Security | News

New OpenID Connect Standard Extends Digital Identities Across the Web

• By Rhea Kelly
• 02/26/14

A new standard for Internet security and privacy has been ratified by the OpenID Foundation. Organizations can now use OpenID Connect to develop secure, flexible and interoperable identity Internet ecosystems, allowing digital identities to be used across websites and applications via any computing or mobile device.

OpenID Connect enables applications to outsource the business of identity verification to specialist identity service operators, called identity providers, while still managing their relationships with users. The standard has been implemented worldwide by Internet and mobile companies such as Google, Microsoft, Salesforce.com, Ping Identity, Nomura Research Institute, mobile network operators and other companies and organizations. It will be built into commercial products and implemented in open source libraries for global deployment.

"Widely available secure, interoperable digital identity is the key to enabling easy-to-use, high-value cloud-based services for the devices and applications that people use," said Alex Simons, director of program management for Microsoft Active Directory, in a prepared statement. "OpenID Connect fills the need for a simple yet flexible and secure identity protocol and also lets people leverage their existing OAuth 2.0 investments."

Next week at the London headquarters of mobile operators association GSMA, OpenID Foundation members will meet with counterparts at the GSMA to begin work on interoperability across global mobile network operators. The OpenID Foundation, the Open Identity Exchange and the GSMA are collaborating on pilot and discovery projects and in 2014 will begin testing how OpenID Connect implementations can enhance online choice, efficiency, security and privacy.

Mobile Connections
Building on the OpenID Connect standard, the GSMA association for mobile operators recently launched Mobile Connect, a collaborative effort to develop a new service that will allow consumers to securely access a wide array of digital services using their mobile phone account for authentication.

"The GSMA's role is to work with the mobile operators to deliver relevant services to their customers; one such area that is growing in importance is the use of the mobile phone for authentication or identification purposes," said Marie Austenaa, head of personal data for the organization, in a press release. "In order to achieve global scale and ease of implementation both for mobile operators and for the service providers, it is important to have a consistent approach — and this is what OpenID Connect provides."