Justin RicherMaking Bubbles: Re-connectingIf a set of accounts live in isolation forever, what happens to those accounts only matters within that isolated system. But when we make a…Sep 6Sep 6
Justin RicherMaking Bubbles: Three Stages of IdentityOne of the key aspects to the bubbles model for federated identity systems is the fact that within the bubble, the account for each user is…Jul 11Jul 11
Justin RicherMaking BubblesAbout a year ago, I wrote about a new concept I’d started to develop: a new way to look at how we view account provisioning, and how we use…Jun 24Jun 24
Justin RicherApplying RAR in OAuth 2 (and GNAP)The Rich Authorization Request extension to OAuth 2, or RAR, is a way to talk about access in the OAuth space beyond what scopes allow, and…Feb 22Feb 22
Justin RicherDiscovery, Negotiation, and ConfigurationInteroperability is a grand goal, and a tough problem to crack. After all, what is interoperability other than independent things just…Dec 14, 2023Dec 14, 2023
Justin RicherFederation BubblesWe’ve spent decades building up systems that identify people and devices, and interconnect all of them. We’ve built systems that let us…Aug 4, 20231Aug 4, 20231
Justin RicherWhat happened to MITREid Connect?MITREid Connect was, at one time, one of the top open source implementations of OpenID Connect and OAuth 2.0. Written in Java and targeted…May 2, 2023May 2, 2023
Justin RicherThe GNAPathonAt the recent IETF 113 meeting in Vienna, Austria, we put the GNAP protocol to the test by submitting it as a Hackathon project. Over the…Apr 11, 2022Apr 11, 2022
Justin RicherSigning HTTP MessagesThere’s a new draft in the HTTP working group that deals with signing HTTP messages. Why is it here, and what does it give us?May 4, 20211May 4, 20211
Justin RicherFilling in the GNAPAbout a year ago I wrote an article arguing for creating the next generation of the OAuth protocol. That article, and some of the other…Oct 22, 2020Oct 22, 2020