February 26 this year marks the 5th birthday of OpenID Connect.
In Tokyo, we had a celebration workshop + party.
Last 5 years
In the last 5 years, a lot has happened.
Besides the great adoption, such little thing like Signed Request Object (Ch.6 of OIDC Core) that many people said “too complex, and no one will ever use” and the detached signature on the authorization response (3.3.2 of OIDC Core) got adopted in the last year or two by the higher security requiring verticals such as banking made me happy. It just paid off to insist that they should be in the Core spec.
Next 5 years
What I would expect as the next step are the claims model (Ch.5) and Self-issued OP (Ch.7). Both are starting to attract attention from various parties and have the potential to take off in the next three to five years.
For example, claims model would be immensely useful for something like eKYC. European Commission started a study on eKYC framework and the model seems to be a perfect fit.
Let us see what happens by the time OpenID Connect becomes 10 years old.