[Openid-specs-ab] Marketing OpenID: combatting negativity

Hans Zandbelt hans.zandbelt at zmartzone.eu
Tue Jan 29 21:57:16 UTC 2019 

FWIW: not requiring dynamic client registration for the OIDC RP
certification suite an existing enhancement request with a fairly simple
command-line workaround for the time being:
https://github.com/openid-certification/oidctest/issues/15

Hans.

On Tue, Jan 29, 2019 at 8:40 PM Tom Jones via Openid-specs-ab <
openid-specs-ab at lists.openid.net> wrote:

> FWIW i tried to address this by building a .NET library on core 1.1 for
> relying parties. The big problem for me was the certification as the
> existing .NET tooling did not support dynamic registration. When i tried to
> load that solution library into the MSFT samples, they had changed to .net
> core 2.0 and were not interested in a core 1.1 implementation. Now they are
> on to .net core 3.0. Identity mgmt is in a state of flux and the w3c ccg is
> not helping to stabilize the situation at all. While its hard to know how
> the openID foundation can help, i would recommend considering a
> certification test suite that did not depend on dynamic registration.
>
> In the meantime, i am trying to build a openid self issued ID open source
> solution compatible with the w3c ccg, to see if that can bring the two
> together.
>
> Peace ..tom
>
>
> On Tue, Jan 29, 2019 at 12:18 PM Mike Jones via Openid-specs-ab <
> openid-specs-ab at lists.openid.net> wrote:
>
>> For what it’s worth, I thought the article
>> https://developer.okta.com/blog/2019/01/23/nobody-cares-about-oauth-or-openid-connect
>> was mostly positive for OAuth and OpenID Connect (once you get past the
>> title).  Remember that unlike OpenID 2.0, we haven’t tried to make “OpenID
>> Connect” a consumer brand.  In fact, when we present about OpenID Connect,
>> we typically remind people that they’re probably using OpenID Connect, even
>> though they may not know it.  For instance, Slide 4 of
>> http://self-issued.info/presentations/OpenID_Connect_Introduction_23-Oct-18.pdf
>> says:
>>
>> *You’re probably already using OpenID Connect!*
>>
>>    - If you have an Android phone or log in at AOL, Deutsche Telekom,
>>    Google, Microsoft, NEC, NTT, Salesforce, Softbank, Symantec, Verizon, or
>>    Yahoo! Japan, you’re already using OpenID Connect
>>    - Many other sites and apps large and small also use OpenID Connect
>>
>>
>>
>> I thought that this part of the article was dead-on:
>>
>> The reason nobody cares about OAuth and OIDC is that OAuth and OIDC
>> aren’t what developers are interested in. The only thing developers are
>> *actually* interested in is what OAuth and OIDC help with, *authentication
>> and authorization*.
>>
>>
>>
>> 99.99% of developers out there don’t know (or want to know) anything
>> about OAuth, OIDC, or any other security specifications. All they want to
>> do is find the simplest and most straightforward way to support user
>> authentication and authorization in their application. They don’t care
>> about standards, specifications, grant types, JWTs, or scopes and timeouts
>> – all they want to do is log a user in and check to see what permissions
>> they have.
>>
>>
>>
>> To be clear, Okta advertised their allegiance to OpenID Connect here (and
>> in their OpenID Certifications <https://openid.net/certification/#OPs>):
>>
>> With the state of tooling right now, web developers are essentially
>> *forced* to learn about OAuth and OIDC and are burdened with the need to
>> understand how these standards work and how to (hopefully) apply them
>> properly to their application. It isn’t a great system.
>>
>>
>>
>> This is one of the reasons why, here at Okta
>> <https://developer.okta.com/>, even though our entire platform is built
>> on top of OAuth and OIDC, we spend tons of time and effort trying to build
>> abstractions (in the form of client libraries) to hide those complexities
>> and make securing your web applications simpler.
>>
>>
>>
>> I also agree with the gist of this conclusion:
>>
>> While OAuth and OIDC are certainly useful and important, the reality of
>> the situation today is that almost nobody cares about OAuth and OIDC.
>> Developers don’t want more OAuth and OIDC libraries and documentation in
>> their lives: they want less of it.
>>
>>
>>
>> The easier that we can all make it for developers to securely use OpenID
>> Connect, the better everyone.  That’s always been the goal!
>>
>>
>>
>>                                                        -- Mike
>>
>>
>>
>> *From:* Openid-specs-ab <openid-specs-ab-bounces at lists.openid.net> *On
>> Behalf Of *Nat Sakimura via Openid-specs-ab
>> *Sent:* Monday, January 28, 2019 3:43 PM
>> *To:* Artifact Binding/Connect Working Group <
>> openid-specs-ab at lists.openid.net>
>> *Cc:* Nat Sakimura <sakimura at gmail.com>; Mike Schwartz <mike at gluu.org>
>> *Subject:* Re: [Openid-specs-ab] Marketing OpenID: combatting negativity
>>
>>
>>
>> Mike,
>>
>>
>>
>> +1 on running inter-linked blog and vlog posts.
>>
>>
>>
>> +1 also for positioning OpenID is fun and easy. The "easy" part is a bit
>> an overstatement but it is clinically proven that if people were told that
>> it is hard, they will absolutely stop learning.
>>
>>
>>
>> Nat
>>
>>
>>
>> On Sun, Jan 27, 2019 at 9:02 PM Mike Schwartz via Openid-specs-ab <
>> openid-specs-ab at lists.openid.net> wrote:
>>
>>
>> I think to go head-to-head with the negative OpenID press, we need to
>> market a message something to the effect of:
>>
>> "Using OpenID is great fun, and it solves real problems for developers."
>>
>> You can't combat negativivity with a message of: "the detractors have a
>> point".
>>
>> We have the brain trust in this community to get that message out. If
>> everyone wrote one blog, and we all cross-promote on social media (i.e.
>> more of what Nat is doing so brilliantly on Youtube...), I think we
>> could make a dent in perceptions. Especially if we tap into the
>> corporate marketing cabailities of our respective organizations.
>>
>> - Mike
>>
>>
>> -----------
>> Michael Schwartz
>> Gluu
>> Founder / CEO
>> mike at gluu.org
>> https://www.linkedin.com/in/nynymike/
>> _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>
>>
>>
>>
>> --
>>
>> Nat Sakimura (=nat)
>>
>> Chairman, OpenID Foundation
>> http://nat.sakimura.org/
>> @_nat_en
>> _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>


-- 
hans.zandbelt at zmartzone.eu
ZmartZone IAM - www.zmartzone.eu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20190129/c23fdcc0/attachment.html>

More information about the Openid-specs-ab mailing list