Welcome!

News Feed Item

The OpenID Foundation Launches the OpenID Connect Standard

Providing Increased Security, Usability, and Privacy on the Internet

SAN FRANCISCO, CA, and BARCELONA, SPAIN -- (Marketwired) -- 02/26/14 -- RSA 2014 and Mobile World Congress -- The OpenID Foundation announced today that its membership has ratified the OpenID Connect standard. Organizations and businesses can now use OpenID Connect to develop secure, flexible, and interoperable identity Internet ecosystems so that digital identities can be easily used across websites and applications via any computing or mobile device. OpenID Connect has been implemented worldwide by Internet and mobile companies, including Google, Microsoft, Deutsche Telekom, salesforce.com, Ping Identity, Nomura Research Institute, mobile network operators, and other companies and organizations. It will be built into commercial products and implemented in open-source libraries for global deployment.

"Widely-available secure interoperable digital identity is the key to enabling easy-to-use, high-value cloud-based services for the devices and applications that people use," said Alex Simons, Director of Program Management for Microsoft Active Directory. "OpenID Connect fills the need for a simple yet flexible and secure identity protocol and also lets people leverage their existing OAuth 2.0 investments. Microsoft is proud to be a key contributor to the development of OpenID Connect, and of doing our part to make it simple to deploy and use digital identity across a wide range of use cases."

OpenID Connect is an efficient, straightforward way for applications to outsource the business of signing users in to specialist identity service operators, called Identity Providers (IdPs). Most importantly, applications still manage their relationships with their customers but outsource the expensive, high-risk business of identity verification to those better equipped to professionally manage it.

The Strength of Mobile Identity
Mobile operators are placed ideally to offer identity services with their differentiated assets such as the SIM card, strong registration process, authentication, and fraud detection and mitigation processes. They have the ability to provide sufficient authentication to enable consumers, businesses and governments to interact in a private, trusted and secure environment and enable access to services. The GSMA earlier this week announced the launch of the Mobile Connect service, a collaborative initiative, supported by leading mobile operators, to develop an innovative new service that will allow consumers to securely access a wide array of digital services using their mobile phone account for authentication.

"The GSMA's role is to work with the Mobile Operators to deliver relevant services to their customers; one such area that is growing in importance is the use of the mobile phone for authentication or identification purposes," said Marie Austenaa, Head of Personal Data, GSMA. "In order to achieve global scale and ease of implementation both for Mobile Operators and for the Service Providers, it is important to have a consistent approach and this is what OpenID Connect provides."

"Today is an important milestone in the evolution of online identity; the launch of OpenID Connect provides an open standard enabling global interoperability," said Don Thibeau, Executive Director of the OpenID Foundation. "The strength of the standard is validated by industry competitors cooperating to lead the development and adoption of OpenID Connect. It is further validated by the plans for adoption by the GSMA, which represents over 800 global Mobile Network Operators."

OpenID Connect Makes Online Transactions Easier and More Secure
OpenID Connect is the third generation of OpenID technology. Its predecessors, OpenID 1.1 and OpenID 2.0, were well received and are in production today by many well-known Internet companies worldwide.

"Google is betting big on OpenID Connect because it's simple for developers to understand and makes it easy to federate with identity providers. It also protects users by only sharing account information that users explicitly tell us to," said Eric Sachs, Group Product Manager for Identity. "As of today, Google offers support for OpenID Connect as an identity provider and we are excited to see how this standard will make Internet use easier for users without having to enter passwords."

"Salesforce.com is committed to unlocking new ways for companies to build meaningful relationships with their customers, and that engagement starts with standards-based identity," said Chuck Mortimore, vice president, Identity product management, salesforce.com. "We've built OpenID Connect into the core of the Salesforce1 customer platform, allowing companies to connect the next generation of apps, devices and products -- delivering a unified customer experience through a single identity.

"Today's ratification of OpenID Connect is a big step forward in making business interaction easier and more secure," said Ping Identity CTO Patrick Harding. "Standards are critical to supporting a new era of identity-centric business. OpenID Connect spans Web, API and mobile, making it an especially important protocol in our collective efforts to move identity from application to infrastructure."

