Creating a sign-in for users to log in to an application is not necessarily a hard thing for developers to do; it is keeping a user’s identification safe that has proven difficult. In order to help organizations and businesses develop secure, flexible and interoperable online identity environments, the OpenID Foundation has launched OpenID Connect, an authentication protocol backed by companies such as Deutsche Telekom, Google, Microsoft, Ping Identity and Salesforce.
“OpenID Connect allows for clients of all types, including browser-based JavaScript and native mobile apps, to launch sign-in flows and receive verifiable assertions about the identity of signed-in users,” according to the organization.
(Related: Jeeves: A privacy-conscious programming language)
OpenID Connect allows developers to authenticate users without being accountable for storing and managing passwords. Developers build the sign-in process, and then the actual sign-in and identity verification is outsourced to specialist identity service operators, also known as Identity Providers (IdPs). IdPs are usually large Internet services, like Google and Microsoft.
“Widely available secure interoperable digital identity is the key to enabling easy-to-use, high-value cloud-based services for the devices and applications that people use,” said Alex Simons, director of program management for Microsoft Active Directory. “OpenID Connect fills the need for a simple yet flexible and secure identity protocol, and also lets people leverage their existing OAuth 2.0 investments.”
OpenID Connect is the third generation of the organization’s technology. Unlike previous versions, OpenID Connect integrates OAuth 2.0 capabilities. The reason why OpenID Connect serves as an identity layer on top of OAuth is because OAuth by itself is just an access-granting protocol and has no notion of identity, according to Nat Sakimura, chairman of the OpenID Foundation.
OpenID Connect focuses on interoperability, security, ease of deployment, flexibility, wide support of devices, and enabling claims providers to be distinct from IdPs in order to provide an Internet identity ecosystem.
More information about OpenID Connect is available here.