1. OpenID Connect

1.1 OpenID Connect Client Initiated Backchannel Authentication Flow (CIBA)

CIBA is a new flow for decoupled authorisation of transactions, typically at a user's smartphone.

1.2 Native SSO for Android and iOS applications

Based on a specification currently in development in the OpenID Connect working group. It will enable mobile apps to share the OpenID Connect identity and authentication of the end-user where the apps are written by the same vendor.

An extension to enable a mobile app to seamlessly sign-in the end-user into trusted web applications and sites is also being considered. The will improve the overall experience for users when moving between a mobile app and associated web sites.

2. OAuth 2.0

2.1 OAuth Incremental Authorisation

OAuth 2.0 authorisation requests that include every scope the client might ever need can result in over-scoped authorisation and a bad end-user consent experience. The draft-ietf-oauth-incremental-authz spec enhances the OAuth 2.0 authorisation protocol by adding incremental authorisation, the ability to request specific authorization scopes as needed, when they're needed, removing the requirement to request every possible scope that might be needed upfront.

2.2 OAuth 2.0 Device Authorisation Grant

Commonly known as the device flow, this OAuth grant is for designed for browserless and input constrained devices / contexts, such as smart TVs, consoles and printers. This user authorises the client on secondary device, such their smartphone or personal computer. See RFC 8628.

2.3 Support for Resource Server specific access token profiles

The Connect2id server supports a number of access token profiles, including the definition of custom profiles, there however cannot be bound to specific resources at present.

3. Performance and scaling

3.1 Stateless authorisation sessions

Optional configuration to enable stateless authorisation sessions, to encrypt the session data into the session identifier. Can be used to save database traffic and costs in large deployments.

Comments, suggestions?

Write to Connect2id support.