2B/ IIW 101 Session - Into to OpenID Connect

From IIW

IIW 101 Session - Introduction to OpenID Connect

Session Convener: Michael B. Jones Notes-taker(s): Michael B. Jones

Tags / links to resources / technology discussed, related to this session:

The “Introduction to OpenID Connect” presentation can be found at https://self-issued.info/?p=2269.

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

The discussion of the relationship to OpenID 2.0 and the lessons learned there was very much enhanced by the presence of Joseph Smarr - who worked on it.

Great questions were asked about protocol security features, including using “nonce” to prevent token injection attacks.

There was a great discussion on using the certification suite to test implementations as they evolve - including using it for continuous integration testing. The certification suite can be used for this for free. A fee is only charged when a certification request is submitted. The certification fees are low and are intended to cover the OpenID Foundation’s costs of operating the certification program.