Archive for the 'Events' Category

July 7, 2020
Identiverse 2020 Talk: Enabling Scalable Multi-lateral Federations with OpenID Connect

OpenID logoMy Identiverse 2020 talk Enabling Scalable Multi-lateral Federations with OpenID Connect was just broadcast and is available for viewing. The talk abstract is:

Numerous large-scale multi-lateral identity federations are in production use today, primarily in the Research and Education sector. These include national federations, such as SWAMID in Sweden and InCommon in the US, some with thousands of sites, and inter-federations among dozens of federations, such as eduGAIN. Yet these existing federations are based on SAML 2 and require the federation operator to poll the participants for their metadata, concatenating it into a huge file that is distributed to all federation participants nightly – a brittle process with significant scalability problems.

Responding to demand from the Research and Education community to migrate from SAML 2 to the simpler OpenID Connect protocol, the OpenID Connect working group has created the OpenID Connect Federation specification to enable this. The new approach incorporates lessons learned from existing SAML 2 federations – especially using a new, scalable approach to federation metadata, in which organizations host their own signed metadata and federation operators in turn sign statements about the organizations that are participants in the federation. As Shibboleth author Scott Cantor publicly said at a federation conference, “Given all my experience, if I were to redo the metadata handling today, I would do it along the lines in the OpenID Connect Federation specification”.

This presentation will describe progress implementing and deploying OpenID Connect Federation, upcoming interop events and results, and next steps to complete the specification and foster production deployments. The resulting feedback from Identiverse participants on the approach will be highly valuable.

As a late-breaking addition, data from the June 2020 Federation interop event organized by Roland Hedberg was included in the presentation.

You can also view the presentation slides as PowerPoint or PDF.

May 21, 2020
Successful OpenID Foundation Virtual Workshop

OpenID logoI was pleased by the quality of the discussions and participation at the first OpenID Foundation Virtual Workshop. There were over 50 participants, with useful conversations happening both on the audio channel and in the chat. Topics included current work in the working groups, such as eKYC-IDA, FAPI, MODRNA, FastFed, Shared Signals and Events, and OpenID Connect), OpenID Certification, and a discussion on interactions between browser privacy developments and federated login. Thanks to all who participated!

Here’s my presentation on the OpenID Connect working group and OpenID Certification: (PowerPoint) (PDF).

Update: The presentations from the workshop are available at OIDF Virtual Workshop – May 21, 2020.

April 28, 2020
OpenID Presentation at IIW XXX

OpenID logoI gave the following invited “101” session presentation at the 30th Internet Identity Workshop (IIW) on Tuesday, April 28, 2020:

I missed being able to gauge audience reactions by looking around the room but the virtualized session was still well attended by a good group of people, who let me know how OpenID Connect is relevant to what they’re doing.

February 18, 2020
OpenID Connect Federation Keynote at January 2020 OpenID Japan Summit

OpenID logoI gave this keynote presentation at the January 2020 OpenID Japan Summit: Enabling Large-Scale Multi-Party Federations with OpenID Connect. View it in PowerPoint or PDF.

Thanks to Roland Hedberg for collaborating on the presentation with me and for being primary author of the OpenID Connect Federation specification.

And as a preview of coming attractions, I’ll also be presenting on OpenID Connect Federation at Identiverse in June 2020.

October 21, 2019
OpenID Connect Federation draft 09 ready for your review

OpenID logoDraft 09 of the OpenID Connect Federation specification has been published at https://openid.net/specs/openid-connect-federation-1_0-09.html. This version of the specification benefitted from in-person review by experts at IIW. Major changes were:

  • Separated entity configuration discovery from operations provided by the federation API.
  • Defined new authentication error codes.

The authors believe that this version should become the second Implementer’s Draft, in preparation for interop testing in the coming year. Please review!

October 10, 2019
Using OpenID Connect Self-Issued to Achieve DID Auth

OpenID logoMy co-authors and I recently competed the paper Using OpenID Connect Self-Issued to Achieve DID Auth, which was created as a result of discussions at the eighth Rebooting the Web of Trust workshop. The paper’s abstract is:

Proving control of a DID requires proving ownership of a private key corresponding to a public key for the DID. Of course, this could be done with a new DID-specific protocol. However, standard protocols for proving ownership of a public/private key pair already exist.

This paper describes how to reuse the Self-Issued OpenID Connect (SIOP) specification and related protocol messages to prove control of a DID. It describes both why and how to do this. Related topics, such as release of claims, are also touched upon.

