Archive for the 'Events' Category

April 30, 2015
Perspectives on the OpenID Connect Certification Launch

OpenID Certified logoMany of you were involved in the launch of the OpenID Foundation’s certification program for OpenID Connect Implementations. I believe that OpenID Certification is an important milestone on the road to widely-available interoperable digital identity. It increases the likelihood that OpenID Connect implementations by different parties will “just work” together.

A fair question is “why do we need certification when we already have interop testing?”. Indeed, as many of you know, I was highly involved in organizing five rounds of interop testing for OpenID Connect implementations while the specs were being developed. By all measures, these interop tests were highly effective, with participation by 20 different implementations, 195 members of the interop testing list, and over 1000 messages exchanged among interop participants. Importantly, things learned during interop testing were fed back into the specs, making them simpler, easier to understand, and better aligned with what developers actually need for their use cases. After improving the specs based on the interop, we’d iterate and hold another interop round. Why not stop there?

As I see it, certification adds to the value already provided by interop testing by establishing a set of minimum criteria that certified implementations have been demonstrated meet. In an interop test, by design, you can test the parts of the specs that you want and ignore the rest. Whereas certification raises the bar by defining a set of conformance profiles that certified implementations have been demonstrated to meet. That provides value to implementers by providing assurances that if their code sticks to using features covered by the conformance tests and uses certified implementations, their implementations will seamlessly work together.

The OpenID Foundation opted for self-certification, in which the party seeking certification does the testing, rather than third-party certification, in which a third party is paid to test the submitter’s implementation. Self-certification is simpler, quicker, and less expensive than third-party certification. Yet the results are nonetheless trustworthy, both because the testing logs are made available for public scrutiny as part of the certification application, and because the organization puts its reputation on the line by making a public declaration that its implementation conforms to the profile being certified to.

A successful certification program doesn’t just happen. At least a man-year of work went into creating the conformance profiles, designing and implementing the conformance testing software, testing and refining the tests, testing implementations and fixing bugs found, creating the legal framework enabling self-certification, and putting it all in place. The OpenID Connect Working Group conceived of a vision for a simple but comprehensive self-certification program, created six detailed conformance profiles based on the requirements in the specs, and quickly addressed issues as participants had questions and identified problems during early conformance testing. Roland Hedberg did heroes’ work creating the conformance testing software and responding quickly as issues were found. Don Thibeau shared the vision for “keeping simple things simple” and extended that mantra we employed when designing OpenID Connect to the legal and procedural frameworks enabling self-certification. And many thanks to the engineers from Google, ForgeRock, Ping Identity, NRI, PayPal, and Microsoft who rolled up their sleeves and tested both their code and the tests, improving both along the way. You’ve all made a lasting contribution to digital identity!

I think the comment I most appreciated about the certification program was made by Eve Maler, herself a veteran of valuable certification programs past, who said “You made it as simple as possible so every interaction added value”. High praise!

Here’s some additional perspectives on the OpenID Certification launch:

April 11, 2015
10 Years of Digital Identity!

How time flies! In March 2005 I began working on digital identity. This has by far been the most satisfying phase of my career, both because of the great people I’m working with, and because we’re solving real problems together.

An interesting thing about digital identity is that, by definition, it’s not a problem that any one company can solve, no matter how great their technology is. For digital identity to be “solved”, the solution has to be broadly adopted, or else people will continue having different experiences at different sites and applications. Solving digital identity requires ubiquitously adopted identity standards. Part of the fun and the challenge is making that happen.

Microsoft gets this, backs our work together, and understands that when its identity products work well with others that our customers and partners choose to use, we all win. Very cool.

Those who of you who’ve shared the journey with me have experienced lots of highs and lows. Technologies that have been part of the journey have included Information Cards, SAML, OpenID 2.0, OAuth 2.0, JSON Web Tokens (JWTs), JSON Web Signing and Encryption (JOSE), and OpenID Connect. Work has been done in OASIS, the Information Card Foundation, the OpenID Foundation, the Open Identity Exchange (OIX), the Liberty Alliance, the IETF, the W3C, the FIDO Alliance, and especially lots of places where the right people chose to get together, collaborate, and made good things happen – particularly the Internet Identity Workshop.

