In this episode of Identity, Unlocked, principal architect at Auth0 and podcast host Vittorio Bertocci interviews Dick Hardt. Dick is the founder of SignIn.org, and he and Vittorio discuss the genesis and goals of a new IETF working group Dick helped to establish and served as chair until June 2020- the Grant Negotiation and Authorization Protocol (GNAP).
As the conversation begins, Dick overviews his background as a mechanical engineer moving into and working within the field of identity, highlights how he maneuvered ahead of the tech curve throughout his career, brings listeners to the current moment and his work to solve internet identification with SignIn.org, and talks about meeting Vittorio. Moving forward, he and Vittorio jump right into their discussion of GNAP, with Vittorio asking what it is and what problem it aims to solve.
Vittorio also wants to explore how GNAP was developed, and Dick explains how a Birds of a Feather working group was formed, a community and interest were built, and a mailing list and meeting were planned. The decision was made to create a new group apart from OAuth, and Dick clarifies that the GNAP working group does not feel constrained by existing technology; GNAP does not need to be backward-compatible, but Dick still hopes that the transition to GNAP will be smooth for those who use it. Further, Dick explains the two drafts behind GNAP, which together form the basis for going forward.[IMPORTANT: the episode was recorded in August 2020. Earlier this month (November 2020), the GNAP working group adopted one draft. You can find it on the working group’s documents page at https://datatracker.ietf.org/wg/gnap/documents/]. He then goes into detail, addressing his work on consumer identification at SignIn.org and the way in which GNAP might enable smooth functioning of SignIn.org’s program. Vittorio and Dick explore the significance of SignIn.org’s browser-based model, the interaction element of GNAP, and more!
[7:37] - What is GNAP and what problem does it solve?
[11:54] - What are the main issues in OAuth2, and what is the general idea of GNAP?
[17:16] - How was the working group formed?
[26:27] - What is SignIn.org?
[33:20] - There is interaction within GNAP.
Identity, Unlocked is the podcast that discusses identity specs and trends from a developer perspective. Identity, Unlocked is powered by Auth0. Vittorio Bertocci is Principal Architect at Auth0 and applies his vast knowledge of the identity industry to Auth0 in all aspects of the company, including internal and external education, product innovation, and customer integration.
Auth0 provides a platform to authenticate, authorize, and secure access for applications, devices, and users. Security and application teams rely on Auth0's simplicity, extensibility, and expertise to make identity work for everyone. Safeguarding billions of login transactions each month, Auth0 secures identities so innovators can innovate, and empowers global enterprises to deliver trusted, superior digital experiences to their customers around the world.