[Openid-specs-ab] Draft openid.net blog post

Mon Sep 12 14:32:57 UTC 2011

We should post about the updated specs before the summit starts.  Here's a proposed draft.  After giving people some time to suggest improvements, can you please post this this morning Nat?

                                                            Thanks,
                                                            -- Mike

OpenID Connect Specs Incorporating Developer Feedback

Since we posted in July<http://openid.net/2011/07/15/current-map-for-openid-connect/> about the availability of preliminary OpenID Connect<http://openid.net/connect/> specifications, developers have been building implementations and submitting feedback on the specs.  The specs have been revised to incorporate their feedback.  A new map of the specs is as follows:

[Description: OpenID Connect Protocol Suite]

The biggest difference you'll notice is that there is now only one spec to implement for "Minimal" clients (rather than previously three).  A number of people had asked that there be a single, simple, self-contained spec that basic relying parties could implement.  That spec is the OpenID Connect Basic Client Profile<http://openid.net/specs/openid-connect-basic-1_0.html>.  That's all you need for a web-based relying party utilizing a pre-configured set of OpenID Providers.

For "Dynamic" configurations, where the set of OpenID Providers is not pre-configured, Discovery<http://openid.net/specs/openid-connect-discovery-1_0.html> and Dynamic Client Registration<http://openid.net/specs/openid-connect-registration-1_0.html> capabilities are added to enable RPs to discover OP endpoints and to connect with the OP selected.  This functionality is needed for "open" OpenID Connect interactions.

OpenID Providers, native client applications, and clients needing more functionality than that provided by the Basic Client Profile implement the OpenID Connect Standard <http://openid.net/specs/openid-connect-standard-1_0.html> binding for the OpenID Connect Messages<http://openid.net/specs/openid-connect-messages-1_0.html>.  Finally, OPs and RPs needing session management capabilities, including logout, also implement OpenID Connect Session Management<http://openid.net/specs/openid-connect-session-1_0.html>.

As you can see, the current organization remains highly modular, where implementations can build and deploy only what they need.  Now that modularity is even better reflected in the way that the specs are written - particularly that there is a single, self-contained basic client specification.

In closing, we'd like to thank developers for the valuable feedback provided to date.  Your input has both improved the technical content of OpenID Connect, and possibly even more importantly, made the specs simpler and easier to understand.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110912/9da994c7/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 85682 bytes
Desc: image002.png
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110912/9da994c7/attachment.png>