Title: The Future of Cloud Identity Security and SSO: OpenID Connect
1 The Future of Cloud Identity Security and SSO
OpenID Connect
- After a decade of creating hundreds, if not
thousands of online user accounts and passwords,
most people are in need of some form of
consolidated, secure, Internet identity. OpenID
Connect 1.0 is poised to be the ubiquitous
standard that will allow users to whittle their
online presence down to a few chosen user
accounts, making the days of extraneous usernames
and passwords an internet relic like dial up
modems and AOL. -
- Although the OpenID Connect standard is still
being finalized, what is shaping up via the hard
work of many contributors including Google,
Microsoft, Yahoo, and Gluu, is nothing short of
revolutionary. What makes the case for adoption
more powerful and likely is that this group of
contributors, namely Google, Microsoft and Yahoo,
collectively serves and provides identity to a
critical mass of American consumers, and their
joint support for one standard method of sso
authentication will provide an overwhelming
reason for website implementation. -
- Beyond the benefits of consolidated internet
identity for consumers, OpenID Connect will also
provide the foundation for a far more efficient
and scalable enterprise federated single sign-on
solution.
2While SAML is the dominant protocol for achieving
secure attribute exchange and single sign-on
today, the identity community and most experts
agree the benefits of using OpenID Connect will
far outweigh SAML, and that OpenID Connect will
eventually replace SAML as the dominant protocol
for SSO. Whats changed from OpenID
2.0? Support for native client
applications Provider discovery using e-mail
address format User Info endpoint for simple
Connect capability Designed to work well on
mobile phones Uses JSON/REST, rather than
XML Support for encryption and higher
LOAs Support for distributed and aggregated
claims Support for session management, including
logout Support for self-issued identity
providers How to Prepare for OpenID
Connect People As a pure user, theres not
much you need to do to prepare for OpenID
Connect. Once the standard is finished, you will
surely be informed because the odds are you own a
Gmail, yahoo mail, or hotmail/msn account for
email.
3All those emails will be OpenID Connect-ready
once the standard is finalized. Additionally, the
user experience is based on Face book Connect,
which will provide a familiar flow to login and
attribute release. Organizations If youre an
organization (hypothetically speaking) that
provides users with an email account, you will
probably want to launch (1) an OpenID Connect
Provider (OP), like the open source OX platform
or the commercial Gluu Server where people at
your organizations can authenticate and, (2)
launch an single sign on authentication service
so Internet web sites can validate your
users. Website Owners Managers For website
owners and managers, you should consider adding
support for OpenID Connect 1.0 into your release
roadmap. The good news for web sites is that
OpenID Connect is relatively lightweight it
uses JSON, REST, etc and there are client
libraries out there in Java, Python and other
popular programming platforms. Additionally,
plug-in are on the way for widely deployed CMS
systems like Word Press and Liferay. Article
resource-https//sites.google.com/site/thegluuser
ver/the-future-of-cloud-identity-security-and-sso-
openid-connect