|By Marketwired .||
|February 26, 2014 07:30 AM EST||
SAN FRANCISCO, CA, and BARCELONA, SPAIN -- (Marketwired) -- 02/26/14 -- RSA 2014 and Mobile World Congress -- The OpenID Foundation announced today that its membership has ratified the OpenID Connect standard. Organizations and businesses can now use OpenID Connect to develop secure, flexible, and interoperable identity Internet ecosystems so that digital identities can be easily used across websites and applications via any computing or mobile device. OpenID Connect has been implemented worldwide by Internet and mobile companies, including Google, Microsoft, Deutsche Telekom, salesforce.com, Ping Identity, Nomura Research Institute, mobile network operators, and other companies and organizations. It will be built into commercial products and implemented in open-source libraries for global deployment.
"Widely-available secure interoperable digital identity is the key to enabling easy-to-use, high-value cloud-based services for the devices and applications that people use," said Alex Simons, Director of Program Management for Microsoft Active Directory. "OpenID Connect fills the need for a simple yet flexible and secure identity protocol and also lets people leverage their existing OAuth 2.0 investments. Microsoft is proud to be a key contributor to the development of OpenID Connect, and of doing our part to make it simple to deploy and use digital identity across a wide range of use cases."
OpenID Connect is an efficient, straightforward way for applications to outsource the business of signing users in to specialist identity service operators, called Identity Providers (IdPs). Most importantly, applications still manage their relationships with their customers but outsource the expensive, high-risk business of identity verification to those better equipped to professionally manage it.
The Strength of Mobile Identity
Mobile operators are placed ideally to offer identity services with their differentiated assets such as the SIM card, strong registration process, authentication, and fraud detection and mitigation processes. They have the ability to provide sufficient authentication to enable consumers, businesses and governments to interact in a private, trusted and secure environment and enable access to services. The GSMA earlier this week announced the launch of the Mobile Connect service, a collaborative initiative, supported by leading mobile operators, to develop an innovative new service that will allow consumers to securely access a wide array of digital services using their mobile phone account for authentication.
"The GSMA's role is to work with the Mobile Operators to deliver relevant services to their customers; one such area that is growing in importance is the use of the mobile phone for authentication or identification purposes," said Marie Austenaa, Head of Personal Data, GSMA. "In order to achieve global scale and ease of implementation both for Mobile Operators and for the Service Providers, it is important to have a consistent approach and this is what OpenID Connect provides."
"Today is an important milestone in the evolution of online identity; the launch of OpenID Connect provides an open standard enabling global interoperability," said Don Thibeau, Executive Director of the OpenID Foundation. "The strength of the standard is validated by industry competitors cooperating to lead the development and adoption of OpenID Connect. It is further validated by the plans for adoption by the GSMA, which represents over 800 global Mobile Network Operators."
OpenID Connect Makes Online Transactions Easier and More Secure
OpenID Connect is the third generation of OpenID technology. Its predecessors, OpenID 1.1 and OpenID 2.0, were well received and are in production today by many well-known Internet companies worldwide.
"Google is betting big on OpenID Connect because it's simple for developers to understand and makes it easy to federate with identity providers. It also protects users by only sharing account information that users explicitly tell us to," said Eric Sachs, Group Product Manager for Identity. "As of today, Google offers support for OpenID Connect as an identity provider and we are excited to see how this standard will make Internet use easier for users without having to enter passwords."
"Salesforce.com is committed to unlocking new ways for companies to build meaningful relationships with their customers, and that engagement starts with standards-based identity," said Chuck Mortimore, vice president, Identity product management, salesforce.com. "We've built OpenID Connect into the core of the Salesforce1 customer platform, allowing companies to connect the next generation of apps, devices and products -- delivering a unified customer experience through a single identity.
"Today's ratification of OpenID Connect is a big step forward in making business interaction easier and more secure," said Ping Identity CTO Patrick Harding. "Standards are critical to supporting a new era of identity-centric business. OpenID Connect spans Web, API and mobile, making it an especially important protocol in our collective efforts to move identity from application to infrastructure."
The formalization of OpenID Connect as an open global standard allows developers, businesses, governments, accreditors, and other interested parties to build creation and adoption of sector-specific OpenID Connect profiles into 2014 plans and priorities. Next week in London at the GSMA Headquarters, OpenID Foundation Members including Google, Microsoft, Ping Identity and others will meet with counterparts at the GSMA to begin work on ensuring interoperability across global Mobile Network Operators. The OpenID Foundation, the Open Identity Exchange, and the GSMA are collaborating on pilot and discovery projects and in 2014 will begin testing how OpenID Connect implementations can enhance online choice, efficiency, security, and privacy.
