OpenID Connect Background

OpenID Connect

OpenID Connect Core 1.0


OpenID Connect identifies a set of personal attributes that can be exchanged between Identity Providers and the apps that use them, and includes an approval step so that users can consent (or deny) the sharing of this information.

OAuth 2.0

  • RFC 6749 The OAuth 2.0 Authorization Framework; Editor: D. Hardt (Microsoft); 2012-10.
  • RFC 6750 The OAuth 2.0 Authorization Framework: Bearer Token Usage; M. Jones (Microsoft), D. Hardt (self); 2012-10.

Compare & Contrast

OpenID 2.0

  • pages, not apps => enterprise web applications, not storebought os screen chiclets
  • XML => Security Assertion Markup Language (SAML)

OpenID Connect

  • JSON
  • TLS
  • standard crypto signature-verification libraries.




  • Android => <quote>There are already system-level APIs built into the Android operating system to provide OpenID Connect services.</quote>
  • iOS => probably not; Apple isn’t listed, [own thing; add value].

Working Group

OpenID Foundation


  • AOL,
  • Deutsche Telekom,
  • Facebook,
  • Google,
  • Microsoft,
  • Mitre Corporation,
  • mixi,
  • Nomura Research Institute,
  • Orange,
  • PayPal,
  • Ping Identity,
  • Salesforce,
  • Yahoo! Japan.


  • GSMA, Mobile Network Operators (MNOs) => mobileidentity(articulates a need)
    • <rephrase>Mobile Connect service is a single, trusted, mobile phone number-based authentication solution</rephrase>
    • <quote>The standard-based Mobile Connect service will utilise the OpenID Connect protocol, offering broad interoperability across mobile operators and service providers, further ensuring a seamless experience for consumers. </quote>
    • Supporters: Axiata Group Berhad, China Mobile, China Telecom, Etisalat, KDDI, Ooredoo, Orange, Tata Teleservices, Telefónica, Telenor, Telstra, VimpelCom.
    • Users: Dailymotion, Deezer, Gemalto, Giesecke & Devrient, Morpho, Oberthur, VALID.
  • FIDO Alliance => unclear.


Via: backfill

Comments are closed.