GNAP: A Conversation of AuthorizationAfter five years of standardization work, GNAP is now officially RFC9635! This long and intense process actually started a few years prior…Oct 9Oct 9
Making Bubbles: Re-connectingIf a set of accounts live in isolation forever, what happens to those accounts only matters within that isolated system. But when we make a…Sep 6Sep 6
Making Bubbles: Three Stages of IdentityOne of the key aspects to the bubbles model for federated identity systems is the fact that within the bubble, the account for each user is…Jul 11Jul 11
Making BubblesAbout a year ago, I wrote about a new concept I’d started to develop: a new way to look at how we view account provisioning, and how we use…Jun 24Jun 24
Applying RAR in OAuth 2 (and GNAP)The Rich Authorization Request extension to OAuth 2, or RAR, is a way to talk about access in the OAuth space beyond what scopes allow, and…Feb 22Feb 22
Discovery, Negotiation, and ConfigurationInteroperability is a grand goal, and a tough problem to crack. After all, what is interoperability other than independent things just…Dec 14, 2023Dec 14, 2023
Federation BubblesWe’ve spent decades building up systems that identify people and devices, and interconnect all of them. We’ve built systems that let us…Aug 4, 20231Aug 4, 20231
What happened to MITREid Connect?MITREid Connect was, at one time, one of the top open source implementations of OpenID Connect and OAuth 2.0. Written in Java and targeted…May 2, 2023May 2, 2023
The GNAPathonAt the recent IETF 113 meeting in Vienna, Austria, we put the GNAP protocol to the test by submitting it as a Hackathon project. Over the…Apr 11, 2022Apr 11, 2022
Signing HTTP MessagesThere’s a new draft in the HTTP working group that deals with signing HTTP messages. Why is it here, and what does it give us?May 4, 20211May 4, 20211