Insights from OpenID Connect Success

Slide Note
Embed
Share

Explore the key takeaways from the success of OpenID Connect, such as its ease of use for developers and users, applicability to complex scenarios, cooperation with standards like OAuth and JWT, exceptional interoperability, security measures, and community-driven development process. Insights on standardization, security analysis, and community engagement are highlighted.

aragon
aragon Follow

Uploaded on Jul 02, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.



Presentation Transcript

  1. Lessons Learned from OpenID Connect Torsten Lodderstedt SPRIND, OWF

  2. What can people in standardization learn from the success of OpenID Connect? Easy to use - for developers but also for users However, OpenID Connect can also be used for complex scenarios - up to LOA High, FAPI Cooperation - OpenID Connect was built on top of OAuth and JWT ( IETF) Amazing interoperability Connect OP: 575, Connect RP: 112 conformance testing is standard now at OIDF Outstanding security through formal security analysis Systematic and formal security analysis are standard now at OIDF Open Standard Approachable community

  3. Celebrating Ten Years of OpenID Connect June 7, 2024 Michael B. Jones Self-Issued Consulting

  4. Looking Back and Looking Forward OpenID Connect became final in February 2014 Today I ll briefly share my thoughts on How we created OpenID Connect What we achieved together Lessons learned

  5. In the Beginning Artifact Binding for OpenID 2.0 started in 2010 Hence the openid-specs-ab@lists.openid.net mailing list name But developers were choosing JSON/REST over XML/SOAP Pivoted to instead create JSON/REST protocol over OAuth 2.0 Result branded OpenID Connect at IIW in May 2011 Five rounds of interop testing between 2011 and 2013! Specifications refined after each round of interop testing Early developer feedback was priceless

  6. Design Philosophy Keep simple things simple Make complex things possible

  7. The Nov Matake Test As we considered new features, we d ask ourselves: Would Nov want to add it to his implementation? Is it simple enough that he could build it in a few hours?

  8. Broad Participation OpenID Connect

  9. Learning from the Past Architects had extensive SAML and OpenID 2.0 experience Borrowed ideas that already worked well Metadata Authentication Contexts Added useful things that were previously hard or missing Support for native applications Encrypted claims Signed requests

  10. Extensible by Design Successful systems have to adapt and grow Always specified that additional values may be used And specified that not-understood values don t cause errors Enables adding things without breaking existing deployments Indeed, many successful Connect (and OAuth) extensions have been created and deployed Including logout and identity assurance

  11. Built using Modular Components Created components and features we needed in parallel JSON Web Signature (JWS) JSON Web Encryption (JWE) JSON Web Key (JWK) JSON Web Token (JWT) WebFinger ID Token

  12. What We Achieved Most used identity protocol Thousands of interoperable implementations In every conceivable language Certification Program making interop a reality ISO accepted our submission for republication

  13. Innumerable OpenID Connect Deployments Android, AOL, Apple, AT&T, Auth0, Deutsche Telekom, ForgeRock, Google, GrabTaxi, GSMA Mobile Connect, IBM, KDDI, Microsoft, NEC, NRI, NTT, Okta, Oracle, Orange, Ping Identity, Red Hat, Salesforce, Softbank, Symantec, Telef nica, Verizon, Yahoo, Yahoo! Japan, all use OpenID Connect And many MANY more!

  14. Lessons Learned Developers choose things that are simple Developer choice critical to adoption Interoperability and security require rigorous testing OpenID Certification program was essential to Connect s success Extensibility is critical to long-term success Deployments have to be easy to use (or they won t be used) Most RPs limited IdP choice as a simplification Even though Connect was designed to give users complete choice Not everything works out the way you planned Developer and deployer feedback is gold!

