[OpenID] openid connect as metadata management (windows)
2013-10-18 20:49:45 GMT
I have to admit I deliberately avoided the oauth movement - when it was about putting apps on devices, controlled by app stores. This was far too much about app stores and flogging dollar apps to teenagers.
I have to admit I deliberately avoided the oauth movement - when it was about having native app code get tokens to consume API, limited to a given users' entity scope. This was interesting, but too immature - since oauth control processes used by vendor A's API didn't work with vendor B's API. Far too much like the IM wars between yahoo, AOL, Google, etc
I totally get - however - the "novelty" of Microsoft's application of oauth2 (and "openid connect"?) for automating the process of adding an RP site to an IDPs relying party list (known as adding an "SP-connection" in pingfederate land, or a "relying-party trust" in Windows ADFS land). This seems to be a leap forward, in the TRADITIONAL world of websso. It automates some of the tedious federation-metadata processes, typically done offline by admins. And it does so in a manner that is ALSO about device control - giving the "controlling IDP" some power over the devices ultimately used by user of the RP app/webapp, ... logically to remotely wipe them...whenever the IDP want (or some govt issues a secret order).
Ok. I get it.
Federation metadata automation, and control projection - layered on top of private(*) trust graph formation.
(*) private as in not-public. "community of interest", in other words.
_______________________________________________ general mailing list general <at> lists.openid.net http://lists.openid.net/mailman/listinfo/openid-general