Thursday, May 10, 2012

Over simplified graphical representation of OpenID Connect

The OAuth 2.0 authz code grant type defines how to use the browser to get an access token (blue) from the AS to the Client. The OAuth bearer spec defines how to then use that token on API calls to arbitrary endpoints.

OpenID Connect layers new pieces on top - the new ID_token and the UserInfo endpoint (both in orange). As before, the client (normally) leverages the browser as the means to obtain tokens. 

The Client consumes the ID_token and creates a session based on it. The Client uses the access token to call both the UserInfo and other API endpoints.

Wednesday, May 02, 2012

Paul Madsen continues with Ping Identity’s Office of the CTO

Identity Management Expert Paul Madsen continues with Ping Identity’s Office of the CTO
Respected Identity Advocate to Help Develop and Evangelize Next Generation of Standards Including OpenID Connect and OAuth
Ping Identity®, The Cloud Identity Security Leader™, today announced that Paul Madsen will remain in the company’s Office of the CTO as senior technical architect. In this role, he will continue to develop and evangelize the next generation of identity standards include OpenID Connect and OAuth.
“An active and well-respected member of the Identity community, Paul brings an in-depth understanding of interoperability and open standards to our team,” said Patrick Harding, CTO of Ping Identity. “This expertise directly aligns with Ping Identity’s standards-based approach to solving complex identity management challenges and makes him a natural fit for our expanding team.”