[Openid-specs-ab] Roland Hedberg's federation specification

Mike Schwartz mike at gluu.org
Mon Jul 11 23:05:48 UTC 2016


OpenID WG,

I was reading the meeting notes today, and I want to interject my 
comments about Roland's OpenID Connect federation proposal.

First of all, my assessment of Roland's draft is that it has significant 
gaps, and it needs a lot of work.

I'm concerned that the imperatives of the main OpenID Connect group are 
consumer and enterprise authentication. Because this multi-party 
federration draft needs so much work, I think it would be better to 
develop it seperately, and bring it back to the main group when there is 
consensus on a solution.

There are a lot of interested parties with regard to the development of 
multi-party federation trust models who could contribute more 
effectively if the standard was developed under a more targeted working 
group. For example, as the co-chair of the Kantara OTTO WG, which was 
formed expressly to address the challenge of federation of Oauth2 
entities, I know we have a core group of people who are interested to 
collaborate.

It would be nice if whatever process takes place at OIDF should be an 
open, democratic forum, as several of us from OTTO would like to 
participate.

- Mike

-------------------------------------
Michael Schwartz
Gluu
Founder / CEO
mike at gluu.org



More information about the Openid-specs-ab mailing list