<html>
<head>
<meta name="generator" content="Windows Mail 17.5.9600.20315">
<style><!--
p.MsoNormal, li.MsoNormal, div.MsoNormal {
margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
}
a:link, span.MsoHyperlink {
color:blue;
text-decoration:underline;
}
span.MsoHyperlinkFollowed {
color:purple;
text-decoration:underline;
}
span.EmailStyle17 {
font-family:"Calibri","sans-serif";
color:windowtext;
}
.MsoChpDefault {
font-family:"Calibri","sans-serif";
}
div.WordSection1 {
}
--></style><style data-externalstyle="true"><!--
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph {
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
}
p.MsoNormal, li.MsoNormal, div.MsoNormal {
margin:0in;
margin-bottom:.0001pt;
}
p.MsoListParagraphCxSpFirst, li.MsoListParagraphCxSpFirst, div.MsoListParagraphCxSpFirst,
p.MsoListParagraphCxSpMiddle, li.MsoListParagraphCxSpMiddle, div.MsoListParagraphCxSpMiddle,
p.MsoListParagraphCxSpLast, li.MsoListParagraphCxSpLast, div.MsoListParagraphCxSpLast {
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
line-height:115%;
}
--></style></head>
<body dir="ltr">
<div data-externalstyle="false" dir="ltr" style="font-family: 'Calibri', 'Segoe UI', 'Meiryo', 'Microsoft YaHei UI', 'Microsoft JhengHei UI', 'Malgun Gothic', 'sans-serif';font-size:12pt;">
<div>Its a very “busy” PR - making lots of claims.</div><div><br></div><div>Its about outsourcing the login page set (to a dozen huge corporations, who will offer online authentication much like Verisign once offered client digital id issuance).</div><div><br></div><div>Its about leveraging the trusted execution environment of the mobile phone (and the TPM of the laptop, and the tpe of the windows 8.1).</div><div><br></div><div>Restriction to giant firms gives one citizen identity scaling, that government can rely on. That is, your Hotmail account will be good to get you a tax refund, in the UK.</div><div><br></div><div>Its all about app economy on devices and PCs, uniformly. Though, one quote says the opposite: its all about identity fabric, and its NOT about the applications.</div><div><br></div><div>It makes SSO easy, for developers, being a variant of OAUTH 2. Personally, I found it hard to make WIndows talk to the OAUTH endpoints of Ping Identity, when I tried it, being tied out of the box into with a few friends of Microsoft instead (particular in the Azure case).</div><div><br></div><div>In the last few days, I have heard folks on the ground make the following additional claims, alluding to opened connect being cover for, generator of, or catalyst for additional “fabric” improvements:</div><div><br></div><div>Its about the API economy, stupid. And its about odata API builders, in particular. No! It was not Microsoft who said that. (US real estate has opted for a proprietary profile of ODATA and OAUTH, if anyone is interested, that is specifically NOT interoperable via openid connect, or similar - against my counsel).</div><div><br></div><div>Its about enterprise control of what app can be used where. </div><div><br></div><div>Its all about app desktops, that either do token-based or password vaulting.</div><div><br></div><div>Its a way of monetizing reputation, the buzzword of a year or two ago. All the intelligence of using OTHER RP services is fed into the risk metric calculation, that drives a multi-factor story. Once your score goes into the red, additional challenges appear (a la passmark).</div><div><br></div><div>Its all about scopes - meaning its ultimately a name server and registry play. Guess who offered that one!</div><div><br></div><div>No, its all “really” about various proprietary ssl client cert enrollment processes (e.g. that in Microsoft CRM), that then allows a family of apps on a device to communication via a shared key ring. Its really about ensuring Facebook’s “login app” doesn't succeed and create eco-systems of apps that cooperate. It must enable several such eco-systems, none of which talk to each other.</div><div><br></div><div>Not, its really all about ensuring the state of your “cloud-connected” app moves from device A to your PC, so you can continue on the PC where you left off on the device.<br></div><div><br></div><div>And a nice one about control and assurance: its all about SSL client certs stored in the TPM/TPE, creating a trusted environment that is free from virus attacks via the OS. Its leverages a secure container, that only governments and large firms control, delivering “assured software crypto”. Read into that what your paranoia level calls for (I assume the worst…)</div><div><br></div><div>Is all about using transport security (SSL), because its so cheap now. Its so cheap to compromise, that is, I suspect.</div><div><br></div><div>And a cute claim that was a little out there, from a UK/US startup: our $50k quantum random number generator can provide the nonces for the SSL handshake, making it hard to induce related key attacks that do packet staining. Like trusted time before it (remember that!?), we see all crypto devices controlled by a central source, supplying the assured entropy.</div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div data-signatureblock="true"><div><br></div><div>Sent from Surface Pro</div><div><br></div></div><div style="padding-top: 5px; border-top-color: rgb(229, 229, 229); border-top-width: 1px; border-top-style: solid;"><div><font face=" 'Calibri', 'Segoe UI', 'Meiryo', 'Microsoft YaHei UI', 'Microsoft JhengHei UI', 'Malgun Gothic', 'sans-serif'" style='line-height: 15pt; letter-spacing: 0.02em; font-family: "Calibri", "Segoe UI", "Meiryo", "Microsoft YaHei UI", "Microsoft JhengHei UI", "Malgun Gothic", "sans-serif"; font-size: 12pt;'><b>From:</b> <a href="mailto:Michael.Jones@microsoft.com" target="_parent">Mike Jones</a><br><b>Sent:</b> Wednesday, February 26, 2014 6:31 AM<br><b>To:</b> <a href="mailto:specs@openid.net" target="_parent">specs@openid.net</a>, <a href="mailto:general@openid.net" target="_parent">general@openid.net</a></font></div></div><div><br></div><div dir="">
<div class="WordSection1">
<p class="MsoNormal">See <a href="http://openid.net/2014/02/26/the-openid-foundation-launches-the-openid-connect-standard/" target="_parent">
http://openid.net/2014/02/26/the-openid-foundation-launches-the-openid-connect-standard/</a> and the tweet at @openid.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">This was also already favorably covered by TechCrunch: <a href="http://techcrunch.com/2014/02/26/openid-foundation-launches-openid-connect-identity-protocol-with-support-from-google-microsoft-others/" target="_parent">
http://techcrunch.com/2014/02/26/openid-foundation-launches-openid-connect-identity-protocol-with-support-from-google-microsoft-others/</a>.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> Cheers,</p>
<p class="MsoNormal"> -- Mike</p>
<p class="MsoNormal"> </p>
</div>
</div>
</div>
</body>
</html>