OpenID Connect Authentication Standard Finalized

The OpenID Connect 1.0 identity specification has been finalized. OpenID Connect is one of several methods that frees an organization from keeping identity information for every possible user of the organization’s Web sites and applications in the organization’s own directory. Instead, the organization relies on identity providers to authenticate users. OpenID Connect is important to Microsoft, because it allows customers to easily build and deploy on-premises and Azure-hosted applications capable of working with identity providers to authenticate users. However, OpenID Connect does not relieve the organization from deciding which identity providers it is willing to trust to authenticate users.

Claims-Based Authentication

To control access by employees to internal applications, an organization can rely on Active Directory Domain Services (AD). AD can be used in combination with AD Federation Services to manage access from an organization’s partners. However, controlling access to Web sites or applications by large numbers of users who are effectively unknown to the organization can be more difficult. To better address these and other identity and access control scenarios, Microsoft has been moving to claims-based identity and access control.