[Openid-specs-ab] Marketing OpenID: combatting negativity
Nick Roy
nroy at internet2.edu
Mon Jan 28 19:34:06 UTC 2019
Yes, this sounds exactly like what we have been dealing with in SAML federation for many years. Ironically, OAuth/OpenID Connect are seen as the solution to this problem by a lot of deployers, developers, etc. I’ve come to the conclusion that security is hard, and it doesn’t matter what protocol you’re using, it’s going to be equally difficult to do it right.
Nick
On 28 Jan 2019, at 10:08, Phil Hunt wrote:
> You are speaking of a general problem that has existed for over 25 years. On the customer side, centralized IDM vs business unit vs app control of ID life-cycle has been a long standing problem. In the past the need for governance drove a lot of centralization. Now that services are moving to the cloud, central IT had even less say over SaaS services purchased by business units direct.
>
> On the app side, developers see themselves as the center. They want total control of user experience—especially authentication. We’ve yet to reach people to explain that this is bad for security. The work on appauth/native apps went a long way. But the message still needs to be driven harder. IMO.
>
> Every authen protocol goes through similar hype/reality cycles. “Look at this new protocol it is so much simpler”. “Oh we need this and that for interop and evolving security threats”. “Oh look this protocol is just too complex”. Authen protocols all go through the same hype cycle, some don’t make it. Others last. Connect, IMO has done well. It is making its way through the cycle.
>
> As for Okta’s article, I agree with George.
>
> Phil
>
>> On Jan 28, 2019, at 7:44 AM, Nick Roy via Openid-specs-ab <openid-specs-ab at lists.openid.net> wrote:
>>
>> Hey Mike, thanks - can you post some links to some of the negative press? I was not aware of this phenomena.
>>
>> Nick
>>
>>> On 27 Jan 2019, at 5:02, Mike Schwartz via Openid-specs-ab wrote:
>>>
>>> I think to go head-to-head with the negative OpenID press, we need to market a message something to the effect of:
>>>
>>> "Using OpenID is great fun, and it solves real problems for developers."
>>>
>>> You can't combat negativivity with a message of: "the detractors have a point".
>>>
>>> We have the brain trust in this community to get that message out. If everyone wrote one blog, and we all cross-promote on social media (i.e. more of what Nat is doing so brilliantly on Youtube...), I think we could make a dent in perceptions. Especially if we tap into the corporate marketing cabailities of our respective organizations.
>>>
>>> - Mike
>>>
>>>
>>> -----------
>>> Michael Schwartz
>>> Gluu
>>> Founder / CEO
>>> mike at gluu.org
>>> https://www.linkedin.com/in/nynymike/
>>> _______________________________________________
>>> Openid-specs-ab mailing list
>>> Openid-specs-ab at lists.openid.net
>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>> _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 512 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20190128/685dcff2/attachment.asc>
More information about the Openid-specs-ab
mailing list