General Availability of Microsoft OpenID Connect Identity Provider

Microsoft has announced the general availability of the Azure Active Directory OpenID Connect Identity Provider.  It supports the discovery of provider information as well as session management (logout).  On this occasion, the OpenID Foundation wants to recognize Microsoft for its contributions to the development of the OpenID Connect specifications and congratulate them on the general availability of their OpenID Provider.

Don Thibeau
OpenID Foundation Executive Director

There’s No Party Like Relying Parties

At Internet Identity conferences, the mention of Relying Parties (RPs) often triggers looks of consternation among attendees and comments about why aren’t they here. The role of RPs, and the reluctance of organizations to fill this role, has become a critical constraint to the emerging identity ecosystem.

In the business models used by most companies, RPs end up footing the bill. Identity Providers (IDPs), Content Service Providers (CSPs), and Applications Providers (Aps) are all on the receiving end of revenue related to identity transactions. While it’s never hard to find help when there is money to be made, what can be done to bring RPs to the table when they know it is likely going to cost them just to sit down?

RPs have been the least involved in the identity ecosystem discussions and working groups. There are active pilot projects, but, more often than not, the RPs for these projects have been government or public sector entities. Cross-sector success hinges on commercial entities willing to create identity management services, and their willingness pivots on identity systems providing RPs with something valuable in exchange.

To gain insight into the motivations of public and private sector RPs, let’s look at the identity marketplace from their perspective; let’s see what they see. Technology-driven companies tend to come up with new solutions that provide new capabilities and convenience for users but often forget three important assumptions:

  1. RPs are asked to finance a solution that primarily benefits their users, not them.
  2. We tend not to ask the user who is receiving most of the benefit to pay because users, usually consumers, do not like to pay for services when they do not understand the value/benefit to them.
  3. Consumers tend not to understand the value of identity protection until their identity has been compromised.

The identity industry tends to target technology and compliance people in RPs instead of the person most concerned with customer experience: the CMO. CFOs want reduced costs. General Counsels want reduced liability. The CMO, however, is responsible for improving customer experience. Identity systems tend to focus on simplifying and streamlining the customer experience. Reductions in risk and fraud rates are positive outcomes, as is increased insight into customer intentions. This comes with acquiring the all important data attributes as part of an overall identity management strategy. But at the end of the day, RPs’ primary motivation for changing identity systems is to improve customer experience by reducing friction and improve profits by monetizing customer data.

With the exception of Facebook, many identity system providers don’t make it clear exactly what RPs can to do to take advantage of their platforms. And even if the steps are clear, is it reasonable to expect RP technology departments to support switching from their internal systems to an unfamiliar external vendor?

These are all reasonable questions and expose factors that affect commercial RP participation to one degree or another. OIX plans to research these questions, to explore RP requirements and suggest solutions in a new OIX White Paper. Theses OIX White papers on the demand (RP) side and the supply side (IDPs and RPs) will help meet the challenges facing RPs and other stakeholders in the emerging identity ecosystem.