It’s worth noting that this past week the Internet Identity Workshop held its 20th meeting. They’ve been held like clockwork every spring and fall for the past 10 years, providing an indispensable, irreplaceable venue for identity practitioners to come together and get things done. My past 10 years wouldn’t have been remotely the same without the past 10 years of IIW. My sincerest thanks to Phil, Doc, and Kaliya for making it happen!

I won’t try to name all the great people I’ve worked with and am working with because no matter how many I list, I’d be leaving more out. You know who you are!

While we’re all busy solving problems together and we know there’s so much more to do, it’s occasionally good to step back and reflect upon the value of the journey. As Don Thibeau recently observed when thanking Phil Windley for 10 years of IIW, “these are the good old days”.

April 6, 2015
OpenID Connect working group presentation at April 6, 2015 OpenID workshop

OpenID logoI’ve posted the OpenID Connect working group presentation that I gave at the April 6, 2015 OpenID Workshop. It covers the current specification approval votes for the OpenID 2.0 to OpenID Connect Migration and OAuth 2.0 Form Post Response Mode specifications, the status of the session management/logout specifications, and OpenID Connect Certification. It’s available as PowerPoint and PDF.

August 14, 2014
The Increasing Importance of Proof-of-Possession to the Web

W3C  logoMy submission to the W3C Workshop on Authentication, Hardware Tokens and Beyond was accepted for presentation. I’ll be discussing The Increasing Importance of Proof-of-Possession to the Web. The abstract of my position paper is:

A number of different initiatives and organizations are now defining new ways to use proof-of-possession in several kinds of Web protocols. These range from cookies that can’t be stolen and reused, identity assertions only usable by a particular party, password-less login, to proof of eligibility to participate. While each of these developments is important in isolation, the pattern of all of them concurrently emerging now demonstrates the increasing importance of proof-of-possession to the Web.

It should be a quick and hopefully worthwhile read. I’m looking forward to discussing it with many of you at the workshop!

May 14, 2014
JWT and JOSE have won a Special European Identity Award

IETF logoToday the JSON Web Token (JWT) and JSON Object Signing and Encryption (JOSE) specifications were granted a Special European Identity Award for Best Innovation for Security in the API Economy. I was honored to accept the award, along with Nat Sakimura and John Bradley, on behalf of the contributors to and implementers of these specifications at the European Identity and Cloud Conference.

It’s great to see this recognition for the impact that these specs are having by making it easy to use simple JSON-based security tokens and other Web-friendly cryptographically protected data structures. Special thanks are due to all of you have built and deployed implementations and provided feedback on the specs throughout their development; they significantly benefitted from your active involvement!

These specifications are:

The authors are:

Dirk Balfanz, Yaron Goland, John Panzer, and Eric Rescorla also deserve thanks for their significant contributions to creating these specifications.

EIC 2014 Award Mike Jones EIC 2014 Award Certificate EIC 2014 Award Nat Sakimura, Mike Jones, John Bradley

July 28, 2013
OpenID Connect Presentation at IETF 87

OpenID logoI’ve posted the OpenID Connect presentation that I gave at the OpenID Workshop at IETF 87. Besides giving an overview of the specification status, unsurprisingly given the setting at IETF 87, it also talks about the relationship between OpenID Connect and the IETF specifications that it depends upon. It’s available as PowerPoint and PDF.

July 8, 2013
OpenID Connect Update Presentation at CIS 2013

OpenID logoI’ve posted the OpenID Connect Update presentation that I gave today during the OpenID Workshop at the Cloud Identity Summit 2013. I’ve trimmed down the presentation to be lighter on the “how” and focus more on the “what” and “why”, relative to the one I gave at EIC in May. It’s available in PowerPoint and PDF formats.

May 15, 2013
OAuth 2.0 has won the 2013 European Identity Award

OAuth logoI’m pleased to report that OAuth 2.0 has won the 2013 European Identity Award for Best Innovation/New Standard. I was honored to accept the award from Kuppinger Cole at the 2013 European Identity and Cloud Conference on behalf of all who contributed to creating the OAuth 2.0 standards [RFC 6749, RFC 6750] and who are building solutions with them.

EIC 2013 Award Mike Jones EIC 2013 Award Chuck Mortimore, Mike Jones, John Bradley EIC 2013 Award Presentation EIC 2013 Award Acceptance

May 14, 2013
OpenID Connect Update Presentation

OpenID logoI’ve posted the OpenID Connect Update presentation that I gave today during the OpenID Workshop at the European Identity and Cloud Conference. It’s available in PowerPoint and PDF formats.

