[OpenID] Lots of great data about JWT and OpenID Connect adoption!

Peter Williams home_pw at msn.com
Wed Jul 22 12:58:54 UTC 2015 

Hmm.

Openid connect I do see as a distinct improvement, in the generic upper layer protocol stack. It goes beyond being an application context of layer 5, 6 and 7-baseline security protocols  cooperating with the insecure stack to protect telematic applications. It merges the security management plane with the comsec plane, in interesting ways.

Not sure about jwt. Apart from changing the term cert to token, not really sure why its not just the latest encoding of x509, with profiled extensions.

I wasn't too impressed with the aws to azure aad integration, supposedly an exemplary model of American cloud integrations. Neither the saml nor connect integrations shine.   The Google and Microsoft hookups do look strong though (and hint at the multi cloud break through (complementing docker compusec security models)).

I'd be happier with jwt if I saw it in such as Microsoft template projects whichtraditionally teach and liberate. So far, jwt is absent, with os/machine tokens being minted when an websites own AS handles grants, complementing its webapi endpoint support. Perhaps things will rev, though, as folks feel comfortable letting the AS cease to be a controlled cloud vendor, social id related concept and become a signed blob for all occasions.

Sent from my Windows Phone

-----Original Message-----
From: "Mike Jones" <Michael.Jones at microsoft.com>
Sent: ‎7/‎21/‎2015 3:30 PM
To: "openid-specs-ab at lists.openid.net" <openid-specs-ab at lists.openid.net>; "Matias Woloski" <matias at auth0.com>
Cc: "openid-connect-interop at googlegroups.com" <openid-connect-interop at googlegroups.com>; "openid-code at lists.openid.net" <openid-code at lists.openid.net>; "openid-general at lists.openid.net" <openid-general at lists.openid.net>; "specs at lists.openid.net" <specs at lists.openid.net>; "board at lists.openid.net" <board at lists.openid.net>
Subject: [OpenID] Lots of great data about JWT and OpenID Connect adoption!

Read https://auth0.com/blog/2015/07/21/jwt-json-webtoken-logo/ and check out http://jwt.io/.  Very cool!
 
I posted about this at http://self-issued.info/?p=1423 and as @selfissued.
 
                                                            -- Mike

More information about the general mailing list