Several people came to the workshop wanting to explore how to use the OpenID Connect Self-Issued OpenID Provider functionality to prove control of a Decentralized Identifier (DID), including myself. The paper describes the approach being taken by a number of groups using DIDs, including Microsoft. The paper’s publication is timely, as the W3C DID Working Group has just formed to create a DID standard. Microsoft is an active member of the working group.

Special thanks to Dmitri Zagidulin for getting the paper over the finish line!

October 1, 2019
OpenID Presentations at September 2019 OpenID Workshop and IIW

OpenID logoI gave the following presentations at the Monday, September 30, 2019 OpenID Workshop at Verizon Media:

I also gave the following invited “101” session presentation at the Internet Identity Workshop (IIW) on Tuesday, October 1, 2019:

June 25, 2019
OpenID Connect Federation Progress at TNC19

OpenID logoCheck out the post OpenID Connect Federation Progress describing the recent updates that Roland Hedberg and I made to the OpenID Connect Federation 1.0 specification. We used the TNC19 conference – a gathering of federation experts – as a venue to get together to review and refine the specification. Besides getting lots done on the spec, I also really enjoyed the TNC conference and its attendees!

Given that the syntax and semantics should now be stable, it’s my hope that early adopters will start kicking the tires – building implementations and making trial deployments. I can’t wait for the useful feedback that results!

May 22, 2019
W3C WebAuthn and FIDO 2.0 win 2019 European Identity and Cloud Award

EIC logoThe W3C WebAuthn and FIDO 2.0 standards have won the 2019 European Identity and Cloud Award for Best Future Technology / Standard Project at the European Identity and Cloud (EIC) conference. This award recognizes the significance of these recently-approved standards, which enable password-less sign-in with platform authenticators, mobile devices, and security keys. They provide a huge step forward for online security, privacy, and convenience.

Thanks to Kuppinger Cole for recognizing the importance and impact of these important new standards!

EIC 2019 Award EIC 2019 Award Certificate

May 16, 2019
OpenID Presentations at 2019 European Identity and Cloud (EIC) Conference

OpenID logoI gave the following presentations at the May 14, 2019 OpenID Workshop at the 2019 European Identity and Cloud (EIC) conference:

This deck was also prepared but not presented, due to time limitations:

April 30, 2019
OpenID Presentations at April 2019 OpenID Workshop and IIW

OpenID logoI gave the following presentations at the Monday, April 29, 2019 OpenID Workshop at Verizon Media:

I also gave the following invited “101” session presentation at the Internet Identity Workshop (IIW) on Tuesday, April 30, 2019:

October 23, 2018
OpenID Connect Introduction at October 2018 IIW

OpenID logoI gave the following invited “101” session presentation at the Internet Identity Workshop (IIW) on Tuesday, October 23, 2018:

June 24, 2018
OpenID Connect News, Overview, Certification, and Action Items at June 2018 Identiverse Conference

OpenID logoI gave the following presentation during the June 2018 Identiverse Conference:

News included:

Action items included:

May 22, 2018
Deprecating the Password: A Progress Report

EIC logoI gave the well-received presentation “Deprecating the Password: A Progress Report” at the May 2018 European Identity and Cloud Conference (EIC). The presentation is available as PowerPoint (large because of the embedded video) and PDF.

The presentation abstract is:

If you ask almost anyone you meet if they have too many passwords, if they have trouble remembering their passwords, or if they are reusing the same passwords in multiple places, you’re likely to get an ear-full. People intuitively know that there has to be something better than having to have a password for everything they do!

The good news is that passwords are being used for fewer and fewer identity interactions. They are being replaced by biometrics (sign into your phone, your PC, or your bank with your face or fingerprint), local PINs (prove it’s you to your device and it does the rest), and federation (sign in with Facebook, Google, Microsoft, etc.). This presentation will examine the progress we’ve made, the standards and devices making it possible, and stimulate a discussion on what’s left to do to deprecate the password.

Key takeaways are:

    There are good alternatives to passwords in use today.
    Passwords are being used for fewer and fewer identity interactions.
    Devices are increasingly enabling authentication without passwords.
    New standards are enabling cross-platform password-less authentication.
    The days of having to use passwords for everything you do are numbered!

Thanks to Steve Hutchinson for this photo from the presentation and his vote of confidence.
Mike presenting at EIC 2018

Extra: See all the Microsoft presentations at EIC 2018, including videos of Joy Chik’s and Kim Cameron’s keynotes.

