Contents tagged with OpenID

  • Scenarios for WS-Passive and OpenID

    I was wondering these days what would be the point in using WS-Passive when there is another simple sign-on solution, OpenID, that works really well and it’s getting a great adoption in the community. I can not say the same about WS-Passive, I haven’t seen any concrete implementation yet (For instance, Microsoft is planning to release a first implementation as part of the WIF framework before the end of this year).


  • Webcast "OpenID, OAuth y Live ID. Cual es la diferencia ?

    El proximo miercoles 20 de mayo a las 3 PM (GMT-05:00 Colombia, Panama), voy a estar presentando un MSDN webcast acerca de OpenID, OAuth y Windows Live ID. El evento va a ser transmitido en castellano para la comunidad de latinoamerica, y se va a enfocar en las caracteristicas principales de estas soluciones/protocolos, como funcionan, y algunos escenarios en donde se pueden aplicar con exito.

    El link al evento es el siguiente, 

    Los espero.


  • Some thoughts on OpenID and OAuth for Desktop clients

    OpenID and OAuth are today excellent solutions for "Single Sign On" (SSO)  and "Authorization Delegation" respectively. They are, however, based on Http Redirections and therefore, tied to passive clients or commonly called web browsers.

    An interesting research was made by google some time ago, it can be found here. After reading that article, it looks like they could not get rid of a browser at all :(.

    If that does not work for you, another solution could be WS-Federation Active Profile. 

    "SSO" is an inherent feature of WS-Federation, not doubt about it.

    "Authorization Delegation" can also be emulated with a combination of "SSO" and authorization claims. In this scenario, we always give our credentials to an identity provider we trust, there is no need to give away our credentials to any site or service involved in a transaction. The authorization claims also represent fine-granular permissions of what we are allowed to do on the service side, and again, they can provided by identity provider itself or a resource STS. I discussed this approach in my last post, "Addressing Authorization with OAuth or the .NET Access Control Service", the resource STS in this case would be the ACS service.