Save or Share this Report

For Security & Risk Professionals

OpenID Connect Heralds The "Identity Singularity"

Prepare For Cloud Security Improvements, Along With A Tincture Of Disruption

October 26, 2011

Primary author headshot


Why Read This Report

Security professionals responsible for diverse types of access management across cloud services, devices, and populations have to pull off a neat trick: control access requests that routinely cross domain boundaries. Federated identity techniques such as web single sign-on help to solve these problems but require "extreme interoperability." To secure a full set of such scenarios today, security architects must often design Rube Goldberg-type devices that translate between standards optimized for subsets of needs, such as B2B (business-to-business) or B2C (business-to-consumer). The new suite of OpenID Connect and JavaScript Object Notation (JSON) Web Token specifications brings another round of standards disruption but also promises a no-compromises approach to highly distributed identity and access management (IAM).

Get Access

Already a Client?

Log in to read this document.

Become a Forrester Client

Customers are the new market-makers, reshaping industries and changing how businesses compete and win. Success depends on how well and how fast you respond. Forrester Research gives you insights and frameworks aligned to your role to shorten the time between a great idea and a great outcome, helping your teams win in the age of the customer. Contact us to learn more.

Purchase Report

This report is available for individual purchase ($499 USD).


Table of Contents

  • Security Pros Face An Increasingly Diverse Access Management Challenge
  • OpenID Connect Stuffs Many Identity Features Into A Single Simple Package
  • SAML Will Fade Away, But The Process Won't Be Painful

  • Look To OpenID Connect When SAML Doesn't Do The Trick

  • Evolution Is Healthy For Federated IAM And Other Loosely Coupled Things
  • Related Research Documents