<html>
<head>
<meta name="generator" content="Windows Mail 17.5.9600.20413">
<style><!--
p.MsoNormal, li.MsoNormal, div.MsoNormal {
margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
}
a:link, span.MsoHyperlink {
color:blue;
text-decoration:underline;
}
span.MsoHyperlinkFollowed {
color:purple;
text-decoration:underline;
}
p {
margin-top:0in;
margin-right:0in;
margin-bottom:7.5pt;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";
}
span.EmailStyle17 {
font-family:"Calibri","sans-serif";
color:windowtext;
}
.MsoChpDefault {
font-family:"Calibri","sans-serif";
}
div.WordSection1 {
}
--></style><style data-externalstyle="true"><!--
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph {
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
}
p.MsoNormal, li.MsoNormal, div.MsoNormal {
margin:0in;
margin-bottom:.0001pt;
}
p.MsoListParagraphCxSpFirst, li.MsoListParagraphCxSpFirst, div.MsoListParagraphCxSpFirst,
p.MsoListParagraphCxSpMiddle, li.MsoListParagraphCxSpMiddle, div.MsoListParagraphCxSpMiddle,
p.MsoListParagraphCxSpLast, li.MsoListParagraphCxSpLast, div.MsoListParagraphCxSpLast {
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
line-height:115%;
}
--></style></head>
<body dir="ltr">
<div data-externalstyle="false" dir="ltr" style="font-family: 'Calibri', 'Segoe UI', 'Meiryo', 'Microsoft YaHei UI', 'Microsoft JhengHei UI', 'Malgun Gothic', 'sans-serif';font-size:12pt;"><div>I'll give a small challenge and feedback for developers - addressing a challenge I see. The challenge is due to the “ever changing” websso world.</div><div><br></div><div>We have a joomla deployment, that REALLY exploits websso. From claims in the inbound assertion, all sorts of application roles drive menus, drive profiles, drive link visibility, drive page embedding, (etc etc). I think this was known, in the last round of fancy marketing, as claims driven apps (or something). Identity metasystem, or something. Hey, it may even have been “user centric”.</div><div><br></div><div>I'd love to move FROM current ws-fedp plugin (that cost a $1000 to do, when given to the right person) to openid connect. Perhaps, I could find another $1000…</div><div><br></div><div>Now, I'm not known as the smartest key on the chain, and still see the world in simple terms. I'm happy for such as the Microsoft openid connect solution (in the cloud) to invoke websso for me (in response to an openid connect request - for an id_token). Sure, I could make Joomla call openid connect (to invoke websso). And, obviously, a token translation occurs on the return leg, moving values from the ws-fedp-delivered assertion (from the websso step) to the oauth authorization process (that delivers a nice JWT to me, with some of the ‘claims’ from the websso step).</div><div><br></div><div>If I cannot get the claims I currently get (from direct access to websso), I cannot move to openid connect (which gives me ONLY indirect access to websso, and claims handover that is decided by others). Which makes openid connect MIGRATION hard ).</div><div><br></div><div>Yes - you might way - your silly implementation, Peter, doesn't fit the "Intended pattern”. Which is, of course, your fault (for buying into last years marketing, around claims, if not user centric consent and control). Rebuild it all (and adopt the “right pattern”!!). And, of course that will happen (when one just dumps - rather than revises - the “old” stuff) </div><div><br></div><div>Of course, that is not reality (as code and patterns marketed and adopted only 2 years ago have a multiple year lifetime, down here on main street. Not all of us are billion dollar companies (with payoffs from natsec agencies or potential federal cloud contracts for 100,000 tenants…).</div><div><br></div><div><br></div><div>Just some feedback on “adoption”, in that 80% of the market that is “bound up” in legacy cost economics. Even legacy of … 2 years ago.</div><div><br></div><div>Having “groked” openid connect (thanks to superb Microsoft cloud-based delivery of it ), I'm for it (now I get it). Now reality sets in. Change is hampered by the “advanced” stuff done , ahem, 2 years ago - whose very PATTERN is already considered “legacy”. </div><div><br></div><div>Hopefully this spurs the next generation of developers - who know a bit that large market of <br>”legacy migration” (from claims to connect…)</div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div data-signatureblock="true"><br></div><div style="padding-top: 5px; border-top-color: rgb(229, 229, 229); border-top-width: 1px; border-top-style: solid;"><div><font face=" 'Calibri', 'Segoe UI', 'Meiryo', 'Microsoft YaHei UI', 'Microsoft JhengHei UI', 'Malgun Gothic', 'sans-serif'" style='line-height: 15pt; letter-spacing: 0.02em; font-family: "Calibri", "Segoe UI", "Meiryo", "Microsoft YaHei UI", "Microsoft JhengHei UI", "Malgun Gothic", "sans-serif"; font-size: 12pt;'><b>From:</b> <a href="mailto:Michael.Jones@microsoft.com" target="_parent">Mike Jones</a><br><b>Sent:</b> Thursday, March 20, 2014 5:55 PM<br><b>To:</b> <a href="mailto:code@openid.net" target="_parent">code@openid.net</a>, <a href="mailto:general@openid.net" target="_parent">general@openid.net</a></font></div></div><div><br></div><div dir="">
<div class="WordSection1">
<p style="line-height: 15pt;"><span style='color: rgb(90, 90, 90); font-family: "Helvetica","sans-serif"; font-size: 10.5pt;'>The list of publicly available OpenID Connect libraries is growing, with implementations available for numerous development platforms and environments,
including Drupal, Java, PHP, Python, and Ruby. See the <a href="http://openid.net/developers/libraries/" target="_parent">
Libraries</a> page for a list of <a href="http://openid.net/connect/" target="_parent">OpenID Connect</a> libraries, as well as libraries implementing the related JSON Web Token (JWT) and JSON Object Signing and Encryption (JOSE) specifications. These libraries make it easy
to join the likewise growing list of OpenID Connect deployments.</span></p>
<p style="line-height: 15pt;"><span style='color: rgb(90, 90, 90); font-family: "Helvetica","sans-serif"; font-size: 10.5pt;'>If your library isn’t listed and you’d like it to be, please drop us a note on the
<a href="http://lists.openid.net/mailman/listinfo/openid-code" target="_parent">code@openid.net mailing list</a> or the
<a href="http://lists.openid.net/mailman/listinfo/openid-general" target="_parent">general@openid.net mailing list</a>.</span></p>
<p style="line-height: 15pt;"><span style='color: rgb(90, 90, 90); font-family: "Helvetica","sans-serif"; font-size: 10.5pt;'>Also, if you’re interested in participating in OpenID Connect interop testing, please join the
<a href="http://groups.google.com/group/openid-connect-interop" target="_parent">openid-connect-interop@googlegroups.com mailing list</a> and ask to be added to the current
<a href="http://osis.idcommons.net/wiki/OC5:OpenID_Connect_Interop_5" target="_parent">OpenID Connect interop</a>.</span></p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> -- Mike</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">P.S. This note was also posted at <a href="http://openid.net/2014/03/20/growing-list-of-openid-connect-libraries-available/" target="_parent">
http://openid.net/2014/03/20/growing-list-of-openid-connect-libraries-available/</a> and tweeted as @openid.</p>
<p class="MsoNormal"> </p>
</div>
</div></div>
</body>
</html>