May 18, 2018
Ongoing recognition for the impact of OpenID Connect and OpenID Certification

OpenID logoThis week the OpenID Certification program won the 2018 European Identity and Cloud Award for Best Innovation at the European Identity and Cloud (EIC) conference. This is actually the second award for the OpenID Certification program this year and only the latest in a series awards recognizing the value and impact of OpenID Connect and certification of its implementations.

On this occasion, I thought I’d take the opportunity to recount the awards that OpenID Connect, the specifications underlying it, and its certification program have been granted. To date, they are:

My sincere thanks to Kuppinger Cole for their early recognition of potential of OpenID Connect, for calling out the value of OAuth 2.0, JWT, and JOSE, and to both IDnext and Kuppinger Cole for recognizing the importance and global impact of OpenID Certification!

Speaking of impact, I can’t help but end this note with data that Alex Simons presented at EIC this week. 92% of Azure Active Directory (AAD) authentications use OpenID Connect. There’s no better demonstration of impact than widespread deployment. Very cool!

Alex Simons 92% OpenID Connect

May 17, 2018
OpenID Certification wins 2018 European Identity and Cloud Award

OpenID Certified logoThe OpenID Certification program won the 2018 European Identity and Cloud Award for Best Innovation at the European Identity and Cloud (EIC) conference. See the award announcement by the OpenID Foundation for more details. This is actually the second award this year for the OpenID Certification program.

The award recognizes that the OpenID Certification program has become a significant global force promoting high-quality, secure, interoperable OpenID Connect implementations. Its innovative use of self-certification using freely available online tools has made testing the quality of OpenID Connect implementations simple, effective, and commonplace. Thanks to Kuppinger Cole for recognizing the impact of the OpenID Certification program!

EIC 2018 Award EIC 2018 Award Certificate EIC 2018 Award John Bradley, Mike Jones, Nat Sakimura EIC 2018 Award Don Thibeau EIC 2018 Award State EIC 2018 Award Don Thibeau, George Fletcher, Mike Jones, John Bradley, Nat Sakimura

May 16, 2018
OpenID Presentations at May 2018 European Identity and Cloud Conference (EIC)

OpenID logoI gave the following presentations during the OpenID workshop at the May 2018 European Identity and Cloud Conference (EIC):

April 3, 2018
OpenID Presentations at April 2018 OpenID Workshop and IIW

OpenID logoI gave the following presentations at the Monday, April 2, 2018 OpenID Workshop at Oracle:

I also gave the following invited “101” session presentation at the Internet Identity Workshop (IIW) on Tuesday, April 3, 2018:

March 29, 2018
OpenID Certification wins the 2018 Identity Innovation Award

OpenID Certified logoI’m thrilled that the OpenID Certification program has won the 2018 Identity Innovation Award at the IDnext conference. See the award announcement by the OpenID Foundation for more details.

The award recognizes that the OpenID Certification program has become a significant global force promoting high-quality, secure, interoperable OpenID Connect implementations. Its innovative use of self-certification using freely available online tools has made testing the quality of OpenID Connect implementations simple, effective, and commonplace. Thanks to IDnext for recognizing the impact of the OpenID Certification program!

Also, see the IDnext press release announcing the award and its description of the opinion of the award committee:

The significant global impact of the OpenID Certification program was a reason for its selection for the Identity Innovation Award. It recognizes that the innovative use of self-certification, with freely available testing tools, has resulted in substantial participation in the certification program, improving the security, quality, and interoperability of OpenID Connect implementations worldwide.

Identity Innovation Award

Identity Innovation Award Presentation

Finally, here’s the presentation that I gave at the IDnext conference making the case for the award (pptx) (pdf).

March 28, 2018
What Does Logout Mean?

OAuth logoDigital identity systems almost universally support end-users logging into applications and many also support logging out of them. But while login is reasonable well understood, there are many different kinds of semantics for “logout” in different use cases and a wide variety of mechanisms for effecting logouts.

I led a discussion on the topic “What Does Logout Mean?” at the 2018 OAuth Security Workshop in Trento, Italy, which was held the week before IETF 101, to explore this topic. The session was intentionally a highly interactive conversation, gathering information from the experts at the workshop to expand our collective understanding of the topic. Brock Allen – a practicing application security architect (and MVP for ASP.NET/IIS) – significantly contributed to the materials used to seed the discussion. And Nat Sakimura took detailed notes to record what we learned during the discussion.

Feedback on the discussion was uniformly positive. It seemed that all the participants learned things about logout use cases, mechanisms, and limitations that they previously hadn’t previously considered.

Materials related to the session are:

Next »