OpenID Connect in a nutshell

When you read the OpenID Connect Specifications, you might feel a little bit intimidated. That’s because they are written in “spec language” and they deal with corner cases, etc.  Yet when you translate them into normal English and just concentrate on a “simple case”, it becomes quite simple. So, here we go! (OK, much of the text is the same […]

OpenID ABConnect

In an effort to unify Artifact Binding (AB) and Connect (C), Breno (Google), John (Protiviti), and I did a bit of work at iiw and converged to the following split of the specs. So, the structure of the spec will be as follows. ( [A] and [C] indicates Artifact Binding WG work item and Connect […]

JSON Signature and Encryption Spec.

At IIW 2010B, we had a major advancement in the JSON Signature and Encryption Spec. Microsoft, Google, Facebook and me and John Bradley basically converged to a spec. The details has been posted to OpenID Artifact Binding WG list (archive -> ). – JSON Token Spec Results at IIW on Tuesday: – JSON Token […]

Is expressing Levels enough for LoA2+?

LoA stands for Level of Assurance. Most popular reference to this idea may be OMB M04-04 and NIST SP800-63. Essentially, it classifies the identities into four categories from Level 1 to Level 4, where Level 4 stands for higher assurance. For internet commerce, generally, Level 2 or so is required. This can be applied to […]