Two passwords … and lots of user IDs … towards OAuth 2.0



Over the past year or so, I have conducted many surveys at dissemination events, using wireless clickers to gather the results, where I ask attendees about how many usernames they had, and then on how many passwords they have. In every presentation I have made, the answer has been that they typically have between two and four passwords, but have more than 10 user IDs. This type of approach is unacceptable for the future, as we probably just need one ID, and it is the one that is the most trusted. A key concept is that users can start to define their own on-line identity and control the parts of it which are related to different contexts, as illustrated in Figure 1.

Within a highly trusted and secure environment, WS-* is the best framework to use to provide federated identity, but unfortunately it is extremely complex, and difficult to integrate…

View original post 949 more words