Internet identity initiatives like the UK Identity Assurance Program (IDAP) rely on open standards. The UK Cabinet Office has been a global leader in discovering how commercial identity providers and mobile network operators can contribute to the goals of its Digital By Default Strategy. The GSMA, OpenID Foundation, the Open Identity Exchange, and four leading Mobile Network Operators are collaborating on a set of tests in support of the UK IDAP program using open standards.
Why OpenID Connect?
Barely a week goes by without another news story about some Internet-facing organization suffering a damaging data breach, often including passwords, sometimes numbering in the tens of millions. The constant drumbeat of data breaches is damaging organizations' reputations, the Internet as a whole, and in particular, the trust of Internet users worldwide.
OpenID Connect provides a simple, standard way to outsource site and application login to operators who continually invest in sophisticated authentication infrastructure and who have the specialized skills required to securely manage sign-in and detect abuse. That investment is coupled with the increased cost of helping users with lost-account recovery, password changes, and so on. The organizations that contributed to OpenID Connect are leading the way in the development of advanced authentication technologies such as risk-based authentication and multi-factor authentication and deploying them at their OpenID Connect IdPs. This ongoing investment in technology and expertise is increasingly beyond the reach of most application providers. It is not a core competence, and is thus an excellent candidate for outsourcing.
OpenID Connect builds on the foundation of successful open identity and security standards like OAuth 2.0 and TLS (also known as SSL or "https"). As a result, it has the advantage is that it is substantially easier for developers to implement and deploy than other identity protocols, enabling simpler deployments without sacrificing security.
"NRI has been actively involved in developing OpenID Connect as one of the authors. We have deployed an open source implementation of OpenID Connect as a backend technology provider for media companies, mobile operators, credit card and commerce companies," said Nat Sakimura, Senior Researcher of Nomura Research Institute, Ltd.
OpenID Connect was developed by a working group of independent security experts and specialists from several continents at companies including Microsoft, Google, salesforce.com, Ping Identity, AOL, Nomura Research Institute, and Deutsche Telekom and tested for interoperability among over 20 implementations.
About The OpenID Foundation
The OpenID Foundation is an international non-profit organization of individuals and companies committed to enabling, promoting and protecting OpenID technologies. Formed in June 2007, the foundation serves as a public trust organization representing the open community of developers, vendors, and users. The OIDF assists the community by providing needed infrastructure and help in promoting and supporting expanded adoption of OpenID technologies. This entails managing intellectual property and brand marks as well as fostering viral growth and global participation in the proliferation of OpenID.
News Media Contacts:
OnPR for OpenID Foundation
The cloud promises new levels of agility and cost-savings for Big Data, data warehousing and analytics. But it’s challenging to understand all the options – from IaaS and PaaS to newer services like HaaS (Hadoop as a Service) and BDaaS (Big Data as a Service). In her session at @BigDataExpo at @ThingsExpo, Hannah Smalltree, a director at Cazena, will provide an educational overview of emerging “as-a-service” options for Big Data in the cloud. This is critical background for IT and data profes...
Feb. 12, 2016 02:30 AM EST Reads: 218
Father business cycles and digital consumers are forcing enterprises to respond faster to customer needs and competitive demands. Successful integration of DevOps and Agile development will be key for business success in today’s digital economy. In his session at DevOps Summit, Pradeep Prabhu, Co-Founder & CEO of Cloudmunch, covered the critical practices that enterprises should consider to seamlessly integrate Agile and DevOps processes, barriers to implementing this in the enterprise, and pr...
Feb. 12, 2016 02:00 AM EST Reads: 427
The principles behind DevOps are not new - for decades people have been automating system administration and decreasing the time to deploy apps and perform other management tasks. However, only recently did we see the tools and the will necessary to share the benefits and power of automation with a wider circle of people. In his session at DevOps Summit, Bernard Sanders, Chief Technology Officer at CloudBolt Software, explored the latest tools including Puppet, Chef, Docker, and CMPs needed to...
Feb. 12, 2016 01:30 AM EST Reads: 338
With the Apple Watch making its way onto wrists all over the world, it’s only a matter of time before it becomes a staple in the workplace. In fact, Forrester reported that 68 percent of technology and business decision-makers characterize wearables as a top priority for 2015. Recognizing their business value early on, FinancialForce.com was the first to bring ERP to wearables, helping streamline communication across front and back office functions. In his session at @ThingsExpo, Kevin Roberts...