The formalization of OpenID Connect as an open global standard allows developers, businesses, governments, accreditors, and other interested parties to build creation and adoption of sector-specific OpenID Connect profiles into 2014 plans and priorities. Next week in London at the GSMA Headquarters, OpenID Foundation Members including Google, Microsoft, Ping Identity and others will meet with counterparts at the GSMA to begin work on ensuring interoperability across global Mobile Network Operators. The OpenID Foundation, the Open Identity Exchange, and the GSMA are collaborating on pilot and discovery projects and in 2014 will begin testing how OpenID Connect implementations can enhance online choice, efficiency, security, and privacy.

Internet identity initiatives like the UK Identity Assurance Program (IDAP) rely on open standards. The UK Cabinet Office has been a global leader in discovering how commercial identity providers and mobile network operators can contribute to the goals of its Digital By Default Strategy. The GSMA, OpenID Foundation, the Open Identity Exchange, and four leading Mobile Network Operators are collaborating on a set of tests in support of the UK IDAP program using open standards.

Why OpenID Connect?
Barely a week goes by without another news story about some Internet-facing organization suffering a damaging data breach, often including passwords, sometimes numbering in the tens of millions. The constant drumbeat of data breaches is damaging organizations' reputations, the Internet as a whole, and in particular, the trust of Internet users worldwide.

OpenID Connect provides a simple, standard way to outsource site and application login to operators who continually invest in sophisticated authentication infrastructure and who have the specialized skills required to securely manage sign-in and detect abuse. That investment is coupled with the increased cost of helping users with lost-account recovery, password changes, and so on. The organizations that contributed to OpenID Connect are leading the way in the development of advanced authentication technologies such as risk-based authentication and multi-factor authentication and deploying them at their OpenID Connect IdPs. This ongoing investment in technology and expertise is increasingly beyond the reach of most application providers. It is not a core competence, and is thus an excellent candidate for outsourcing.

OpenID Connect builds on the foundation of successful open identity and security standards like OAuth 2.0 and TLS (also known as SSL or "https"). As a result, it has the advantage is that it is substantially easier for developers to implement and deploy than other identity protocols, enabling simpler deployments without sacrificing security.

"NRI has been actively involved in developing OpenID Connect as one of the authors. We have deployed an open source implementation of OpenID Connect as a backend technology provider for media companies, mobile operators, credit card and commerce companies," said Nat Sakimura, Senior Researcher of Nomura Research Institute, Ltd.

OpenID Connect was developed by a working group of independent security experts and specialists from several continents at companies including Microsoft, Google, salesforce.com, Ping Identity, AOL, Nomura Research Institute, and Deutsche Telekom and tested for interoperability among over 20 implementations.

About The OpenID Foundation

The OpenID Foundation is an international non-profit organization of individuals and companies committed to enabling, promoting and protecting OpenID technologies. Formed in June 2007, the foundation serves as a public trust organization representing the open community of developers, vendors, and users. The OIDF assists the community by providing needed infrastructure and help in promoting and supporting expanded adoption of OpenID technologies. This entails managing intellectual property and brand marks as well as fostering viral growth and global participation in the proliferation of OpenID.

Add to Digg Bookmark with del.icio.us Add to Newsvine

News Media Contacts:

