Consumer expectations of their online experience is becoming ever more sophisticated. Whilst the negative aspects of online privacy is becoming understood and questioned. These tenets are impacting the design and development of consumer identity systems. Can our current offerings, such as SAML, OpenID Connect and Information Cards, provide the type of identity system that will perform to the needs of an increasingly sophisticated audience in terms of user control, privacy and security?
Description: A high level overview of the protocol, and an explanation of why major technology companies have standardized on it including Google, Microsoft, Facebook, Yahoo, etc. We will also discuss how the functionality of the OpenID v2 protocol has been reimplemented on top of OAuth to create OpenID Connect. The session will also discuss the security problems of websites that run their own password based login systems.
In April 2011, the US Department of Commerce released its National Strategy for Trusted Identities in Cyberspace (NSTIC) calling for a public-private partnership to create a secure commercial, social, and civic identity ecosystem. The Open Identity Exchange (OIX) has taken the lead in constructing both the rules and tools for the rapid, internet-scale creation of such an ecosystem: the Trust Framework.