By Katie Keenan | Posted on August 12, 2011
Janrain is committed to making identity management on the web easier and facilitating interactions among all participants. We believe that such a goal can only be achieved by keeping the web open and are thrilled to see the OpenID suite of protocols evolving, with its latest version – OpenID Connect – approaching its final stages.
The first versions of OpenID (1.x and 2.0 Authentication, Attribute Exchange etc.) represented the first attempts at creating an open, decentralized identity layer for the Internet. Janrain helped lay out this foundation and was involved at every level – drafting specifications, providing open-source libraries, full-featured implementations and finally helping web sites engage their users in a more effective way.
The recent history has shown a clear evolution in the online identity space and some shortcomings of the first OpenID protocol suite have been unveiled. People prefer to identify themselves with email addresses rather than URLs, the entire user experience matters a lot, and most parties prefer to access user owned content and profile data through authorization obtained via an OAuth-based flow.
At the protocol level, OpenID 2.0’s key-value authentication and verification messages are replaced in OpenID Connect with a profiled and enhanced OAuth 2.0 flow that revolves around an ID token. This acts as an OAuth access token that can be exchanged at the OpenID Provider for basic authentication data (the user identifier).
Alternately, if an enhanced OpenID Request Object was also sent along with the OAuth authorization request, the ID token will represent a grant given to the Relying Party (the website) to access the user identifier and additional profile data (represented as claims) for which the user approved access. The enhanced messages take the format of JSON and JWT (JSON Web Token).
As these features are taking shape in OpenID Connect, we’re looking forward to supporting them in our products.Janrain Engage will naturally evolve to support identity providers that implement the new OpenID Connect protocol, and Janrain Capture will incorporate the new authorization-based management of user profile data. Similarly, our Janrain Identity Service solution will allow organizations to transform their user databases into identity providers speaking OpenID Connect, along with the legacy protocols.
OpenID-Connect represents a much needed evolution of the previous OpenID protocols. Janrain is once again supporting the specification and implementation efforts.
How to tell if your identity management is ready for the new data protection regulations…
We just released the latest member of the Janrain product family: Janrain Advanced Policy Manager…
Janrain Information Security Manager, Lisa Nicholson, shares her thoughts on why CSA Level 2 and…