2B/ IIW 101 Session - Into to OpenID Connect
IIW 101 Session - Introduction to OpenID Connect
Session Convener: Michael B. Jones
Notes-taker(s): Michael B. Jones
Tags / links to resources / technology discussed, related to this session:
The “Introduction to OpenID Connect” presentation can be found at https://self-issued.info/?p=2269.
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
The discussion of the relationship to OpenID 2.0 and the lessons learned there was very much enhanced by the presence of Joseph Smarr - who worked on it.
Great questions were asked about protocol security features, including using “nonce” to prevent token injection attacks.
There was a great discussion on using the certification suite to test implementations as they evolve - including using it for continuous integration testing. The certification suite can be used for this for free. A fee is only charged when a certification request is submitted. The certification fees are low and are intended to cover the OpenID Foundation’s costs of operating the certification program.