[OpenID] openid connect - a high level review - thinking about what the lawyer or auditor needs

[Peter Williams]

I totally buy the message you are communicating, John. I hope its where folks are going. Its the blogging-cloud as the new-telco story (which is not suprising given the work you were doing a few years ago).

 

I have a project I can think of even now, sitting there with an older webservice cast as a JSON endpoint, minting a JSON blob for a login method(), producing and projecting the "token" to a set of jqueried plugins sitting behind a token acceptor interceptor, on another website. . It just a nasty form of what you folks have done (and Id get json signature and encryption CMS_grade wrapper types, for free, and tokens that can wander beyond our own datacenter). Done with the right libraries (come on Microsoft, ... im waiting... for the Azure version of this that proves the point in practice), I can see it whether on-premise hosting or cloud hosting the auto provisioning of the endpoints for security management help offload the token generaion and handling. This all allows for the optional assurances services to plugin, and (as you say) step up to fussier security profiles based on community need.

 

This all makes lots of sense. That I can map it directly onto a project that is already in my , is great. its didnt require me to buyin to a platform that wanted to change how realty UIs and workflows or local federations of data shares are already setup. Its a set of core webservices and an endpoint auto-provisioning model, at heart - very much the SIP world.

 

What I totally dont buy into (and I dont know if the foundation will listen to this feedback) is user interface guidelines, governance of RP sites by IDP hub/spoke networks, ceding responsiblity for privacy policy management to IDPs, popup/callback designs for NASCARS, or handing over discovery to third parties that use that wedge to enforce public regulation compliance.  These all interfere with how realty works.

 

Libraries great. Protocols great. Cloud platforms great. Endpoint provisioning to common security endpoints, great. Ceding Control -  not great.