[OpenID] general Digest, Vol 85, Issue 4

Don Thibeau don at oidf.org
Fri Mar 21 12:41:33 UTC 2014 

For the record I do not recall the comment nor agree with the the interpretation Kaliya Hamlin attributes to me.

Don Thibeau
The OpenID Foundation



On Mar 21, 2014, at 8:00 AM, openid-general-request at lists.openid.net wrote:

Send general mailing list submissions to
	openid-general at lists.openid.net

To subscribe or unsubscribe via the World Wide Web, visit
	http://lists.openid.net/mailman/listinfo/openid-general
or, via email, send a message with subject or body 'help' to
	openid-general-request at lists.openid.net

You can reach the person managing the list at
	openid-general-owner at lists.openid.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of general digest..."


Today's Topics:

  1. Re:  [OpenID board] [Board-ec] Fwd: JTC1_N13405-Proposal for
     a liaison C between Open ID Foundation and ISO/IEC JTC1 SC27 WG5
     (Nat Sakimura)
  2.  Growing list of OpenID Connect libraries available (Mike Jones)
  3. Re:  Growing list of OpenID Connect libraries available
     (Peter Williams)
  4. Re:  [OpenID board] [Board-ec] Fwd: JTC1_N13405-Proposal	for
     a liaison C between Open ID Foundation and ISO/IEC JTC1 SC27 WG5
     (John Bradley)
  5. Re:  [OpenID board] [Board-ec] Fwd: JTC1_N13405-Proposal for
     a liaison C between Open ID Foundation and ISO/IEC JTC1 SC27 WG5
     (Torsten Lodderstedt)


----------------------------------------------------------------------

Message: 1
Date: Fri, 21 Mar 2014 09:47:22 +0900
From: Nat Sakimura <sakimura at gmail.com>
To: Kaliya Identity Woman <identitywoman at gmail.com>
Cc: "openid-general at lists.openid.net"
	<openid-general at lists.openid.net>
Subject: Re: [OpenID] [OpenID board] [Board-ec] Fwd:
	JTC1_N13405-Proposal for a liaison C between Open ID Foundation and
	ISO/IEC JTC1 SC27 WG5
Message-ID:
	<CABzCy2DMNDdpokEiG9Bu9YXyAwXi4MXit4vb5JYd4Cixa9LKRA at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

Removing: board at openid.net and board-ec at openid.net from the Cc list and
adding openid-general since this is more of a community question and not
the board discussion.

2014-03-21 7:31 GMT+09:00 Kaliya Identity Woman <identitywoman at gmail.com>:

> I asked Don last time we were in person if the GSMA in its use/adoption of
> OpenID was going to enable people to easily have more then one profile on
> their device. He basically said they hadn't thought of it and in effect
> said "nope".


Actually, this is not true. Many telcos are perfectly willing to give
ability to the consumers multiple "identities".
The credential being SIM based and the support of multiple
"identity/partial identity/paersona" is an orthogonal thing.
Perhaps Torsten can chime in here as well.

-- 
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20140321/7546fd9c/attachment-0001.html>

------------------------------

Message: 2
Date: Fri, 21 Mar 2014 00:55:03 +0000
From: Mike Jones <Michael.Jones at microsoft.com>
To: "code at openid.net" <code at openid.net>, "general at openid.net"
	<general at openid.net>
Subject: [OpenID] Growing list of OpenID Connect libraries available
Message-ID:
	<4E1F6AAD24975D4BA5B16804296739439A101D60 at TK5EX14MBXC286.redmond.corp.microsoft.com>
	
Content-Type: text/plain; charset="us-ascii"

The list of publicly available OpenID Connect libraries is growing, with implementations available for numerous development platforms and environments, including Drupal, Java, PHP, Python, and Ruby. See the Libraries<http://openid.net/developers/libraries/> page for a list of OpenID Connect<http://openid.net/connect/> libraries, as well as libraries implementing the related JSON Web Token (JWT) and JSON Object Signing and Encryption (JOSE) specifications. These libraries make it easy to join the likewise growing list of OpenID Connect deployments.

If your library isn't listed and you'd like it to be, please drop us a note on the code at openid.net mailing list<http://lists.openid.net/mailman/listinfo/openid-code> or the general at openid.net mailing list<http://lists.openid.net/mailman/listinfo/openid-general>.

Also, if you're interested in participating in OpenID Connect interop testing, please join the openid-connect-interop at googlegroups.com mailing list<http://groups.google.com/group/openid-connect-interop> and ask to be added to the current OpenID Connect interop<http://osis.idcommons.net/wiki/OC5:OpenID_Connect_Interop_5>.

