[Openid-specs-ab] Blog: OAuth vs. SAML vs. OpenID Connect

Mike Schwartz mike at gluu.org
Thu Dec 8 20:32:25 UTC 2016


OpenID Connect Gurus,

This blog I wrote yesterday got 13k hits in the last 24 hours...
    http://gluu.co/oauth-saml-openid

It generated a bunch of comments on Hacker News. Feel free to help 
answer / respond to some of the questions:
   https://news.ycombinator.com/item?id=13126750

One observation: we're not doing a good enough job getting the word out 
about OpenID Connect. A few more examples to back up this contention:

* A popular linux website, *yesterday*, published a review of OpenID 
2.0, mentioning Connect briefly, and completely missing the message:
  https://lwn.net/SubscriberLink/708151/d5cbd707d352d881/

* ENISA (European Union Agency for Network and Information Security) 
recently put out some disparaging notes on OAuth2: Exploiting OAuth 2.0 
Protocol in Mobile Applications
https://www.enisa.europa.eu/publications/info-notes/exploiting-oauth-2-0-protocol-in-mobile-applications

One of the conclusion: "There is not a single, well-defined and 
extensively documented mobile implementation of OAuth 2.0 for mobile 
applications." (What about appAuth?)

* Or even this mis-informed blog from a few days ago:
   http://techbeacon.com/state-social-authentication-oauth-job

- Mike


-------------------------------------
Michael Schwartz
Gluu
Founder / CEO
mike at gluu.org
http://gluu.org


More information about the Openid-specs-ab mailing list