European-based identity and security analyst firm, KuppingerCole, recently announced that OpenID Connect was awarded the 2012 European Identity and Cloud Award in the category for Best Innovation/New Standard. This recognition was largely based on OpenID Connect’s potential to significantly change digital identity using a simple interoperable Internet identity protocol to improve the way we interact with each other online.
According to Dave Kearns of KuppingerCole, OpenID Connect’s design philosophy to “make simple things simple and make complicated things possible” can play a critical role in creating the technical specifications (“tools”) necessary for advancing Internet identity across both traditional and evolving digital platforms.
“What’s most impressive is that this elegantly simple design resulted from the cooperation of such a diverse global set of contributors. I expect OpenID Connect to have a substantial positive impact on usable, secure identity solutions both for traditional computing platforms and mobile devices.”
As Dave sees it, OpenID Connect is to OpenID 2.0 as Gigabit Ethernet is to Bob Metcalfe’s original Ethernet. First, where integration of OpenID 2.0 requires an extension, OpenID Connect, which performs many of the same functions as OpenID 2.0, is built into the protocol and is API-friendly. Second, OpenID Connect provides a secure, flexible and interoperable identity layer on top of OAuth 2.0 specifications, enabling participants to exchange any claims relevant to their application. It doesn’t define ways to authenticate users or communicate information about them. Instead, OpenID Connect uses a default set of common claims about a user (e.g., name, email address, user identifier enabling SSO) to allow digital identities to be used across websites and applications.
In an indirect but important way, the recognition of OpenID Connect supports the mission of the Open Identity Exchange (OIX), which similarly suggests open source for Internet identities. The relationship, dependencies and synergy between OpenID Connect and the OIX can play a integral role in the advancement of digital identities.
This is not to say only Connect works. Like OAuth 2.0, OpenID Connect’s modular design gives relying parties the flexibility to deploy the attributes they need to improve operational efficiency and security while remaining interoperable. From a policy standpoint, OIX helps set the stage for industry stakeholders and policymakers to create and publish the policy “rules” for open identity trust frameworks that improve the user experience and protect the identity and privacy of everyone involved.
Together, this new open approach for creating custom “tools and rules” can play a useful role in establishing the levels of assurance, elevating trust in Internet identities across multiple jurisdictions, and improving the way public and private industry communicates with users over the Internet.