[Openid-specs-ab] Blog: OAuth vs. SAML vs. OpenID Connect

Mike Schwartz mike at gluu.org
Thu Dec 8 20:32:25 UTC 2016

OpenID Connect Gurus,

This blog I wrote yesterday got 13k hits in the last 24 hours...

It generated a bunch of comments on Hacker News. Feel free to help 
answer / respond to some of the questions:

One observation: we're not doing a good enough job getting the word out 
about OpenID Connect. A few more examples to back up this contention:

* A popular linux website, *yesterday*, published a review of OpenID 
2.0, mentioning Connect briefly, and completely missing the message:

* ENISA (European Union Agency for Network and Information Security) 
recently put out some disparaging notes on OAuth2: Exploiting OAuth 2.0 
Protocol in Mobile Applications

One of the conclusion: "There is not a single, well-defined and 
extensively documented mobile implementation of OAuth 2.0 for mobile 
applications." (What about appAuth?)

* Or even this mis-informed blog from a few days ago:

- Mike

Michael Schwartz
Founder / CEO
mike at gluu.org

More information about the Openid-specs-ab mailing list