[Openid-specs-ab] Marketing OpenID: combatting negativity

Mike Jones Michael.Jones at microsoft.com
Tue Jan 29 20:18:24 UTC 2019 

For what it’s worth, I thought the article https://developer.okta.com/blog/2019/01/23/nobody-cares-about-oauth-or-openid-connect was mostly positive for OAuth and OpenID Connect (once you get past the title).  Remember that unlike OpenID 2.0, we haven’t tried to make “OpenID Connect” a consumer brand.  In fact, when we present about OpenID Connect, we typically remind people that they’re probably using OpenID Connect, even though they may not know it.  For instance, Slide 4 of http://self-issued.info/presentations/OpenID_Connect_Introduction_23-Oct-18.pdf says:
You’re probably already using OpenID Connect!

  *   If you have an Android phone or log in at AOL, Deutsche Telekom, Google, Microsoft, NEC, NTT, Salesforce, Softbank, Symantec, Verizon, or Yahoo! Japan, you’re already using OpenID Connect
  *   Many other sites and apps large and small also use OpenID Connect

I thought that this part of the article was dead-on:

The reason nobody cares about OAuth and OIDC is that OAuth and OIDC aren’t what developers are interested in. The only thing developers are actually interested in is what OAuth and OIDC help with, authentication and authorization.



99.99% of developers out there don’t know (or want to know) anything about OAuth, OIDC, or any other security specifications. All they want to do is find the simplest and most straightforward way to support user authentication and authorization in their application. They don’t care about standards, specifications, grant types, JWTs, or scopes and timeouts – all they want to do is log a user in and check to see what permissions they have.

To be clear, Okta advertised their allegiance to OpenID Connect here (and in their OpenID Certifications<https://openid.net/certification/#OPs>):

With the state of tooling right now, web developers are essentially forced to learn about OAuth and OIDC and are burdened with the need to understand how these standards work and how to (hopefully) apply them properly to their application. It isn’t a great system.



This is one of the reasons why, here at Okta<https://developer.okta.com/>, even though our entire platform is built on top of OAuth and OIDC, we spend tons of time and effort trying to build abstractions (in the form of client libraries) to hide those complexities and make securing your web applications simpler.


I also agree with the gist of this conclusion:

While OAuth and OIDC are certainly useful and important, the reality of the situation today is that almost nobody cares about OAuth and OIDC. Developers don’t want more OAuth and OIDC libraries and documentation in their lives: they want less of it.

The easier that we can all make it for developers to securely use OpenID Connect, the better everyone.  That’s always been the goal!

                                                       -- Mike

From: Openid-specs-ab <openid-specs-ab-bounces at lists.openid.net> On Behalf Of Nat Sakimura via Openid-specs-ab
Sent: Monday, January 28, 2019 3:43 PM
To: Artifact Binding/Connect Working Group <openid-specs-ab at lists.openid.net>
Cc: Nat Sakimura <sakimura at gmail.com>; Mike Schwartz <mike at gluu.org>
Subject: Re: [Openid-specs-ab] Marketing OpenID: combatting negativity

Mike,

+1 on running inter-linked blog and vlog posts.

+1 also for positioning OpenID is fun and easy. The "easy" part is a bit an overstatement but it is clinically proven that if people were told that it is hard, they will absolutely stop learning.

Nat

On Sun, Jan 27, 2019 at 9:02 PM Mike Schwartz via Openid-specs-ab <openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>> wrote:

I think to go head-to-head with the negative OpenID press, we need to
market a message something to the effect of:

"Using OpenID is great fun, and it solves real problems for developers."

You can't combat negativivity with a message of: "the detractors have a
point".

We have the brain trust in this community to get that message out. If
everyone wrote one blog, and we all cross-promote on social media (i.e.
more of what Nat is doing so brilliantly on Youtube...), I think we
could make a dent in perceptions. Especially if we tap into the
corporate marketing cabailities of our respective organizations.

- Mike


-----------
Michael Schwartz
Gluu
Founder / CEO
mike at gluu.org<mailto:mike at gluu.org>
https://www.linkedin.com/in/nynymike/
_______________________________________________
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net<mailto:Openid-specs-ab at lists.openid.net>
http://lists.openid.net/mailman/listinfo/openid-specs-ab


--
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20190129/3613a9b9/attachment.html>

More information about the Openid-specs-ab mailing list