So it seems there is a little bit of confusion around what needs to be returned from which endpoint among the readers of OpenID Connect specification. It actually is pretty clear if you understand what OAuth 2.0 response_type parameter is, …

When you read the OpenID Connect Specifications, you might feel a little bit intimidated. That’s because they are written in “spec language” and they deal with corner cases, etc.  Yet when you translate them into normal English and just concentrate on a “simple case”, it …

So, BrowserID is buzzing. In general, browser helping user to secure their login is a good thing. But, I have bunch of problem with the current state of BrowserID. I feel like it has gone back to the era of …

In an effort to unify Artifact Binding (AB) and Connect (C), Breno (Google), John (Protiviti), and I did a bit of work at iiw and converged to the following split of the specs. So, the structure of the spec will …

At IIW 2010B, we had a major advancement in the JSON Signature and Encryption Spec. Microsoft, Google, Facebook and me and John Bradley basically converged to a spec. The details has been posted to OpenID Artifact Binding WG list (archive …

On October 28, 2010, hootsuite launched a new capability: hootsuite is now an OpenID RP. (See this announcement: Just Hatched ~ Connect to HootSuite with OpenID Providers ) Well, it is a week old “news” but I just noticed it …

The call for nominations for the 2011 IDDY (IDentity Deployment of the Year) Awards is now open! Kantara Initiative is excited to continue this awards program for the fifth year. We encourage you to refer partners and organizations that could be good candidates …

Yet another OpenID provider is going under. On Sept. 30 when Six Apart officially shuts down VOX, a blogging site and an OpenID provider. I have been dealing with this issue for many years, and have been blogging, speaking etc. …

LoA stands for Level of Assurance. Most popular reference to this idea may be OMB M04-04 and NIST SP800-63. Essentially, it classifies the identities into four categories from Level 1 to Level 4, where Level 4 stands for higher assurance. …

Japanese government went live with OpenID Artifact Binding (AB) draft07. It uses usual OpenID 2.0 to connect to major OpenID providers and uses AB to connect among government agencies. https://openlabs.go.jp/