With today’s announcement from Facebook of its plans to take its Facebook Connect program into the mobile sphere with Single Sign-on, it started to raise some questions from across various points. On ...

Authentication and authorization are critical parts of any application. They evolved over the years to meet the challenging requirements of the modern Web. OAuth2.0 and OpenID Connect offer a ...

Identity standards aren’t sexy. Biometrics, encryption apps and systems that enable high-assurance authentication get much of the attention but standards that make all these technologies work across ...

Signing users in to a mobile or web app isn’t necessarily hard, but keeping their credentials safe is something that’s often best left to specialists. The OpenID Foundation today announced the launch ...

* or one access token with multiple audiences? The scenario I'm thinking of is when apis are developed in separate product organisations, all being registered in the same identity service, but with ...

The recently disclosed security flaws in some implementations of the widely used OAuth and OpenID website authentication mechanisms are serious. But they're not nearly as bad as the recently ...

After some four years of wrangling, the OpenID Foundation has finally given the thumbs-up to OpenID Connect, its protocol for both authenticating users and providing a distributed way to handle ...

The OpenID Foundation Wednesday unveiled a program to certify implementations of its OpenID Connect authentication mechanisms as a step toward ensuring an interoperable identity infrastructure that ...

At WWDC 2019, Apple was largely praised for turning privacy from an add-on feature to a service. The biggest proof of that was its "Sign in with Apple", its attempt to overthrow Google and Facebook ...

A serious vulnerability in both the OAuth and OpenID protocols could lead to complications for those who use the services to login to websites like Facebook, Google, LinkedIn, Yahoo, Microsoft, PayPal ...