Explicit Consent – Turning Internet Dog into Pavlov’s Dog

People like me who is working on internet identity space is trying to solve so called “Internet Dog Problem.” You surely must have seen this picture — InternetDog.jpg : On the internet, nobody knows you’re a dog. This is a hard enough problem that we have long been trying to …

Re: Limitations of the OAuth 2.0 definition of “Client”

Thomas Hardjono has a very good blog entry <<Limitations of the OAuth 2.0 definition of “Client”>>. The essence of the entry is that, the definition of “client” in OAuth 2.0 (RFC6749) is too limiting and does not fit with many current use of the specification. Here is the definition: client An …

Hyperlinked OAuth

I just published a new I-D on the hyperlinked oauth that I talked at IETF 85. Since it was pointed out that the “_links” member is actually holding metadata about the response, I named the document accordingly. It is fairly short, only 9 pages long. It is something to be …

OpenID Connect Stripped down to just “Authentication” (aka OAuth Authentication)

So, OpenID Connect provides a lot of advanced facilities to fulfill so many additional feature requested by the member community. It indeed is full of feature that is not Authentication. However, that does not mean that it cannot be used for the simple case of “Just Authentication”. Indeed, it is …