  15. Oh, Its Damn Complex?! https://www.sakimura.org https://nat.sakimura.org _nat _nat_en Nat Sakimura https://youtube.com/@NatSakimura NAT Consulting ETC https://www.linkedin.com/in/natsakimura

  16. OpenID Connect: Online Selective Claims Disclosure Protocol Claims on-the-fly 1. Me User AuthN Grant (Consent) Claims Claims on-the-fly Which also forms Basis for ABAC. ID Token Claims AT/RT Etc. Static Claims RP OP/SIOP Claim Sources

  17. Used in wide array of use cases acct: openid:// (Source) Based on https://www.namirial.com/en/news/state-of-play-on- adoption-of-digital-identity-in-italy-2023-all-roads-lead-to-the-wallets/

  18. Learning from the history OpenID Authentication 2.0 (key=value) David Recordon et al. OpenID AB WG (Key=value?) XNS.org Drummond Reed OpenID Connect 1.0 OpenID AX Dick Hardt SAML 1.0 OpenID 1.0 Brad Fitzpatrick 2014 2012 2005 2007 2008 2009 2010 1999 2001 2002 SAML 2.0 (XML, XML DSIG, SOAP) OpenID.net David Lehn OAuth 1.0 (Key=value) E. Hammer-Lahav OAuth 2.0 (Key=value) Dick Hardt OpenID TX/CX Proposal Nishitani/Sakimura

  19. Early design decisions: Early design decisions: 1. No Canonicalization 2. ASCII Armoring 3. REST 4. JSON

  20. Early design decisions: Early design decisions: 1. No Canonicalization 2. ASCII Armoring 3. REST 4. JSON 5. JWx

  21. Early design decisions: Early design decisions: 1. No Canonicalization 2. ASCII Armoring 3. REST 4. JSON 5. JWx 6. Base on OAuth WRAP Dick Hardt 2.0

  22. Features not widely used or seen Features not widely used or seen Oh, It s Damn Complex 1. Aggregated and Distributed Claims 2. Granular Claims Request 3. Essential/Optional Claims 4. AcctURI 5. policy_url 6. Request Object (Started to see this only after FAPI)

  23. What lessons we learned that could apply to other What lessons we learned that could apply to other initiatives initiatives Be persistent - till you succeed Learn from history Fix what was not done well Find the developer pain and solve it Make it simple to read, simple to implement for the minimum viable case

  24. OpenID: There is no spoon John Bradley Principal Architect, Yubico a.k.a. Mercenary

  25. OpenID is more than a single specification or Idea Insert insightful comment .

Related


Unveiling the Power of OpenID Connect

Unveiling the Power of OpenID Connect

marlie
OpenID Connect Working Group Update & Progress Report

OpenID Connect Working Group Update & Progress Report

madiha
OpenID Connect Working Group

OpenID Connect Working Group

jaydon
Understanding OpenID Connect: A Comprehensive Overview

Understanding OpenID Connect: A Comprehensive Overview

caiden
Future Connect 2023 Summary Document Overview

Future Connect 2023 Summary Document Overview

ernie
Benefits of Operator Connect for Microsoft Teams Administration

Benefits of Operator Connect for Microsoft Teams Administration

sophronia
Step-by-Step Guide to Register and Login for WBG Edcast Grow Learn Connect Courses

Step-by-Step Guide to Register and Login for WBG Edcast Grow Learn Connect Courses