Jeff Fishburn
OnPR for OpenID Foundation
Email Contact

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

Latest Stories
SYS-CON Events announced today that DivvyCloud will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. DivvyCloud software enables organizations to achieve their cloud computing goals by simplifying and automating security, compliance and cost optimization of public and private cloud infrastructure. Using DivvyCloud, customers can leverage programmatic Bots to identify and remediate common cloud problems in rea...
SYS-CON Events announced today that Tintri, Inc, a leading provider of enterprise cloud infrastructure, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Tintri offers an enterprise cloud platform built with public cloud-like web services and RESTful APIs. Organizations use Tintri all-flash storage with scale-out and automation as a foundation for their own clouds – to build agile development environments...
SYS-CON Events announced today that Progress, a global leader in application development, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Enterprises today are rapidly adopting the cloud, while continuing to retain business-critical/sensitive data inside the firewall. This is creating two separate data silos – one inside the firewall and the other outside the firewall. Cloud ISVs ofte...
SYS-CON Events announced today that Tappest will exhibit MooseFS at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. MooseFS is a breakthrough concept in the storage industry. It allows you to secure stored data with either duplication or erasure coding using any server. The newest – 4.0 version of the software enables users to maintain the redundancy level with even 50% less hard drive space required. The software func...
SYS-CON Events announced today that Interoute has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Interoute is the owner operator of Europe's largest network and a global cloud services platform, which encompasses over 70,000 km of lit fiber, 15 data centers, 17 virtual data centers and 33 colocation centers, with connections to 195 additional partner data centers. Our full-service Unifie...
SYS-CON Events announced today that EARP will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. "We are a software house, so we perfectly understand challenges that other software houses face in their projects. We can augment a team, that will work with the same standards and processes as our partners' internal teams. Our teams will deliver the same quality within the required time and budget just as our partn...
SYS-CON Events announced today that Carbonite will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Carbonite protects your entire IT footprint with the right level of protection for each workload, ensuring lower costs and dependable solutions with DoubleTake and Evault.
SYS-CON Events announced today that Super Micro Computer, Inc., a global leader in compute, storage and networking technologies, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Supermicro (NASDAQ: SMCI), the leading innovator in high-performance, high-efficiency server technology, is a premier provider of advanced server Building Block Solutions® for Data Center, Cloud Computing, Enterprise IT, Hadoop/...
SYS-CON Events announced today that Outscale will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Outscale's technology makes an automated and adaptable Cloud available to businesses, supporting them in the most complex IT projects while controlling their operational aspects. You boost your IT infrastructure's reactivity, with request responses that only take a few seconds.
While some vendors scramble to create and sell you a fancy solution for monitoring your spanking new Amazon Lambdas, hear how you can do it on the cheap using just built-in Java APIs yourself. By exploiting a little-known fact that Lambdas aren’t exactly single threaded, you can effectively identify hot spots in your serverless code. In his session at 20th Cloud Expo, David Martin, Principal Product Owner at CA Technologies, will give a live demonstration and code walkthrough, showing how to ov...
SYS-CON Events announced today that Technologic Systems Inc., an embedded systems solutions company, will exhibit at SYS-CON's @ThingsExpo, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Technologic Systems is an embedded systems company with headquarters in Fountain Hills, Arizona. They have been in business for 32 years, helping more than 8,000 OEM customers and building over a hundred COTS products that have never been discontinued. Technologic Systems’ pr...
As cloud adoption continues to transform business, today's global enterprises are challenged with managing a growing amount of information living outside of the data center. The rapid adoption of IoT and increasingly mobile workforce are exacerbating the problem. Ensuring secure data sharing and efficient backup poses capacity and bandwidth considerations as well as policy and regulatory compliance issues.
SYS-CON Events announced today that Cloudistics, an on-premises cloud computing company, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Cloudistics delivers a complete public cloud experience with composable on-premises infrastructures to medium and large enterprises. Its software-defined technology natively converges network, storage, compute, virtualization, and management into a ...
New competitors, disruptive technologies, and growing expectations are pushing every business to both adopt and deliver new digital services. This ‘Digital Transformation’ demands rapid delivery and continuous iteration of new competitive services via multiple channels, which in turn demands new service delivery techniques – including DevOps. In this power panel at @DevOpsSummit 20th Cloud Expo, moderated by DevOps Conference Co-Chair Andi Mann, panelists will examine how DevOps helps to meet th...
SYS-CON Events announced today that Progress, a global leader in application development, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Enterprises today are rapidly adopting the cloud, while continuing to retain business-critical/sensitive data inside the firewall. This is creating two separate data silos – one inside the firewall and the other outside the firewall. Cloud ISVs oft...