<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#002060;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1876771201;
mso-list-type:hybrid;
mso-list-template-ids:1558053822 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:1.0in;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:1.5in;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:2.0in;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:2.5in;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:3.0in;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:3.5in;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:4.0in;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:4.5in;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:5.0in;
text-indent:-.25in;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#002060">For what it’s worth, I thought the article
<a href="https://developer.okta.com/blog/2019/01/23/nobody-cares-about-oauth-or-openid-connect">
https://developer.okta.com/blog/2019/01/23/nobody-cares-about-oauth-or-openid-connect</a> was mostly positive for OAuth and OpenID Connect (once you get past the title). Remember that unlike OpenID 2.0, we haven’t tried to make “OpenID Connect” a consumer
brand. In fact, when we present about OpenID Connect, we typically remind people that they’re probably using OpenID Connect, even though they may not know it. For instance, Slide 4 of
<a href="http://self-issued.info/presentations/OpenID_Connect_Introduction_23-Oct-18.pdf">
http://self-issued.info/presentations/OpenID_Connect_Introduction_23-Oct-18.pdf</a> says:<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><b><span style="color:#002060">You’re probably already using OpenID Connect!<o:p></o:p></span></b></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoListParagraph" style="color:#002060;mso-list:l0 level1 lfo1">If you have an Android phone or log in at AOL, Deutsche Telekom, Google, Microsoft, NEC, NTT, Salesforce, Softbank, Symantec, Verizon, or Yahoo! Japan, you’re already using OpenID Connect<o:p></o:p></li><li class="MsoListParagraph" style="color:#002060;mso-list:l0 level1 lfo1">Many other sites and apps large and small also use OpenID Connect<o:p></o:p></li></ul>
<p class="MsoNormal"><span style="color:#002060"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#002060">I thought that this part of the article was dead-on:<o:p></o:p></span></p>
<p style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.5in;margin-bottom:.0001pt">
<span style="font-size:12.0pt;font-family:""",serif;color:#5D5D5D">The reason nobody cares about OAuth and OIDC is that OAuth and OIDC aren’t what developers are interested in. The only thing developers are
<em><span style="font-family:""",serif">actually</span></em> interested in is what OAuth and OIDC help with,
<strong><span style="font-family:""",serif">authentication and authorization</span></strong>.<o:p></o:p></span></p>
<p style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.5in;margin-bottom:.0001pt">
<span style="font-size:12.0pt;font-family:""",serif;color:#5D5D5D"><o:p> </o:p></span></p>
<p style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.5in;margin-bottom:.0001pt;box-sizing: border-box;proxima-nova"Helvetica,Arial,sans-serif;orphans: 2;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="font-size:12.0pt;font-family:""",serif;color:#5D5D5D">99.99% of developers out there don’t know (or want to know) anything about OAuth, OIDC, or any other security specifications. All they want to do is find the simplest and most straightforward
way to support user authentication and authorization in their application. They don’t care about standards, specifications, grant types, JWTs, or scopes and timeouts – all they want to do is log a user in and check to see what permissions they have.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#002060"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#002060">To be clear, Okta advertised their allegiance to OpenID Connect here (and in their
<a href="https://openid.net/certification/#OPs">OpenID Certifications</a>):<o:p></o:p></span></p>
<p style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.5in;margin-bottom:.0001pt">
<span style="font-size:12.0pt;font-family:""",serif;color:#5D5D5D">With the state of tooling right now, web developers are essentially
<em><span style="font-family:""",serif">forced</span></em> to learn about OAuth and OIDC and are burdened with the need to understand how these standards work and how to (hopefully) apply them properly to their application. It isn’t a great system.<o:p></o:p></span></p>
<p style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.5in;margin-bottom:.0001pt">
