!!! Overview
A gathering of why [OAuth 2.0] and the related Protocols [OpenID Connect] and [User-Managed Access] are the way forward for [Authentication] and [Authorization]/[Delegation] for [WEB Single Sign-On].
First some opinions, [OAuth 2.0] is a basic framework that only meets the basic [Delegation]/[Authorization] requirements. We would not consider [OAuth 2.0] adequate as for [WEB Single Sign-On] solution
!! Some Links from Others
* Comparison of [Standards Based SSO] for [WEB Single Sign-On]
* [Why OpenID Connect][2]
* [Why the Future of Identity is OpenID Connect and not SAML|http://apicrazy.com/2014/08/18/why-the-future-of-identity-is-openid-connect-and-not-saml/|target='_blank']
* [The death (and life) of a protocol|https://www.kuppingercole.com/blog/kearns/the-death-and-life-of-a-protocol|target='_blank']
* [Despite the popularity of SAML, the mobile and cloud benefits of OpenID Connect may spur adoption as an enterprise authentication platform.|http://searchsecurity.techtarget.com/news/2240222015/OpenID-Connect-Poised-for-greatness-in-enterprise-authentication|target='_blank']
* [One Small Step for OpenID Connect, a Giant Leap for the Evolution of Identity Management|http://blogs.gartner.com/mary-ruddy/2014/02/28/one-small-step-for-openid-connect-a-giant-leap-for-the-evolution-of-identity-management-8/|target='_blank']
* [Kerberos Might Not Be Dead, but It's Not Feeling Well|http://windowsitpro.com/identity-management/kerberos-might-not-be-dead-its-not-feeling-well|target='_blank']!! [OpenID Connect] Leverages other emerging technologies
The summary:
* [OpenID Connect] OpenID Connect, published in 2014, is the emerging standard for [single Sign-On|Single Sign-On] and identity provision on the internet.
* [OpenID Connect] formula for success is how it Leverages other emerging technologies delivered via the use [OAuth 2.0] flows to obtain [tokens][1]
* [OpenID Connect] has learned lessons from past efforts such as [SAML] and [OpenID] 1.0 and 2.0
* [OpenID Connect] designed to fit web apps as well as native / mobile apps.
* [OpenID Connect] is simple enough to integrate with basic apps, but it also offers a number of features and security options to match demanding enterprise requirements.
* [OpenID Connect] Builds on [OAuth 2.0]'s [Delegation]/[Authorization] framework to provide [Authentication]
* [OpenID Connect] Allows choice of [Identity Provider (IDP)]
* [OpenID Connect] is [REST]/[JSON] Friendly:
** [JSON Web Tokens]
** [JSON Web Signature]
** [JSON Web Encryption]
** [Simple Web Discovery] using [WebFinger] via [Openid-configuration]
* [OpenID Connect] Can provide [Level Of Assurance]
* [OpenID Connect] [Cool Identity Token Uses]
! [User-Managed Access]
* Builds on [OAuth 2.0]'s [Delegation]/[Authorization] framework to provide [Authentication]
* Can use [OpenID Connect] and uses most of the [OpenID Connect] additions.
* Provides [UMA-obligations] to Satisfy Legal conditions
!! Broad Usage
[OpenID Connect] specifications are open, public and include extensibility. This along with Broad Usage provides an [Delegation]/[Authorization]/[Authentication] framework that is extremely well tested and flexible.
As another example of the activity for [OpenID Connect], subsribe to the [OpenID Connect Tag at StackoverFlow|https://stackoverflow.com/tags/openid-connect/info|target='_blank']
Some of the MAJOR entities using [OpenID Connect]:
* [Single Sign On|Single Sign-On] Vendors
** [Ping Identity|https://www.pingidentity.com/en/resources/articles/openid-connect.html|target='_blank']
** [ForgeRock|https://backstage.forgerock.com/#!/docs/openam/12.0.0/admin-guide/chap-openid-connect|target='_blank']
** [Connect2ID|http://connect2id.com/learn/openid-connect|target='_blank']
** [WSO2|http://wso2.com/library/articles/2014/06/open-id-connect/|target='_blank']
** [MITREid|https://id.mitre.org/connect/|target='_blank']
** [NetIQ Access Manager 4.x|https://www.netiq.com/documentation/access-manager-41-appliance/admin/data/b1ek5o72.html|target='_blank']
** [Microsoft Azure Active Directory (Azure AD)|https://msdn.microsoft.com/en-us/library/azure/dn645541.aspx|target='_blank']
** [Microsoft ADFS|http://www.cloudidentity.com/blog/2015/08/21/openid-connect-web-sign-on-with-adfs-in-windows-server-2016-tp3/|target='_blank']
*Social Networks
** [Google|https://developers.google.com/identity/protocols/OpenIDConnect?hl=en|target='_blank']
** [Facebook|https://developers.facebook.com/docs/facebook-login|target='_blank']
** [Yahoo|https://developer.yahoo.com/openid/|target='_blank']
* Others
** [Salesforce|https://developer.salesforce.com/page/Inside_OpenID_Connect_on_Force.com|target='_blank']
** [PayPal|https://developer.paypal.com/webapps/developer/docs/integration/direct/identity/log-in-with-paypal/|target='_blank']
** [AWS account|https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc.html|target='_blank']
** [WebSphere|https://www.ibm.com/developerworks/websphere/library/techarticles/1502_odonnell/1502_odonnell.html|target='_blank']
** [Implementing OAuth on IBM WebSphere DataPower Appliances|http://www.ibm.com/developerworks/websphere/library/techarticles/1208_rasmussen/1208_rasmussen.html|target='_blank']
** [WebSphere Application Server Liberty server as an OpenID Connect Client|https://www-01.ibm.com/support/knowledgecenter/api/content/nl/en-us/SSD28V_8.5.5/com.ibm.websphere.wlp.core.doc/ae/twlp_config_oidc_rp.html|target='_blank']
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [OpenID Connect explained|http://connect2id.com/learn/openid-connect|target='_blank'] - based on information obtained 2013-04-10
* [#2] - [Why OpenID Connect will be ubiquitous for domain authentication|http://www.gluu.org/blog/10-reasons-openid-connect-will-be-ubiquitous/|target='_blank'] - based on information obtained 2013-04-10