[OpenID board] upcoming Google announcement regarding OpenID

Santosh Rajan santrajan at gmail.com
Tue Jul 28 15:48:43 UTC 2009


Hehe! First time Google is formally using the word "OpenID" for their
Federated Login!This is also the first positive development for OpenID
(technically) I am seeing in months.
Gr8 work!

On Tue, Jul 28, 2009 at 8:58 PM, Eric Sachs <esachs at google.com> wrote:

> The Google announcement of this new OpenID service has now been formally
> posted at
>
> http://googlecode.blogspot.com/2009/07/google-apps-openid-identity-hub-for.html
>
> On Wed, Jul 8, 2009 at 11:47 AM, Eric Sachs <esachs at google.com> wrote:
>
>> Yes, I now realize I mistakenly posted this to the public instead or
>> private board mailing list :-)  Not a particularly big deal since we have
>> been discussing this planned launch in the discovery community.
>> Feel free to respond on either the public or private mailing list.
>>
>> On Wed, Jul 8, 2009 at 11:05 AM, Eric Sachs <esachs at google.com> wrote:
>>
>>> Below are drafts of two blog posts we will make in the upcoming weeks
>>> about the fact that we are now operating an OpenID IDP for the million+
>>> schools/enterprise/ISPs that are outsourcing their email to Google Apps.  We
>>> would appreciate this not being circulated beyond the board until it is
>>> public.  This new support required that we work with the community to define
>>> some extensions to the OpenID discovery process.  While those discussions
>>> have been going on in the community the last few months, those extensions
>>> are not yet formalized and probably won't be until they are proven in
>>> production environments.  There is the potential for some community members
>>> (or press) to assume (or at least imply in articles) some evil intent by
>>> Google to co-opt OpenID with these extensions.  It would be nice to have a
>>> blog post on the formal OpenID blog that was supportive of our approach, so
>>> I wanted to see if the board members are comfortable with that.
>>>
>>> On a somewhat related point, I also expect this will further increase the
>>> pressure on us as a community to find more scalable UI options since the
>>> Nascar style approach obviously cannot include buttons for these million new
>>> IDPs.  We have also just posted a set of summary UI guidelines that we will
>>> be referencing from our API documentation at
>>> http://sites.google.com/site/oauthgoog/UXFedLogin/summary.  The goal was
>>> to keep it to one-page which forced us to cut additional background
>>> information, but if you think we cut something critical, let me know.
>>>
>>> Enterprise blog: Google Apps + OpenID = identity hub for all your SaaS
>>>
>>> We are happy to announce that the Google OpenID Federated Login API<http://code.google.com/apis/apps/sso/openid_reference_implementation.html> has
>>> been extended to Google Apps accounts used by businesses, schools, and other
>>> organizations. The service is important not only to the individuals in those
>>> organizations, who can interact with a variety of consumer websites with a
>>> single credential <add link to Google code post>, but also to the
>>> organizations themselves, who are increasingly reliant on multiple Software
>>> as a Service (SaaS) solutions from different vendors.
>>>
>>>
>>> For these organizations, Google Apps can now become an identity and data
>>> hub for multiple SaaS providers. When integrated with partner solutions such
>>> as XXX from XXX, the Google Open ID Federated Login API enables a single
>>> Google Apps login to provide secure access to services like Salesforce.com,
>>> SuccessFactors, and WebEX, as well as B2B partners, internal applications,
>>> and of course consumer web sites. See XXX's post <add link> to learn
>>> more about their implementation and view the demo and case study <add
>>> links>.
>>>
>>>
>>> Another early adopter is XXX, a SaaS project management vendor who uses
>>> the new service to make it easier for any organization using Google Apps to
>>> sign up for and deploy XXX o their users:
>>>
>>> < INSERT SCREEN SHOTS>
>>>
>>>
>>> Activating the OpenID Federated Login service for your domain is simple
>>> and secure. To achieve that, we introduced a new experimental discovery
>>> protocol<http://groups.google.com/group/google-federated-login-api/web/openid-discovery-for-hosted-domains> addressing
>>> some of the challenges with the current version (2.0) of OpenID<http://openid.net/specs/openid-authentication-2_0.html>
>>> :
>>>
>>>
>>>
>>>    - Reducing the hassle of hosting discovery documents on the domain
>>>    web-site - the discovery protocol offer a solution that allows a hosted
>>>    domain to become an OpenID Provider without hosting any documents at all.
>>>    Optionally, a domain may choose to host one simple file to support a more
>>>    complete discovery flow.
>>>
>>>
>>>
>>>    - Being an OpenID Identity Provider requires strong security
>>>    protection again attacks that could modify web pages on the site. To avoid
>>>    that requirement for businesses and organizations, we introduced digital
>>>    signatures on the discovery documents and a verification flow to support
>>>    that.
>>>
>>>
>>> You can find more details in our API<http://code.google.com/apis/apps/sso/openid_reference_implementation.html>