zac
CSE Connect January 2024 Poster Submission Information

CSE Connect January 2024 Poster Submission Information

miller
Understanding Management, Leadership, and Organizational Success

Understanding Management, Leadership, and Organizational Success

jagger
Ohio Career Readiness Leaders Network Meetup - October 10, 2023

Ohio Career Readiness Leaders Network Meetup - October 10, 2023

kylian
Telling Your Story Through the Power of Evidence

Telling Your Story Through the Power of Evidence

bode
Enhancing Online Student Engagement in Health Sciences Profession

Enhancing Online Student Engagement in Health Sciences Profession

manisa
Overview of Indonesia's ICT Landscape Opportunities and Challenges

Overview of Indonesia's ICT Landscape Opportunities and Challenges

ferdinand
Understanding Last Mile Solutions in Broadband Technology

Understanding Last Mile Solutions in Broadband Technology

nadia
Comprehensive Traded Services Update for Schools in Wokingham

Comprehensive Traded Services Update for Schools in Wokingham

naveen
Teacher Self-Care Strategies for Well-Being

Teacher Self-Care Strategies for Well-Being

anais
Rotary Club Support and Governance Services Overview

Rotary Club Support and Governance Services Overview

novalee
Using BIBFRAME in a mixed MARC environment

Using BIBFRAME in a mixed MARC environment

isidore
Academic and Career Success at Florida International University

Academic and Career Success at Florida International University

aphrodite
Empowering Students: Butte College's Guided Pathways Initiative

Empowering Students: Butte College's Guided Pathways Initiative

creed
Enhancing Student Success through Block Scheduling at KSU

Enhancing Student Success through Block Scheduling at KSU

rafe
Fanshawe SOAR Chapter 1: Introduction

Fanshawe SOAR Chapter 1: Introduction

prairie
Barson House Welcome and Vision at Holmfirth High School

Barson House Welcome and Vision at Holmfirth High School

dietrich
Reimagining Leadership in Presbyterian Governance for Mission Success

Reimagining Leadership in Presbyterian Governance for Mission Success

vesper

More Related Content

Service Catalog Project? Prepare Your Team for Success
Service Catalog Project? Prepare Your Team for Success
Effective Classroom Policies for Student Success
Effective Classroom Policies for Student Success
Pearls of Wisdom for Success
Pearls of Wisdom for Success
Unlocking the Power of Work-Based Learning for Student Success
Unlocking the Power of Work-Based Learning for Student Success
Official Event Success Guide: Dress, Communication, and Presentation Tips
Official Event Success Guide: Dress, Communication, and Presentation Tips
Enhancing Educational Resilience with RESTA Model
Enhancing Educational Resilience with RESTA Model
Understanding the Essence of Strategy in Organizational Success
Understanding the Essence of Strategy in Organizational Success
Empowering Early Careerists: Navigating the Path to Success in Nursing Informatics Webinar
Empowering Early Careerists: Navigating the Path to Success in Nursing Informatics Webinar
Grant Writing Tips and Strategies for Success in Mental Health Research
Grant Writing Tips and Strategies for Success in Mental Health Research
Comprehensive Housing Assistance Programs Overview
Comprehensive Housing Assistance Programs Overview
Insights into the Bridge (Puente) Program at HCC
Insights into the Bridge (Puente) Program at HCC
Leveraging Leadership in PLC for Educational Success
Leveraging Leadership in PLC for Educational Success
Unleash Your Market Research Potential with this Actionable Webinar!
Unleash Your Market Research Potential with this Actionable Webinar!
Inspiring Insights from Misk Global Forum 2022
Inspiring Insights from Misk Global Forum 2022
Operational Risk Assessment for Major Accident Control: Insights from IChemE Hazards 33 Conference
Operational Risk Assessment for Major Accident Control: Insights from IChemE Hazards 33 Conference
Shumei Natural Agriculture: Improving Soil Health and Resilience
Shumei Natural Agriculture: Improving Soil Health and Resilience
Connect your learning – Past Climate Change
Connect your learning – Past Climate Change
Rescue Drone: Increasing Autonomy and Implementing Computer Vision
Rescue Drone: Increasing Autonomy and Implementing Computer Vision
Extreme Access Focus Group Telecon
Extreme Access Focus Group Telecon
All systems connect
All systems connect
Cities and Communities
Cities and Communities
SGG Module 7 – Student Engagement in Assessment
SGG Module 7 – Student Engagement in Assessment
Making an Effective Referral
Making an Effective Referral
ILO Fundamental Principles and Rights at Work
ILO Fundamental Principles and Rights at Work