May 4, 2013
Fourth Release Candidates for OpenID Connect Implementer’s Drafts

OpenID logoA fourth set of release candidates for the upcoming OpenID Connect Implementer’s Drafts has been released. Changes since the third release candidates mostly consist of editorial improvements. There were only two changes that will result in changes to implementations. The first was replacing the “updated_time” claim, which used a textual date format, with the “updated_at” claim, which uses the same numeric representation as the other OpenID Connect date/time claims. The second was replacing the “PKIX” JWK key type with the “x5c” JWK key member (a change actually made this week by the JOSE working group).

These are ready for discussion at Monday’s in-person OpenID Connect working group meeting. All issues filed have been addressed.

The updated specifications are:

These specifications did not change:

Thanks to all who continued reviewing and implementing the specifications, resulting in the improvements contained in this release. I’ll look forward to seeing many of you on Monday!

March 15, 2013
The Emerging JSON/REST-Based Identity Protocol Suite

IETF logo Last week at the Japan Identity and Cloud Symposium I gave a presentation on this topic: A new set of simple, open identity protocols is emerging that utilize JSON data representations and REST-based communication patterns, including OAuth, JSON Web Token (JWT), JSON Object Signing and Encryption (JOSE), and WebFinger. I’ve posted PowerPoint and PDF versions of the presentation.

Thanks again to the organizers of JICS 2013 for a great event!

October 28, 2012
Platform Support for JWA Crypto Algorithms

IETF logoIn preparation for discussions at the JOSE working group meeting at IETF 84 in Vancouver, BC, I did some investigation into the state of support for the JWA algorithms in common Web development platforms. This table contains the data gathered. It was also discussed at the July 2012 W3C WebCrypto F2F Meeting. I’m posting it now because I’d recently received a request for it and because it may be useful at the upcoming WebCrypto meeting at TPAC in Lyon and at IETF 85 in Atlanta.

Thanks to Roland Hedberg, Axel Nennker, Emmanuel Raviart, Nov Matake, Justin Richer, Edmund Jay, Wan-Teh Chang, Christopher Kula, and Ryan Sleevi for the data they provided. If you have more data that I should add, or believe that there are additional columns or rows we should track, please let me know.

April 18, 2012
OpenID Connect has won the 2012 European Identity Award

OpenID logoI’m thrilled to report that OpenID Connect has won the 2012 European Identity Award for Best Innovation/New Standard. I appreciate the recognition of what we’ve achieved to date with OpenID Connect and its potential to significantly change digital identity for the better. As Dave Kearns wrote in the OpenID Foundation announcement about the award:

I’m pleased that Kuppinger Cole has granted OpenID Connect the award for Best Innovation/New Standard this year. What’s most impressive is that this elegantly simple design resulted from the cooperation of such a diverse global set of contributors. I expect OpenID Connect to have a substantial positive impact on usable, secure identity solutions both for traditional computing platforms and mobile devices. My congratulations to the OpenID Foundation!

My thanks to all who have contributed to the OpenID Connect specifications to date and especially to the developers who have implemented draft versions, providing essential feedback needed to refine the specs on the road to final standards. I look forward to seeing what people will accomplish with OpenID Connect!

February 17, 2012
OpenID Connect Interop in Progress

OSIS logoOpenID logoThe Third OpenID Connect Interop is currently under way – this time based upon approved Implementer’s Drafts. Currently 7 implementations are being tested, with I believe more to be added. The interop is designed to enable people to test the implementations they’ve built against other implementations and verify that specific features that they’ve built are working correctly. This has several benefits: it helps debug implementations, it helps debug the specifications, and it results in greater interoperability among OpenID Connect implementations.

As background, like the other OSIS interops, the OpenID Connect interop is an opportunity for implementers to try their code against one another’s in a systematic way. It is not a conformance test; participants do not “pass” or “fail”. There is no requirement that you must support particular features to participate or that you must participate in all aspects of the interop.

If you’d like to participate in the interop, join the OpenID Connect Interop mailing list and send us a note there saying who your interop contact person will be, the name of your organization (can be an individual), the name of your implementation (can be your name), and a list of the online testing endpoints for your implementation. Testing is performed online on your schedule, with results recorded on the interop wiki. That being said, an in-person meeting of interop participants will also be held on Friday, March 2 in San Francisco (the week of RSA) for those who are able to attend.