>>>  and Discovery<http://groups.google.com/group/google-federated-login-api/web/openid-discovery-for-hosted-domains> documentation,
>>> or join the discussions in the Google Federated Login API Group<http://groups.google.com/group/google-federated-login-api/web/oauth-support-in-googles-federated-login-api>,
>>> where you can ask any question and get answers from with other Identity
>>> Providers, Relying Parties and Google engineers.
>>>
>>>
>>> *The OpenID Federated Login Service is available for all Google Apps
>>> editions. However, it is disabled by default for the Premier and Education
>>> and editions  , and it requires the Domain Admin to manually enable it from
>>> the Control Panel. So Admins - go turn this today for your users<http://code.google.com/apis/apps/sso/openid_reference_implementation.html#cpanel>.
>>> At Google.com - we already enabled it for our employees... *
>>>
>>>
>>> Google Code blog: Over a million new OpenID Identity Providers !We are
>>> happy to announce that the Google OpenID Federated Login API<http://code.google.com/apis/apps/sso/openid_reference_implementation.html>
>>> has been extended to Google Apps accounts used by businesses, schools, and
>>> other organizations.  Individuals in these organizations can now sign in to
>>> 3rd party websites using their Google Apps account, without giving away
>>> their credentials. In addition to the value for the end-users, the new
>>> service also benefits the organizations themselves, who are increasingly
>>> reliant on multiple Software as a Service (SaaS) solutions from different
>>> vendors. For example, XXX is an early adopter, allowing any organization
>>> running Google Apps to more quickly sign up for and adopt their service:
>>>
>>> << INSERT SCREEN SHOTS>
>>>
>>>
>>> See our post on the Google Enterprise Blog <add link> to learn more
>>> about the opportunities for the organizations.
>>>
>>>
>>> Supporting the API for Google Apps accounts is exciting news for the OpenID
>>> community <http://www.openid.net/>, as it adds numerous new trustworthy
>>> Identity Provider (IDP) domains and increases the OpenID end user base by
>>> millions. In order to allow web-sites to easily become Relying Parties for
>>> these many new IDPs and users, we defined a new discovery protocol<http://groups.google.com/group/google-federated-login-api/web/openid-discovery-for-hosted-domains>.
>>> The protocol allows Relying Parties to identify that a given domain is
>>> hosted on Google Apps and securely access its OpenID Provider End Point. The
>>> current proposal is an interim solution, and we are participating in several
>>> standardization organizations, such as OASIS<http://www.oasis-open.org/> and
>>> the OpenID Foundation <http://openid.net/foundation/>, to generate a
>>> next-generation standard. Since the current protocol proposal is not
>>> supported by the standard OpenID libraries, we provided an implementation of
>>> the Relying Party pieces at the Open Source project -
>>> step2.googlecode.com <http://code.google.com/p/step2/>. Google is also
>>> offering a set of resource addressing the issues of designing a scalable
>>> Federated Login User Interface. You are welcome to visit the User
>>> Experience summary for Federated Login<http://sites.google.com/site/oauthgoog/UXFedLogin/summary> Google
>>> Sites page, where you can find links do demos, mocks and usabilty research
>>> data.
>>>
>>> Prefer an out-of-the-box solution? We have been working with JanRain<http://www.janrain.com/>,
>>> a provider of OpenID solutions, which already support the new API as part of
>>> their RPX product <http://rpxnow.com/>. As demonstrated by UserVoice<http://uservoice.com/session/new>
>>>  using JanRain's RPX <http://rpxnow.com/>, a user simply types in her
>>> Google Apps hosted domain name in the OpenID login box and everything else
>>> is being taken care of:
>>>
>>>
>>> <Add UserVoice (or other proposed RPX website) screenshots>
>>>
>>>
>>>
>>> You can find more details in our API<http://code.google.com/apis/apps/sso/openid_reference_implementation.html>
>>>  and Discovery<http://groups.google.com/group/google-federated-login-api/web/openid-discovery-for-hosted-domains> documentation,
>>> or join the discussions in the Google Federated Login API Group<http://groups.google.com/group/google-federated-login-api/web/oauth-support-in-googles-federated-login-api>,
>>> where you can ask any question and get answers from with other Identity
>>> Providers, Relying Parties and Google engineers.
>>>
>>> *The OpenID Federated Login Service is available for all Google Apps
>>> editions. However, it is disabled by default for the Premier  and Education
>>> editions, and it requires the Domain Admin to manually enable it from the
>>> Control Panel. So Admins - go turn this today for your users<http://code.google.com/apis/apps/sso/openid_reference_implementation.html#cpanel>.
>>> At Google.com - we already enabled it for our employees... *
>>>
>>
>>
>
> _______________________________________________
> board mailing list
> board at openid.net
> http://openid.net/mailman/listinfo/board
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-board/attachments/20090728/132907cd/attachment.htm>


More information about the board mailing list