                                                               -- Mike

P.S.  This note was also posted at http://openid.net/2014/03/20/growing-list-of-openid-connect-libraries-available/ and tweeted as @openid.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20140321/40e3a12e/attachment-0001.html>

------------------------------

Message: 3
Date: Fri, 21 Mar 2014 01:00:15 +0000
From: Peter Williams <home_pw at msn.com>
To: "=?utf-8?Q?general at openid.net?=" <general at openid.net>
Subject: Re: [OpenID] Growing list of OpenID Connect libraries
	available
Message-ID: <SNT405-EAS299C9306F05BCC3C806F9992790 at phx.gbl>
Content-Type: text/plain; charset="utf-8"

I'll give a small challenge and feedback for developers - addressing a challenge I see. The challenge is due to the ?ever changing? websso world.


We have a joomla deployment, that REALLY exploits websso. From claims in the inbound assertion, all sorts of application roles drive menus, drive profiles, drive link visibility, drive page embedding, (etc etc). I think this was known, in the last round of fancy marketing, as claims driven apps (or something). Identity metasystem, or something. Hey, it may even have been ?user centric?.


I'd love to move FROM current ws-fedp plugin (that cost a $1000 to do, when given to the right person) to openid connect. Perhaps, I could find another $1000?


Now, I'm not known as the smartest key on the chain, and still see the world in simple terms. I'm happy for such as the Microsoft openid connect solution (in the cloud) to invoke websso for me (in response to an openid connect request - for an id_token). Sure, I could make Joomla call openid connect (to invoke websso). And, obviously, a token translation occurs on the return leg, moving values from the ws-fedp-delivered assertion (from the websso step) to the oauth authorization process (that delivers a nice JWT to me, with some of the ?claims? from the websso step).


If I cannot get the claims I currently get (from direct access to websso), I cannot move to openid connect (which gives me ONLY indirect access to websso, and claims handover that is decided by others). Which makes openid connect MIGRATION hard ).


Yes - you might way - your silly implementation, Peter,  doesn't fit the "Intended pattern?. Which is, of course, your fault (for buying into last years marketing, around claims, if not user centric consent and control). Rebuild it all (and adopt the ?right pattern?!!). And, of course that will happen (when one just dumps - rather than revises - the ?old? stuff) 


Of course, that is not reality (as code and patterns marketed and adopted only 2 years ago have a multiple year lifetime, down here on main street. Not all of us are billion dollar companies (with payoffs from natsec agencies or potential federal cloud contracts for 100,000 tenants?).



Just some feedback on ?adoption?, in that 80% of the market that is ?bound up? in legacy cost economics. Even legacy of ? 2 years ago.


Having ?groked? openid connect (thanks to superb Microsoft cloud-based delivery of it ), I'm for it (now I get it). Now reality sets in. Change is hampered by the ?advanced? stuff done , ahem, 2 years ago - whose very PATTERN is already considered ?legacy?. 


Hopefully this spurs the next generation of developers - who know a bit that large market of 
?legacy migration? (from claims to connect?)













From: Mike Jones
Sent: ?Thursday?, ?March? ?20?, ?2014 ?5?:?55? ?PM
To: code at openid.net, general at openid.net






The list of publicly available OpenID Connect libraries is growing, with implementations available for numerous development platforms and environments, including Drupal, Java, PHP, Python, and Ruby. See the Libraries page for a list of OpenID Connect libraries, as well as libraries implementing the related JSON Web Token (JWT) and JSON Object Signing and Encryption (JOSE) specifications. These libraries make it easy to join the likewise growing list of OpenID Connect deployments.

If your library isn?t listed and you?d like it to be, please drop us a note on the code at openid.net mailing list or the general at openid.net mailing list.

Also, if you?re interested in participating in OpenID Connect interop testing, please join the openid-connect-interop at googlegroups.com mailing list and ask to be added to the current OpenID Connect interop.



                                                               -- Mike



P.S.  This note was also posted at http://openid.net/2014/03/20/growing-list-of-openid-connect-libraries-available/ and tweeted as @openid.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20140321/25559c72/attachment-0001.html>
-------------- next part --------------
_______________________________________________
general mailing list
general at lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-general

------------------------------

Message: 4
Date: Fri, 21 Mar 2014 00:46:24 -0300
From: John Bradley <ve7jtb at ve7jtb.com>
To: Nat Sakimura <sakimura at gmail.com>
Cc: "openid-general at lists.openid.net"
	<openid-general at lists.openid.net>
Subject: Re: [OpenID] [OpenID board] [Board-ec] Fwd:
	JTC1_N13405-Proposal	for a liaison C between Open ID Foundation and
	ISO/IEC JTC1 SC27 WG5
Message-ID: <FE2669E9-B157-497A-8C92-EE9EEB709A6C at ve7jtb.com>
Content-Type: text/plain; charset="iso-8859-1"

In discussions I have had with Mobile operators privacy has been a concern, though that may be influenced by many of them being in Europe and having to conform to much stricter privacy laws than in the US.

