Adopting OAuth 2 OpenID Connect

From IIW

Title: Adopting OpenID 2, OpenID Connect

Session: Thursday Space 3F

Conference: IIW-11 November 2-4, Mountain View, Complete Notes Page

Convener: Travis Spenser

We talked about the following (among other things) during this session:

  • The timetable for finalization of the OpenID Artifact Binding (AB). According to John Bradley, the spec would be finalized in a month or so.
  • John told us the OpenID AB would not directly depend on OAuth 2 because it isn't finalized but that OpenID AB would make migration to the final spec as simple as possible.
  • The Leeloo development team said that they are not concerned w/ the state of the OAuth spec and are taking a dependency on it for UMA. They did say in another session that there are things in the spec that they didn't implement because there has been talk on the mailing list about changes in that area (not sure which exactly)
  • A employee of Oracle said that the current flux in the OAuth spec coupled w/ some security issues are the reasons that they are advising all of their clients not to use the protocol ATM.