[Openid-specs-ab] Blog: OAuth vs. SAML vs. OpenID Connect
Mike Schwartz
mike at gluu.org
Thu Dec 8 20:32:25 UTC 2016
OpenID Connect Gurus,
This blog I wrote yesterday got 13k hits in the last 24 hours...
http://gluu.co/oauth-saml-openid
It generated a bunch of comments on Hacker News. Feel free to help
answer / respond to some of the questions:
https://news.ycombinator.com/item?id=13126750
One observation: we're not doing a good enough job getting the word out
about OpenID Connect. A few more examples to back up this contention:
* A popular linux website, *yesterday*, published a review of OpenID
2.0, mentioning Connect briefly, and completely missing the message:
https://lwn.net/SubscriberLink/708151/d5cbd707d352d881/
* ENISA (European Union Agency for Network and Information Security)
recently put out some disparaging notes on OAuth2: Exploiting OAuth 2.0
Protocol in Mobile Applications
https://www.enisa.europa.eu/publications/info-notes/exploiting-oauth-2-0-protocol-in-mobile-applications
One of the conclusion: "There is not a single, well-defined and
extensively documented mobile implementation of OAuth 2.0 for mobile
applications." (What about appAuth?)
* Or even this mis-informed blog from a few days ago:
http://techbeacon.com/state-social-authentication-oauth-job
- Mike
-------------------------------------
Michael Schwartz
Gluu
Founder / CEO
mike at gluu.org
http://gluu.org
More information about the Openid-specs-ab
mailing list