[Openid-specs-native-apps] Native Apps discussion at RSA

Lewis Adam-CAL022 Adam.Lewis at motorolasolutions.com
Fri Feb 28 17:51:20 UTC 2014


I see enormous value in having a standard here.

The client part might well be absorbed into the stack so Microsoft and Google Android and Apple iOS might expose their own APIs to native applications on the device.  But the device client will need to talk to a multitude of servers that will issue the tokens, and there is no way that servers will be able to build to this without a standard.  So we need an over the wire protocol that everybody can agree to, that is tightly profiled and hence interoperable.

In my opinion this is work is doing for native mobile apps what Kerberos did for windows apps in the Identity era of yesterday.   We need an equivalent of exchanging a primary credential for a “TGT” that can then be used to get service tickets.  I think that is what this WG is trying to accomplish.

adam

From: openid-specs-native-apps-bounces at lists.openid.net [mailto:openid-specs-native-apps-bounces at lists.openid.net] On Behalf Of Paul Madsen
Sent: Friday, February 28, 2014 11:43 AM
To: Anthony Nadalin; Mike Jones; Ashish Jain; Sean Ginevan; ErichStuntebeck at air-watch.com; thomas.debenning at onelogin.com; Blake Brannon; Caleb Baker
Cc: openid-specs-native-apps at lists.openid.net
Subject: Re: [Openid-specs-native-apps] Native Apps discussion at RSA

We are defining that 'well understood protocol '

if you see no value in participating, don't

Paul

Anthony Nadalin <tonynad at microsoft.com> wrote:
Bottom line here is that the platform vendors are going to build the brokers and they will expose APIs and as long as they use a understood protocol there is really no need to have this standardized.

From: openid-specs-native-apps-bounces at lists.openid.net [mailto:openid-specs-native-apps-bounces at lists.openid.net] On Behalf Of Mike Jones
Sent: Thursday, February 27, 2014 7:57 PM
To: Ashish Jain; Sean Ginevan; ErichStuntebeck at air-watch.com; thomas.debenning at onelogin.com; Blake Brannon; Caleb Baker
Cc: openid-specs-native-apps at lists.openid.net
Subject: [Openid-specs-native-apps] Native Apps discussion at RSA

Attendees:
Ashish Jain
Sean Ginevan
Erich Stuntebeck
Thomas DeBenning
Blake Brannon
Caleb Baker
Mike Jones

We discussed the status of the specs, goals, interop and adoption.

Mike asked questions like:
               What problem is this trying to solve?
               Who will deploy this middleware?  Platform vendors?
               What does success look like?

Ashish said that building the ecosystem requires the participation of three parties:
               Identity Providers
               Enterprise Mobility Management (EMM) Vendors (such as AirWatch, Mobile Island)
               Application Developers / SAAS Vendors

We asked why there is the list of applications required in the specs
The enterprise use cases require federation, which may make them more compelling than consumer use cases, at least at first

Apparently there is a deck from the most recent CIS that outlines use cases and gives an overview
               By Ashish, Paul Madsen, Josh
               Caleb and Mike asked this to be shared

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-native-apps/attachments/20140228/48e100e5/attachment-0001.html>


More information about the Openid-specs-native-apps mailing list