[OpenID] openid connect. what is it?

Peter Williams home_pw at msn.com
Fri Sep 20 02:22:51 UTC 2013 

Good try. But it didn't deliver the story.

It said that id cert standardizes some Facebook thing (that I know nothing about, since Facebook is irrelevant to us).

It seemed to hint at the old (pre NSA surveillance state) position, of making idps (or as partners) govern RP privacy policies, limiting who gets which sensitive claims.  In a total surveillance climate, this American privacy- initiatives looks silly (and deceptive even).

We were left with some academic schema statements based on inverted models of identity (you are the attributes attached to different relations). The point was lost. I felt like I was learning about an isam file structure (without knowing why).

I .was confused about the point of showcasing yet more jw* standards. All I guessed was that things will be day reimplement ws)secureconversation, perhaps, swapping byte format. This seemed to be a wap moment (having designed for a phone world * pre* broadband rate data plans, and handheld cpu/ram bigger than my university had for the entire engineering faculty.

I was left with only one hint, from phone UI pictures. It was that oauth facilitates their being a native logon app, that supports other apps on the phone in that idps ecosystem. (and maybe other idp app sellers, if 2 idp chhose to coordinate - like all, yahoo and live in the era of I'm

Just as I waited 3y for oauth to mature (and finally makes its case), wondering whether I should just ignore openid connect - and look again in 2-3 years?

Sent from my Windows Phone
________________________________
From: Nat Sakimura<mailto:sakimura at gmail.com>
Sent: ‎9/‎19/‎2013 4:16 PM
To: Peter Williams<mailto:home_pw at msn.com>
Cc: openid-general at lists.openid.net<mailto:openid-general at lists.openid.net>
Subject: Re: [OpenID] openid connect. what is it?

This page may help you understand what OpenID Connect is based on your understanding of OAuth.

http://nat.sakimura.org/2013/07/05/identity-authentication-oauth-openid-connect/

ID Token has been used by google for sometime.
It's predecessor, signed request of Facebook has been used very widely as well.

=nat via iPhone

Sep 20, 2013 7:33、Peter Williams <home_pw at msn.com> のメッセージ:

> Having deployed an isp-class oauth service, I feel I know what OAUTH is (finally). Rather than have an embedded authentication website, it does websso to an IDP. In other words, the AS is itself an websso SP.
>
> Now, I understand that a few tweaks of messages in OAUTH allows that AS-webssoSP bridge to invoke a selector screen - by which users choose IDPs from a list. And, I understand that the OAUTH tweaks might indicate which of several IDP lists to use, where a OAUTH IDP-class service can tune-its self up to offer multiple private label experiences, selected by some or other label sent in an OAUTH message.
>
> Is that ALL opened "connect" is? (a way of hosting lots of identity selector pages, together with the config of the IDP metadata, etc; and a way of choosing which page of selections to present)?
>
> Ive also seen hints that "companion" JWTs  might accompany the access token. Known as id-tokens, they don't actually seem to exist in the wild (not having escaped the paper lab, yet). As far as I can tell, they are just JWTs with more than the nameid claim, thereby avoiding a per-IDP API call (just to collect a yahoo API's vs facebook APIs member record claimset).
>
> Is this opened connect?
>
> I've also seen hints that the companion JWT is supposed to be a mobile account-linking record; similar to the old account linking service elements of OASIS. is this opened connect? If there is "evidence" that several access tokens all relate to a common persistent name (ahem XRD id, for structured names) represented by the id-token, is this openid connect?
>
>
>
>
> _______________________________________________
> general mailing list
> general at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-general
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20130919/5a60c557/attachment.html>

More information about the general mailing list