After the Berlin OpenID AB/C WG F2F meeting, I have been trying to refactor the Connect suites into more palatable form. I am supposed to create two sets of the refactored version. One for a granular split version and the other for a monolithic version. Some people like Torsten and Me push for a granular version and people like Brian is pushing for a monolithic version. Note: Since it is just a refactoring, no normative change is being made. It is essentially cut and paste of the paragraphs into different orders.
Since monolithic version amounts to concatenating the granular version, I have started working on the partitioned version first.
Here is the layout:
- OpenID Connect – Part 1: Authentication Core
- Defines the authentication based on the OAuth 2.0 code flow. Still wondering if I should factor the definition out. <- Makes it easier to read.
- OpenID Connect – Part 2: Authentication Implicit
- Based on the Core, it adds id_token, token id_token, and code token id_token response types.
- OpenID Connect – Part 3: Claims Framework
- Adds capability to ask and receive the claims.
- OpenID Connect – Part 4: JSON Based Request
- Adds capability to make request through JSON.
- OpenID Connect – Part 5: Self-issued Provider
- Adds self-issued provider capability
- OpenID Connect – Part 6: String operations and Security & Privacy Consideration
- Bucket for other common stuff. Does not compile yet.
And here is the monolithic concatenated version.
I clearly like the partitioned version. You can just read what you want, and the order of the docs are clear. But, YMMV.
NB: These specs are not going to be touched by this reorganization.
- OpenID Connect – Part 7: Discovery
- OpenID Connect – Part 8: Dynamic Registration
- OpenID Connect – Part 9: Session Management
I will keep updating them for sometime, but in the mean time, your comments are welcome.
Has anyone put together a simple user experience flow for openID connect? I realize that might be a silly question as it is an API but it would be useful to understand some ‘explain it like I’m 5’ type of points:
* How do I get my account/ID? (google? yahoo? other?)
* What products will use OpenID connect? (web service? device?)
* How will I setup that service/device to use OpenID connect?
* What does this allow me to do that login/password does not?
I’ve talked to so many people that have no idea what OpenID connect is and even the ‘OpenID in a nutshell’ post goes into quick implementation details. I’m thinking of a TechCrunch type couple of paragraphs that motivates what it can do and why it is awesome.
Does that exist?