The Overview
In this episode of Identity, Unlocked, principal architect at Auth0 and podcast host Vittorio Bertocci interviews Dick Hardt. Dick is the founder of SignIn.org, and he and Vittorio discuss the genesis and goals of a new IETF working group Dick helped to establish and served as chair until June 2020- the Grant Negotiation and Authorization Protocol (GNAP).
As the conversation begins, Dick overviews his background as a mechanical engineer moving into and working within the field of identity, highlights how he maneuvered ahead of the tech curve throughout his career, brings listeners to the current moment and his work to solve internet identification with SignIn.org, and talks about meeting Vittorio. Moving forward, he and Vittorio jump right into their discussion of GNAP, with Vittorio asking what it is and what problem it aims to solve.
Vittorio also wants to explore how GNAP was developed, and Dick explains how a Birds of a Feather working group was formed, a community and interest were built, and a mailing list and meeting were planned. The decision was made to create a new group apart from OAuth, and Dick clarifies that the GNAP working group does not feel constrained by existing technology; GNAP does not need to be backward-compatible, but Dick still hopes that the transition to GNAP will be smooth for those who use it. Further, Dick explains the two drafts behind GNAP, which together form the basis for going forward.[IMPORTANT: the episode was recorded in August 2020. Earlier this month (November 2020), the GNAP working group adopted one draft. You can find it on the working group’s documents page at https://datatracker.ietf.org/wg/gnap/documents/]. He then goes into detail, addressing his work on consumer identification at SignIn.org and the way in which GNAP might enable smooth functioning of SignIn.org’s program. Vittorio and Dick explore the significance of SignIn.org’s browser-based model, the interaction element of GNAP, and more!
Key Takeaways:
[7:37] - What is GNAP and what problem does it solve?
[11:54] - What are the main issues in OAuth2, and what is the general idea of GNAP?
[17:16] - How was the working group formed?
[26:27] - What is SignIn.org?
[33:20] - There is interaction within GNAP.
Links/Resources:
Learn more about Dick Hardt and follow him on Twitter
Learn more about SignIn.org
Learn more about GNAP
Learn more about OAuth
Vittorio Bertocci on LinkedIn
Vittorio Bertocci on Twitter
Learn more about Identity, Unlocked
Learn more about Auth0
Identity, Unlocked
Identity, Unlocked is the podcast that discusses identity specs and trends from a developer perspective. Identity, Unlocked is powered by Auth0. Vittorio Bertocci is Principal Architect at Auth0 and applies his vast knowledge of the identity industry to Auth0 in all aspects of the company, including internal and external education, product innovation, and customer integration.
About Auth0
Auth0 by Okta takes a modern approach to customer identity and enables organizations to provide secure access to any application, for any user. Auth0 is a highly customizable platform that is as simple as development teams want, and as flexible as they need. Safeguarding billions of login transactions each month, Auth0 delivers convenience, privacy, and security so customers can focus on innovation. For more information, visit https://auth0.com.
About the author
Vittorio Bertocci
Principal Architect