<span style="font-size:12.0pt;font-family:""",serif;color:#5D5D5D"><o:p> </o:p></span></p>
<p style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.5in;margin-bottom:.0001pt;box-sizing: border-box;proxima-nova"Helvetica,Arial,sans-serif;orphans: 2;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="font-size:12.0pt;font-family:""",serif;color:#5D5D5D">This is one of the reasons why, here at
<a href="https://developer.okta.com/"><span style="color:#007DC1">Okta</span></a>, even though our entire platform is built on top of OAuth and OIDC, we spend tons of time and effort trying to build abstractions (in the form of client libraries) to hide those
complexities and make securing your web applications simpler.<o:p></o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:12.0pt;font-family:""",serif;color:#5D5D5D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#002060">I also agree with the gist of this conclusion:<o:p></o:p></span></p>
<p style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.5in;margin-bottom:.0001pt">
<span style="font-size:12.0pt;font-family:""",serif;color:#5D5D5D">While OAuth and OIDC are certainly useful and important, the reality of the situation today is that almost nobody cares about OAuth and OIDC. Developers don’t want more OAuth and OIDC libraries
and documentation in their lives: they want less of it.<o:p></o:p></span></p>
<p class="MsoNormal" style="box-sizing: border-box;proxima-nova"Helvetica,Arial,sans-serif;orphans: 2;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="color:#002060"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#002060">The easier that we can all make it for developers to securely use OpenID Connect, the better everyone. That’s always been the goal!<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#002060"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#002060"> -- Mike<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#002060"><o:p> </o:p></span></p>
<p class="MsoNormal"><b>From:</b> Openid-specs-ab <openid-specs-ab-bounces@lists.openid.net>
<b>On Behalf Of </b>Nat Sakimura via Openid-specs-ab<br>
<b>Sent:</b> Monday, January 28, 2019 3:43 PM<br>
<b>To:</b> Artifact Binding/Connect Working Group <openid-specs-ab@lists.openid.net><br>
<b>Cc:</b> Nat Sakimura <sakimura@gmail.com>; Mike Schwartz <mike@gluu.org><br>
<b>Subject:</b> Re: [Openid-specs-ab] Marketing OpenID: combatting negativity<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">Mike, <o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">+1 on running inter-linked blog and vlog posts. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">+1 also for positioning OpenID is fun and easy. The "easy" part is a bit an overstatement but it is clinically proven that if people were told that it is hard, they will absolutely stop learning. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Nat<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal">On Sun, Jan 27, 2019 at 9:02 PM Mike Schwartz via Openid-specs-ab <<a href="mailto:openid-specs-ab@lists.openid.net">openid-specs-ab@lists.openid.net</a>> wrote:<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<p class="MsoNormal"><br>
I think to go head-to-head with the negative OpenID press, we need to <br>
market a message something to the effect of:<br>
<br>
"Using OpenID is great fun, and it solves real problems for developers."<br>
<br>
You can't combat negativivity with a message of: "the detractors have a <br>
point".<br>
<br>
We have the brain trust in this community to get that message out. If <br>
everyone wrote one blog, and we all cross-promote on social media (i.e. <br>
more of what Nat is doing so brilliantly on Youtube...), I think we <br>
could make a dent in perceptions. Especially if we tap into the <br>
corporate marketing cabailities of our respective organizations.<br>
<br>
- Mike<br>
<br>
<br>
-----------<br>
Michael Schwartz<br>
Gluu<br>
Founder / CEO<br>
<a href="mailto:mike@gluu.org" target="_blank">mike@gluu.org</a><br>
<a href="https://www.linkedin.com/in/nynymike/" target="_blank">https://www.linkedin.com/in/nynymike/</a><br>
_______________________________________________<br>
Openid-specs-ab mailing list<br>
<a href="mailto:Openid-specs-ab@lists.openid.net" target="_blank">Openid-specs-ab@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a><o:p></o:p></p>
</blockquote>
</div>
<p class="MsoNormal"><br clear="all">
<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal">-- <o:p></o:p></p>
<div>
<p class="MsoNormal">Nat Sakimura (=nat)<o:p></o:p></p>
<div>
<p class="MsoNormal">Chairman, OpenID Foundation<br>
<a href="http://nat.sakimura.org/" target="_blank">http://nat.sakimura.org/</a><br>
@_nat_en<o:p></o:p></p>
</div>
</div>
</div>
</body>
</html>