Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Thursday April 23 2015, @05:57PM   Printer-friendly
from the all-our-identities-become-one dept.

With support from Google, Microsoft, Ping Identity, ForgeRock, Nomura Research Institute, and PayPal, OpenID Connect launched today.

OpenID Connect performs many of the same tasks as OpenID 2.0, but does so in a way that is API-friendly, and usable by native and mobile applications. OpenID Connect defines optional mechanisms for robust signing and encryption. Whereas integration of OAuth 1.0a and OpenID 2.0 required an extension, in OpenID Connect, OAuth 2.0 capabilities are integrated with the protocol itself.

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Informative) by maxwell demon on Thursday April 23 2015, @07:32PM

    by maxwell demon (1608) on Thursday April 23 2015, @07:32PM (#174408) Journal

    Because with this specific "centralized" password system everyone can be an identity provider. In other words, you can run the thing providing your identity on your own system, as long as it is accessible from the internet. Or on your friend's system if he allows you to. Or at a rented server.

    Or in short, it is not centralized by design.

    --
    The Tao of math: The numbers you can count are not the real numbers.
    Starting Score:    1  point
    Moderation   +4  
       Insightful=1, Informative=3, Total=4
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5  
  • (Score: 3, Insightful) by frojack on Thursday April 23 2015, @08:57PM

    by frojack (1554) on Thursday April 23 2015, @08:57PM (#174435) Journal

    I think you missed the point.

    As far as I can see this is good for exactly one thing, throw-away identities, that you need to log into certain sites.

    Using such a thing for anything that requires real security is just silly in the post snowden world.
    This isn't the first go around with OpenID. It never did gain much traction, not because it wasn't technically usable, and not because it didn't do what it set out to do, but because its just not a wise thing to do.

    --
    No, you are mistaken. I've always had this sig.
    • (Score: 3, Insightful) by tibman on Friday April 24 2015, @12:27AM

      by tibman (134) Subscriber Badge on Friday April 24 2015, @12:27AM (#174489)

      For most sites OpenID is perfect. One less password to memorize. I don't think anyone would suggest using a twitter account to create your bank account.

      --
      SN won't survive on lurkers alone. Write comments.