAuth […]
OpenID Connect Server in a Nutshell
Nat Sakimura has written a valuable post describing how to write an OpenID Connect server in three simple steps. It shows by example how simple it is for OAuth servers to add OpenID Connect functionality. This post is a companion to his previous post OpenID Connect in a Nutshell, which described how simple it is […]
Vote for Second OpenID Connect Implementer’s Drafts is Open
Please vote now at https://openid.net/foundation/members/polls/68. The vote is open between July 23 and July 30, 2013. The OpenID Connect Working Group recommends approval of the following specifications as OpenID Implementer’s Drafts: • Basic Client Profile – Simple, self-contained profile for a Web-based Relying Parties using the OAuth code flow. • Implicit Client Profile – Simple, […]
OpenID Connect / Account Chooser Meeting @ IETF 87 Berlin
OpenID Foundation is hosting a joint WG meeting at IETF 87 Berlin on Sunday, July 28. Time: 2:00pm, Sunday, July 28 Venue: @IETF 87 Berlin, Germany Registration Site: http://openid-ietf-87.eventbrite.com People interested in OpenID Connect, Account Chooser, and how they relate to IETF specifications such as OAuth, JSON Web Token (JWT), and JSON Object Signing and Encryption (JOSE) […]
Review of Proposed Second OpenID Connect Implementer’s Drafts
The OpenID Connect Working Group recommends approval of the following specifications as OpenID Implementer’s Drafts: Basic Client Profile – Simple, self-contained profile for a Web-based Relying Parties using the OAuth code flow. Implicit Client Profile – Simple, self-contained profile for a Web-based Relying Parties using the OAuth implicit flow. Messages – Defines the messages that […]