In this episode of Identity, Unlocked, principal architect at Auth0 and podcast host Vittorio Bertocci speaks with Sam Goto, software engineer working on Google Chrome, and George Fletcher, Identity Standards architect at Verizon, on the ever-changing world of identity protocols for internet browsers.
Sam focuses on working with browsers to create better functionality in their foundation protocol by determining the good and bad uses of low-level primitives, such as third-party cookies, iFrames, and pop-ups. In particular, Sam highlights how such primitives are being used by trackers and ad services to track users, often without their knowledge or consent- and how that is prompting browser vendors to put new limits to prevent abuses. There is a precedent for this: Sam gives the example of how over time, web apps increasingly abused low-level primitives such as pop-ups- and how browsers eventually put restrictions on them to give a better user experience. Browser vendors are now attempting to do the same to prevent unwanted tracking; however, those interventions are disrupting legitimate scenarios too- identity protocols being one of the most important ones, and the very reason we are having this conversation on Identity, Unlocked. Sam then talks about how browsers are looking to fix these problems by building higher level primitives to replace the low-level ones, but that even these high-level primitives face challenges.
George explains the many problems the modifications to browsers can cause for Identity and OpenID Connect. George also goes into detail about the protocols being implemented between browsers, relying on parties and IdPs for what happens if an IdP goes down, as well as the RP classification and decentralized identity.
Vittorio, Sam, and George go in depth on the state of browser changes and identity protocol today and what’s in store for their futures.
Distinguishing between good and bad motives of low level primitives:
What’s happening to identity protocols as browser authentication changes:
Sam talks about the potential for other browsers to integrate Web ID and the new challenges that would come about:
George points out key problems to solving the RP classification problem:
George’s Call to Action:
Sam’s Call to Action:
- Connect with Sam Goto on LinkedIn
- Connect with Sam Goto on Twitter
- Connect with George Fletcher on LinkedIn
- Connect with George Fletcher on Twitter
- Learn more about Identity, Unlocked
- Learn more about Auth0
- Learn more about the sponsor for this season, the OpenID Foundation
Identity, Unlocked is the podcast that discusses identity specs and trends from a developer perspective. Identity, Unlocked is powered by Auth0. Vittorio Bertocci is Principal Architect at Auth0 and applies his vast knowledge of the identity industry to Auth0 in all aspects of the company, including internal and external education, product innovation, and customer integration.
Auth0 by Okta takes a modern approach to customer identity and enables organizations to provide secure access to any application, for any user. Auth0 is a highly customizable platform that is as simple as development teams want, and as flexible as they need. Safeguarding billions of login transactions each month, Auth0 delivers convenience, privacy, and security so customers can focus on innovation. For more information, visit https://auth0.com.