Feb. 12, 2016 12:45 AM EST Reads: 400
Cognitive Computing is becoming the foundation for a new generation of solutions that have the potential to transform business. Unlike traditional approaches to building solutions, a cognitive computing approach allows the data to help determine the way applications are designed. This contrasts with conventional software development that begins with defining logic based on the current way a business operates. In her session at 18th Cloud Expo, Judith S. Hurwitz, President and CEO of Hurwitz & ...
Feb. 12, 2016 12:00 AM EST Reads: 273
It's easy to assume that your app will run on a fast and reliable network. The reality for your app's users, though, is often a slow, unreliable network with spotty coverage. What happens when the network doesn't work, or when the device is in airplane mode? You get unhappy, frustrated users. An offline-first app is an app that works, without error, when there is no network connection.
Feb. 11, 2016 11:00 PM EST Reads: 226
Data-as-a-Service is the complete package for the transformation of raw data into meaningful data assets and the delivery of those data assets. In her session at 18th Cloud Expo, Lakshmi Randall, an industry expert, analyst and strategist, will address: What is DaaS (Data-as-a-Service)? Challenges addressed by DaaS Vendors that are enabling DaaS Architecture options for DaaS
Feb. 11, 2016 10:45 PM EST Reads: 363
One of the bewildering things about DevOps is integrating the massive toolchain including the dozens of new tools that seem to crop up every year. Part of DevOps is Continuous Delivery and having a complex toolchain can add additional integration and setup to your developer environment. In his session at @DevOpsSummit at 18th Cloud Expo, Miko Matsumura, Chief Marketing Officer of Gradle Inc., will discuss which tools to use in a developer stack, how to provision the toolchain to minimize onboa...
Feb. 11, 2016 10:00 PM EST Reads: 122
As someone who has been dedicated to automation and Application Release Automation (ARA) technology for almost six years now, one of the most common questions I get asked regards Platform-as-a-Service (PaaS). Specifically, people want to know whether release automation is still needed when a PaaS is in place, and why. Isn't that what a PaaS provides? A solution to the deployment and runtime challenges of an application? Why would anyone using a PaaS then need an automation engine with workflow ...
Feb. 11, 2016 05:15 PM EST Reads: 218
SYS-CON Events announced today that Catchpoint Systems, Inc., a provider of innovative web and infrastructure monitoring solutions, has been named “Silver Sponsor” of SYS-CON's DevOps Summit at 18th Cloud Expo New York, which will take place June 7-9, 2016, at the Javits Center in New York City, NY. Catchpoint is a leading Digital Performance Analytics company that provides unparalleled insight into customer-critical services to help consistently deliver an amazing customer experience. Designed...
Feb. 11, 2016 05:00 PM EST Reads: 392
The cloud competition for database hosts is fierce. How do you evaluate a cloud provider for your database platform? In his session at 18th Cloud Expo, Chris Presley, a Solutions Architect at Pythian, will give users a checklist of considerations when choosing a provider. Chris Presley is a Solutions Architect at Pythian. He loves order – making him a premier Microsoft SQL Server expert. Not only has he programmed and administered SQL Server, but he has also shared his expertise and passion w...
Feb. 11, 2016 04:30 PM EST
With the proliferation of both SQL and NoSQL databases, organizations can now target specific fit-for-purpose database tools for their different application needs regarding scalability, ease of use, ACID support, etc. Platform as a Service offerings make this even easier now, enabling developers to roll out their own database infrastructure in minutes with minimal management overhead. However, this same amount of flexibility also comes with the challenges of picking the right tool, on the right ...
Feb. 11, 2016 04:15 PM EST Reads: 181
SYS-CON Events announced today that FalconStor Software® Inc., a 15-year innovator of software-defined storage solutions, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. FalconStor Software®, Inc. (NASDAQ: FALC) is a leading software-defined storage company offering a converged, hardware-agnostic, software-defined storage and data services platform. Its flagship solution FreeStor®, utilizes a horizonta...
Feb. 11, 2016 04:00 PM EST
SYS-CON Events announced today that Interoute, owner-operator of one of Europe's largest networks and a global cloud services platform, has been named “Bronze Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2015 at the Javits Center in New York, New York. Interoute is the owner-operator of one of Europe's largest networks and a global cloud services platform which encompasses 12 data centers, 14 virtual data centers and 31 colocation centers, with connections to 195 ad...
Feb. 11, 2016 03:45 PM EST Reads: 414
SYS-CON Events announced today that (ISC)²® (“ISC-squared”) will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. Two leading non-profits focused on cloud and information security, (ISC)² and Cloud Security Alliance (CSA), developed the Certified Cloud Security Professional (CCSP) certification to address the increased demand for cloud security expertise due to rapid growth in cloud. Recently named “The Next...
Feb. 11, 2016 03:00 PM EST