April 28, 2011
The Emerging JSON-Based Identity Protocol Suite

W3C  logoMy submission to the W3C Workshop on Identity in the Browser discusses The Emerging JSON-Based Identity Protocol Suite. The abstract is:

A new set of open identity protocols is emerging that utilizes JSON data representations and simple REST-based communication patterns. These protocols and data formats are intentionally designed to be easy to use in browsers and modern web development environments.

I hope you’ll find it worthwhile reading. I’m looking forward to discussing it with many of you at the workshop!

March 18, 2011
Join me at the Internet Identity Workshop

IIW Banner

Come be part of moving Internet identity forward! The early bird discount is available through Friday, March 25th. And as always, Microsoft will be sponsoring a workshop dinner. See you at IIW!

May 6, 2010
2010 OpenID Summit EU

OpenID logoA European OpenID summit will be held in London on Tuesday, June 8th at the Microsoft Offices at Cardinal Place, 100 Victoria Street, London SW1E 5JL, UK. This is the same location as the European e-Identity Management Conference, which follows it June 9th and 10th. Topics are expected to include: use cases, issues and problems encountered, solutions proposed, the OpenID v.Next effort, and EU trust profile topics.

Register at If you’re interested in presenting, please include your proposed topic in your registration.

This summit builds upon the recent 2010 OpenID User Experience (UX) Summit and the 2010 OpenID Technology Summit West. I’m looking forward to seeing many of you there!

January 28, 2010
I’m registered for the Internet Identity Workshop

IIW10 Banner

Are you? It’s where Internet identity work gets done. The super-early bird discount is still available through February 1st. (And yes, Microsoft is buying dinner again.) See you at IIW!

November 18, 2009
OpenID v.Next Goals

OpenID logoThe OpenID v.Next session at IIW run by David Recordon and Dick Hardt reached some important conclusions about the future of OpenID. The motivation for the v.Next discussion was the sense that we’ve learned enough since the OpenID 2.0 specification was finalized that it’s time to revise the spec to incorporate what we’ve learned. This session attempted to reach a consensus on the priorities for the next version of OpenID, with a large number of the important players participating. I haven’t seen the decisions made published elsewhere, so I’m recording them here.

David organized the session around a stated goal of producing an evolved OpenID specification within the next six months. The consensus goals reached were as follows. The numbers represent the number of participants who said that they would work on that feature in the next six months.

  • Integrating the UX extension (in which the user interacts with the OP in a pop-up window) into the core specification: 12
  • Evolving the discovery specification for OpenID, including adding OpenIDs using e-mail address syntax: 10
  • Integrating attributes (claims) into the core specification: 9
  • Integrating the OAuth Hybrid specification into the core specification: 8
  • Supporting an optional active client (identity selector) and non-browser applications: 8
  • Improve security, including investigating enabling use at levels of assurance above NIST level 1: 8
  • Better support for mobile devices: 8
  • Addressing the problem of long URLs (where browsers limit URL length to 2048 or sometimes 256 characters): 6

And in case it isn’t obvious from reading the above, there was also an explicit consensus in the room that OpenID v.Next would not be backwards compatible with OpenID 2.0. (It will be related to, but not compatible with OpenID 2.0, analogously to how SAML 2.0 is related to, but not compatible with SAML 1.1.) I believe we have interesting and exciting times ahead!

Thanks to Hannes Tschofenig for publishing photos of the whiteboard and some of the votes.

November 16, 2009
An Experimental Identity Selector for OpenID

OpenID logoThe OpenID community has been talking about the value that an optional active client could bring to OpenID for well over a year. To concretely explore this possibility, as many of you know by now, a team at Microsoft built a prototype multi-protocol identity selector supporting OpenID, starting with CardSpace 2, which I and others demonstrated at the OpenID Summit and the Internet Identity Workshop. We did this to stimulate discussion and engage the community about the value of adding active client support to OpenID. And I’ll say up front that enormous thanks go to Joseph Smarr at Plaxo, the team at JanRain, and Andrew Arnott for building demonstration relying parties that worked with the prototype, which made the demonstrations possible.

While you may have read about it on Kim’s blog and many of you were there in person, I wanted to capture screen shots from the demos to make them available, so those who weren’t there can join the discussion as well. Plus, I’ve posted the presentation that accompanied the demos, rather than reproducing that content here. Now, on to the demo, which closely follows the one actually given at the Summit…


Using a selector for the first time

I start by demonstrating the user experience for a first-time selector user at a a selector-enabled OpenID relying party.


