[OpenID] Openid connect and interoperability (today)

[peter williams]

One more general question comes to mind. Using rsa-signed jwts, using id certs, using access tokens that reference id certs, noting the claim that google have deployed openid connect in essence, and noting that facebook apparently use an original proprietary version of openid connect, what is the state of multi-vendor openid connect deployment?

We almost licensed ping identitys openid module for their federation server, once the firm announced oauth v2 conformance and once id figured that app/plugin fever had struck in the heart of microsofts Office365 cloud service (wherein web-hosted sites can host pages that display in the outlook email client, augmenting the email page itself, as rendered by the cloud service AND where oauth-like authorization grant and vendor control practices govern plugin activation and subscription).  This seemed like a good fit...for us...allowing professional data about a "member of realty association" to augment the email addressing information.

Ping did their best  to accomodate (since they tend to be market leading and put up with me like few others do). But i was stunned to learn that oauth 2 delivered nothing of any value (to such a multi-vendor concept). The very concept was still scoped to private community devices (logically enabling controlled realty iphone apps talking to realty apis, aping facebook model of world order). Such devices (including windows toolkits making sp website into "authorized devices") would still require custom code or realty plugins even for that 5 year old world view.

While the ping deal idn't happen for some strange commercial reasons and my lack of faith that the market concept was of much importance (why do i want to ape google/facebook, being intentionally 5 years late to the party), we did go off and extend our websso so that third party authorization servers could do their thing, adding oauth2 value. Thus we let microsoft azure cloud services for oauth offer such extensibility (effectively adding yap - yet another (websso) protocol - to the  family). And duly another realty firm with native table/phone apps did connect up .. finding oauth 2 code grant flow with rsa-signed jwts "just right".

Which leads me back to the main question. Where is openid connect in practice? Is there a groundswell? Is it at the  im explosion stage still (wherein aol, yahoo, live refused to connect up...)? Is the technical profiling and core interoperability phase done? Is it at the find a vc, phase?

Perhaps want i really want to know is when will openid connect be an open system? When can i talk to office 365 using my jwts, much as i can talk to any webserver on the planet using my ssl x509 client certs?

Or is that the wrong question? Is it _supposed_ to be a closed system, like x400/x500, fully distributed but with a hierarchical connectivity mesh controlled much public phone systems connect (at a relatively few formal connection points)?