The connect profile is intended to create a common set of features and possibly a single registration point to make it possible for RP to deal with potentially 800 IdP given that the internet is global.

I think many people will agree that creating a common identity layer rather than regional ones is a good thing.

Asking about persona on the device may have confused the issue.  It would surprise me if multiple persona including non corralatable ones are not supported for asserting to RP.

That is different from multiple persona on the device being used for authentication to the MNO as the IdP.  

In developing the profile support for pairwise identifiers will need to be sorted out.  They have privacy benefits as long as you are not handing out other corralatable attributes.

One value add the MNO have is that they can provide proofed attributes with the users consent.   In the multiple persona case there may be legal restrictions on them providing attributes they know are not true.  So outside of the technical profile that we are developing there may be policy issues that the operators need to deal with.

One side benefit of this is if the we get RP into the ecosystem this way and can move them to a world where they have to allow selection between hundreds of IdP then the NASCAR breaks down and there is more opportunity for specialist IdP like UnitedID to be accepted.

John B.



On Mar 20, 2014, at 9:47 PM, Nat Sakimura <sakimura at gmail.com> wrote:

> Removing: board at openid.net and board-ec at openid.net from the Cc list and adding openid-general since this is more of a community question and not the board discussion. 
> 
> 2014-03-21 7:31 GMT+09:00 Kaliya Identity Woman <identitywoman at gmail.com>:
> I asked Don last time we were in person if the GSMA in its use/adoption of OpenID was going to enable people to easily have more then one profile on their device. He basically said they hadn't thought of it and in effect said "nope". 
> 
> Actually, this is not true. Many telcos are perfectly willing to give ability to the consumers multiple "identities". 
> The credential being SIM based and the support of multiple "identity/partial identity/paersona" is an orthogonal thing. 
> Perhaps Torsten can chime in here as well. 
> 
> -- 
> Nat Sakimura (=nat)
> Chairman, OpenID Foundation
> http://nat.sakimura.org/
> @_nat_en
> _______________________________________________
> general mailing list
> general at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-general

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20140321/f3ff1f02/attachment-0001.html>

------------------------------

Message: 5
Date: Fri, 21 Mar 2014 07:36:36 +0100
From: Torsten Lodderstedt <torsten at lodderstedt.net>
To: Nat Sakimura <sakimura at gmail.com>, Kaliya Identity Woman
	<identitywoman at gmail.com>
Cc: "openid-general at lists.openid.net"
	<openid-general at lists.openid.net>
Subject: Re: [OpenID] [OpenID board] [Board-ec] Fwd:
	JTC1_N13405-Proposal for a liaison C between Open ID Foundation and
	ISO/IEC JTC1 SC27 WG5
Message-ID: <9m200p3klmqd6pem2uj9vtog.1395383796676 at email.android.com>
Content-Type: text/plain; charset="utf-8"

Different operators have different capabilities and identify management philosophies. Due to our philosophy, which is rather decoupled from mobile subscriptions, Deutsche Telekom could offer an option to have multiple identities (where at most one of them is authenticated with the SIM card). It would require users to select their id per RP, which might be considered a UX issue.

Regards,?
Torsten.

-------- Urspr?ngliche Nachricht --------
Von: Nat Sakimura <sakimura at gmail.com> 
Datum:21.03.2014  01:47  (GMT+01:00) 
An: Kaliya Identity Woman <identitywoman at gmail.com> 
Cc: openid-general at lists.openid.net 
Betreff: Re: [OpenID] [OpenID board] [Board-ec] Fwd: JTC1_N13405-Proposal for a liaison C between Open ID Foundation and ISO/IEC JTC1 SC27 WG5 

Removing: board at openid.net and board-ec at openid.net from the Cc list and adding openid-general since this is more of a community question and not the board discussion.?

2014-03-21 7:31 GMT+09:00 Kaliya Identity Woman <identitywoman at gmail.com>:
I asked Don last time we were in person if the GSMA in its use/adoption of OpenID was going to enable people to easily have more then one profile on their device. He basically said they hadn't thought of it and in effect said "nope".?

Actually, this is not true. Many telcos are perfectly willing to give ability to the consumers multiple "identities".?
The credential being SIM based and the support of multiple "identity/partial identity/paersona" is an orthogonal thing.?
Perhaps Torsten can chime in here as well.?

-- 
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20140321/e29d5132/attachment-0001.html>

------------------------------

_______________________________________________
general mailing list
general at lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-general


End of general Digest, Vol 85, Issue 4
**************************************

More information about the general mailing list