Tuesday, October 16

Reasons Why OpenID Connect Is the Future of Identity

Google+ Pinterest LinkedIn Tumblr +

When it was first introduced in 2005, many believed, rightly so, that OpenID was the key to future secure logins on the web. The intention of creating OpenID was to streamline the login process for users with many accounts hosted by different websites.

Typically, it requires a user to have different passwords and usernames for each of the websites he intends to access, however many. For the majority of users, the idea of memorizing distinct passwords for each of their accounts hosted by different websites was unrealistic and impractical. Therefore, they would recycle a single username and password across several sites. This would jeopardize their online security. OpenID was designed to solve this problem.

The idea of OAuth was born towards the end of 2006, but it would take another year before OAuth Core 1.0 could be created. The people behind OAuth wanted to create an open standard that could be used to delegate API access.

Understanding OAuth and OpenID

OAuth works the same way that a valet key does for a luxury car owner. The valet key gives a parking attendant limited access to your car. The parking attendant could drive the car for, say, not more than two miles. Some luxury cars have valet keys that will not allow a parking attendant to use your car address book, onboard cellphone or access your trunk. OAuth gives websites limited access to your online credentials as a way of staying safe online.

While OpenID and OAuth perform similar functions, they are quite different. OpenID uses one identity to log into many different websites while OAuth gives access to a number of your private resources from the host site (referred to as the Service Provider) to a different website (referred to as the Consumer) without at all sharing the details of your identity.

Using OAuth and OpenID protocols

OpenID is an identity protocol for authentication (authN) while OAuth is an identity protocol for authorization (authZ). Authentication protocols provide proof of identity while authorization protocols describe the resources that a Consumer website can access from a Service Provider website. For instance, when you allow a social networking site like Facebook to access your email contacts stored in your Yahoo or Gmail account, you are approving authorization by use of the OAuth standard.

While you may not have realized it at the time, you have almost certainly used OpenID authentication protocol at some point. Indeed, if you have a WordPress, Yahoo, Blogger or Google account, you already possess an OpenID. You can use it to sign up and log into other websites that have enabled OpenID. Instead of using unique signing in details for that website, you use your existing sign in credentials from Google, Blogger, WordPress and other OpenID websites.

OAuth provides a standardized through which developers can avail their services to users using an API while staying away from the need to require those users to reveal their security credentials like passwords and usernames. OAuth gets users to give a website access to certain security credentials. OpenID exists to ascertain that a user is who he says he is. Therefore, the two identity protocols function seamlessly together.

OAuth 2.0 and OpenID Connect

OAuth 2.0 is the latest version of the OAuth identity protocol created in 2006. This authorization framework gives desktop applications, web applications, mobile phones, and other devices restricted access to user information on HTTP services like DigitalOcean, Facebook and GitHub.
Reasons Why OpenID Connect Is the Future of IdentityReasons Why OpenID Connect Is the Future of Identity
OpenID Connect is today’s standard for identity provision and single login on the web. It is an identity layer added to the OAuth 2.0 protocol. OpenID Connect delivers JSON-based web identity tokens (JWT) via OAuth 2.0 allowing web-based, JavaScript and mobile clients to both request and receive certain information regarding end users and their authenticated sessions. Because it combines OAuth 2.0 with OpenID, OpenID Connect is able to verify the identity of an end user, fetch information on his profile and gain restricted access to his other credentials.

OpenID Connect is the future of identity

OpenID connect is fast reaching maturity. And with large companies like Google behind it, there is every reason to believe that it will enjoy widespread adoption. Essentially, OpenID Connect is OpenID improved using the benefit of retrospection. It is designed as a replacement for existing online identity systems that the majority of internet users have known and used for years.

The old system that required users to create a username and password to access website resources will soon be overtaken by events. Given how data breaches have become such a common phenomenon, the security sector is working day and night to find a different and workable solution that is both secure and realistic.

In an attempt to improve online identity, financial institutions like banks often require a user to complete a multi-factor authentication process. In these protocols, the user is required to verify more than one item. To do this, he must have adequate knowledge of the item and have it in his possession. Often times, in addition to a username and password, the user might be asked to enter a code sent to his phone. Some jurisdictions use biometrics as part of the multi-factor authentication process.

Interoperable authentication protocol

OpenID Connect now enjoys an interoperable authentication protocol that allows developers to put up an authentication process that is considerably simple for their website users. They do this by outsourcing identity verification and sign-in protocols to respectable identity providers. Typically, these identity providers are tech firms that specialize in privacy and security protection for internet users.

OpenID is still a young technology but its popularity is growing rapidly. Some of the multinationals betting on the technology include PayPal, Google. Amazon Web Services and Microsoft. Today, OpenID is a consumer-oriented identity protocol. Nevertheless, its adoption is recording noteworthy growth within business-to-business circles.


About Author

I am a writer, an author, a singer/songwriter a social media & SEO specialist. I am also a member of the International Association of Writers and Editors (IAPWE). I enjoy reading and motivational speaking.

Comments are closed.