[Openid-specs-ab] Call for Adoption of the OpenID Provider Commands Specification

Michael Schwartz mike at gluu.org
Wed Mar 5 22:16:57 UTC 2025 

Howdy y'all.

Gluu supports adoption of the OpenID Provider Commands Specification.

As federated login becomes the norm for B2B websites, standardizing account
management could be a real benefit to enterprises. At many B2B websites,
federated login = account registration. So OpenID Provider Commands simply
recognizes that there is more work to do post-registration. Interoperable
federated account management can only improve the utility of OpenID Connect
in the B2B space and encourage OpenID's already robust adoption trajectory.

IMHO, introducing a "tenant" claim is no big deal. Connect says "ID Tokens
MAY contain other Claims." So we are simply reserving one specific claim
based on a common usage pattern seen in the trenches. I don't see how this
hurts any RPs or OPs that don't care to use it. I feel the same for the
"group" claim.

Regarding the use of SSE... first of all, OpenID Server Side Events should
not have overlapped this W3C acronym--that was their mistake. W3C
Server-Sent Events (SSE) was introduced as part of the HTML5 specification,
with initial drafts appearing around 2009.  As this OP Commands proposal is
for short-lived SSE sessions--seconds not hours--I think it's totally fine.
I've noticed that the OpenID community has been very creative using the
limited tools available to us, and I don't see why use of this common
feature---supported by every major browser--is a problem. BTW, Janssen
Project Lock Server uses SSE to push updated configuration and token status
JWTs to our Cedarling authz component. The Apache Kafka REST Proxy exposes
Kafka topics over HTTP and supports SSE for streaming events to
clients. GitLab uses SSE in parts of its real-time job execution and
monitoring system. I'm sure there are more examples out there in the wild.
So this is not nearly as esoteric or complex as the "trust chain" tech
introduced in OpenID Federation Draft 42.

Net-net, I like it because it helps the RPs. More and better RPs = more
business value.

- Mike


--------------------------------------
Michael Schwartz
Gluu
Founder/CEO
mike at gluu.org
https://www.linkedin.com/in/nynymike

-- 





*CONFIDENTIALITY NOTICE*

This message may contain confidential or 
legally privileged information.
If you are not the intended recipient, 
please immediately advise the sender by reply e-mail that you received this 
message, and delete this e-mail from your system.
Thank you for your 
cooperation
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20250305/21db1639/attachment-0001.htm>

More information about the Openid-specs-ab mailing list