The Future of Cloud Identity Security and SSO: OpenID Connect

1
 The Future of Cloud Identity Security and SSO
OpenID Connect

• After a decade of creating hundreds, if not
  thousands of online user accounts and passwords,
  most people are in need of some form of
  consolidated, secure, Internet identity. OpenID
  Connect 1.0 is poised to be the ubiquitous
  standard that will allow users to whittle their
  online presence down to a few chosen user
  accounts, making the days of extraneous usernames
  and passwords an internet relic like dial up
  modems and AOL.
•  
• Although the OpenID Connect standard is still
  being finalized, what is shaping up via the hard
  work of many contributors including Google,
  Microsoft, Yahoo, and Gluu, is nothing short of
  revolutionary. What makes the case for adoption
  more powerful and likely is that this group of
  contributors, namely Google, Microsoft and Yahoo,
  collectively serves and provides identity to a
  critical mass of American consumers, and their
  joint support for one standard method of sso
  authentication will provide an overwhelming
  reason for website implementation.
•  
• Beyond the benefits of consolidated internet
  identity for consumers, OpenID Connect will also
  provide the foundation for a far more efficient
  and scalable enterprise federated single sign-on
  solution.

2
While SAML is the dominant protocol for achieving
secure attribute exchange and single sign-on
today, the identity community and most experts
agree the benefits of using OpenID Connect will
far outweigh SAML, and that OpenID Connect will
eventually replace SAML as the dominant protocol
for SSO. Whats changed from OpenID
2.0?   Support for native client
applications Provider discovery using e-mail
address format User Info endpoint for simple
Connect capability Designed to work well on
mobile phones Uses JSON/REST, rather than
XML Support for encryption and higher
LOAs Support for distributed and aggregated
claims Support for session management, including
logout Support for self-issued identity
providers   How to Prepare for OpenID
Connect   People As a pure user, theres not
much you need to do to prepare for OpenID
Connect. Once the standard is finished, you will
surely be informed because the odds are you own a
Gmail, yahoo mail, or hotmail/msn account for
email.
3
All those emails will be OpenID Connect-ready
once the standard is finalized. Additionally, the
user experience is based on Face book Connect,
which will provide a familiar flow to login and
attribute release.   Organizations If youre an
organization (hypothetically speaking) that
provides users with an email account, you will
probably want to launch (1) an OpenID Connect
Provider (OP), like the open source OX platform
or the commercial Gluu Server where people at
your organizations can authenticate and, (2)
launch an single sign on authentication service
so Internet web sites can validate your
users.   Website Owners Managers For website
owners and managers, you should consider adding
support for OpenID Connect 1.0 into your release
roadmap. The good news for web sites is that
OpenID Connect is relatively lightweight it
uses JSON, REST, etc and there are client
libraries out there in Java, Python and other
popular programming platforms. Additionally,
plug-in are on the way for widely deployed CMS
systems like Word Press and Liferay.   Article
resource-https//sites.google.com/site/thegluuser
ver/the-future-of-cloud-identity-security-and-sso-
openid-connect