Plaxo signin
The first screen shot shows a standard Plaxo login screen, but augmented behind the covers to enable it to pass its OpenID authentication request parameters to an active client, if present. I will click on the “Sign in with OpenID” button on the Plaxo signin page, invoking the selector.

In the prototype, selector-enabled relying parties use a variant of the Information Card object tag to communicate their request parameters to the selector. The object tag parameters used on Plaxo’s RP page are:
<object type="application/x-informationCard" id=infoCardObjectTag>
<param name=protocol value=""/>
<param name=tokenType value=""/>
<param name=issuer value=""/>
<param name=issuerExclusive value=false/>
<param name=OpenIDAuthParameters value=


Plaxo empty selector
Here I’ve clicked on the “Sign in with OpenID” button, invoking the selector. (The “Google” and “Yahoo” buttons would have invoked the selector too.) This shows the first-time selector user experience, where it isn’t yet remembering any OpenIDs for me. The three OPs suggested by Plaxo – Google, Yahoo, and MyOpenID, are shown, as well as the option to type in a different OpenID. I click on the Yahoo suggestion.


Plaxo Yahoo first time
Clicking on Plaxo’s Yahoo suggestion resulted in a Yahoo OpenID card being made available for use. Note that, by default, the selector will remember this card for me. (Those of you who know OpenID well are probably thinking “Where did the selector get the Yahoo logo and friendly name string”? For this prototype, they are baked into the selector. Longer term, the right way is for the selector to retrieve these from the OP’s discovery document. The OpenID UX working group is considering defining discovery syntax for doing just that.)

Once I’ve clicked “OK” to select the identity to use, the selector (not the RP) redirects the browser to the OP – in this case, to the Yahoo login page. The selector’s work is done at this point. The remainder of the protocol flow is standard OpenID 2.0.


Yahoo Plaxo signin
This is the standard Yahoo OpenID signin page, which the selector redirected the browser to after I choose to use the suggested Yahoo OpenID. I sign into Yahoo.


Yahoo Plaxo permission
The signin page is followed by the standard Yahoo permissions page. I click “Agree”.


Plaxo signed in
After logging with Yahoo, I’m redirected back to Plaxo. Because I’d previously associated my Yahoo OpenID with my Plaxo account, I’m now logged into Plaxo. My status “Michael is demonstrating an OpenID selector at the OpenID Summit”, which I updated live during the demo at the OpenID Summit, is shown.


Selector defaults to the OpenID last used at the site

At this point in the demo, I’ve signed out of Plaxo and returned to the selector-enabled sign-in page. After clicking “Sign in with OpenID” again, the selector reappears.

Plaxo Yahoo second time
This time, the selector has remembered the OpenID I last used at the site and tells me when I last used it there. (This is one of the ways that a selector can help protect people from phishing.) By default, the OpenID last used at a relying party is automatically selected – in this case, Yahoo. I click “OK” to select it, with the rest of the flow again being the standard OpenID 2.0 flow.


Experience at a new RP plus a trusted OP experience

Interscope homepage
JanRain selector-enabled several production sites, including,, and, which use JanRain’s hosted RPX service. This could be done with no impact on users without a selector by using JavaScript to detect whether a selector is present or not, and customizing the page accordingly. The page above is the production Interscope Records page. I click the OpenID button on the right under the “Join The Community” banner.


Interscope signon
The OpenID button invokes the RPX “NASCAR” experience. (Arguably, this page could be omitted from the experience if a selector is detected.) I click the OpenID button on the “NASCAR” page.


Interscope Yahoo never used here
The selector is invoked by Interscope (really, by RPX) to let me choose an OpenID. My Yahoo OpenID is shown and the “Never used here” tells me that I haven’t used it at this site before. I could choose it by clicking OK or hitting Enter. Instead, I click the “Other OpenIDs” button to explore other options.


Interscope other OpenIDs
The “Other OpenIDs” tile shows me the OpenID providers suggested by Interscope – in this case, Flickr, Yahoo, and Google. I click on the Google suggestion.


Interscope Google first time
The selector has created a Google OpenID card for me to use. It is marked “Verified” because it (like Yahoo) was on a whitelist in the selector and considered “safe” to use. Of course, in production use, such a whitelist would have to be maintained by a neutral third party or parties and dynamically updated. In the prototype, we hard-coded a few common providers so we could show a user experience that relies on a whitelist of OPs, to start the discussion about that possibility. I hit Enter to use the new Google card at Interscope.


Google UniversalMusic signin
Once I chose to use my Google card, the selector redirected me to Google’s signin page, with the actual RP for Interscope being I sign into Google.


Google UniversalMusic permission
Following signin, Google asks me permission to release information to I allow it.


Interscope registration
I’m redirected back to Interscope, which asked me to complete a sign-up process by supplying more information via a web form.


Selector remembering which OpenID’s you’ve used where

Interscope Google second time
When visiting Interscope again after having signed out, signing in with OpenID shows me that I last used my Google OpenID here. For that reason, it’s selected as the default. I can also see that I haven’t used my Yahoo OpenID here.


Trusted versus untrusted OpenIDs

test-id signin
Andrew Arnott created the first selector-enabled relying party site for us, which is shown above. I click “Log in using your OpenID Selector”.


test-id Google never used here
Now I have both Yahoo and Google cards, but neither have been used at I notice that I can get more details about my cards, and click “More details” on the Google card.


test-id Google more details
“More details” tells me where and when I used the card (, the discovered OpenID endpoint, and that this OpenID was on the selector’s whitelist. I could now use either of these OpenIDs, but I select “Other OpenIDs” instead.


test-id other OpenIDs
The “Other OpenIDs” panel shows me OPs suggested by the site, as well as a dialog box to enter another OpenID. I decide to enter my blog URL, which is also an OpenID.


test-id self-issued being entered
Here I’m entering my blog URL into the selector. I then click Verify or OK to have the selector perform discovery on the OpenID to add it as one of my choices.


test-id self-issued not verified
Discovery has succeeded, but the OP my blog is delegated to,, is not on the selector’s whitelist. Because it’s not, a warning shield is shown, rather than the OP logo. I’ll also have to make an explicit decision to trust this OpenID provider before the selector will let me use it. The same would have happened if I chose an OP suggested by the RP if the OP was not on the whitelist. This is another aspect of the selector’s phishing protection. I check the “Continue, I trust this provider” box.


test-id self-issued trusted
After checking the “Continue, I trust this provider” box, the warning shield is replaced by either the OP logo, if it can be discovered, or a generic OpenID logo, as in this case. I click OK to use this OpenID.


signon test-id signin
The selector follows my delegation link from and redirects me to (Ping, are you going to fix the UX issue above someday?) I sign into


test-id signed in
Having signed into my OpenID at, I’m redirected back to the test site, which received an authentication response from the OP. I click “Reset test” to sign out, in preparation for another test.


More details

test-id self-issued second time
Upon a second visit to, the selector has remembered that I last used the OpenID, which is actually delegated to I click “More details” to learn more about this OpenID.


test-id self-issued more details
“More details” tells me where and when I last used the OpenID and that the OpenID has been verified. But unlike my Google OpenID, which was verified via the whitelist, I told the selector to trust this OpenID myself.


Delegation to a trusted OP

test-id davidrecordon being entered
At the OpenID Summit, people wanted to see the untrusted user experience again, so I entered an OpenID that I was sure wasn’t on our built-in whitelist – However, verifying the OpenID actually brought me and those in attendance a surprise…


test-id davidrecordon verified
Because is delegated to, which is on the whitelist, it turns out that the prototype considered to be trusted as well. Upon reflection, this is probably the right behavior, but I’d never seen it until giving the demo live. (Great job, Oren!) I tried next and got the same result. Finally Will Norris helped me out by saying that isn’t delegated, so we got to see the untrusted user experience again.



I’d like to thank Chuck Reeves and Oren Melzer for quickly building a killer prototype and to thank Ariel Gordon and Arun Nanda for helping design it, as well as others, both from Microsoft and other companies, who provided feedback that helped us fine-tune it as we built it. See the presentation for a much more comprehensive list of thank-yous.

I’ll close by saying that in the OpenID v.Next planning meeting at IIW, there was an unopposed consensus that optional active client support should be included as a feature of v.Next. Hopefully our demo, as well as those by others, including Markus Sabadello of Higgins, helped the community decide that this is a good idea by enabling people to concretely experience the benefits that an active client can bring to OpenID. If so, I’d call the experiment a success!

Next »