iTranslated by AI
Reflections on OpenID Summit Tokyo 2024
Introduction
Recently, I attended an event called OpenID Summit Tokyo 2024, and I'd like to share my thoughts on it.
Motivation for Participating
I learned about this event through a post by OpenID Foundation JP on X (formerly Twitter). Having developed authentication and authorization infrastructure in my previous job, I was very interested in the content. On the other hand, in my current position, I have few opportunities for auth-related development, so my motivation for studying this area had been declining a bit. Therefore, I decided to participate with the hope of boosting my motivation again and hearing from renowned experts in this field.
Impressions and Takeaways
My Motivation Increased
As expected, listening to talks about OpenID and digital identity throughout the day significantly boosted my motivation. It was especially meaningful to hear live presentations from such prominent figures.
I'd Love to See a Live Stream
Since I live in Ehime, I hesitated quite a bit about whether to attend this event. While there are unique benefits to offline events, I felt that there should be a mechanism to make it easier for people living far away to participate.
What would be good to learn
I felt that a broader range of knowledge is necessary, not just OAuth, OIDC, and SAML. In particular, I felt that I should read NIST SP 800-63-4 (draft), which was mentioned several times during the sessions.
Other good learning resources seem to be Mr. Sakimura's and the OpenID Foundation Japan's YouTube channels.
It also seems helpful to refer to Mr. Kurabayashi's articles.
How to Read RFCs
This was something Ayokura-san talked about, and it was a new discovery for me that RFCs almost always have a "Security Considerations" section, which is a good place to read. I often skipped this section, but apparently, reading it is essential for understanding the intent and purpose of the specifications.
The Song "Identity"
At the venue, Vocaloid songs were playing for some reason whenever speakers came on stage. At first, I wondered if it was a song specially created for this event, but I found out it was a song titled Identity. It's quite interesting that a song seemingly made for digital identity was released two years ago.
OAuth-tan and Connec-tan
People who enter the authentication industry might occasionally see these characters, but I don't think their names are very well known. I learned at this event that the one on the left is OAuth-tan and the one on the right is Connec-tan.
Personally Interesting Sessions
While all the sessions were interesting, I personally found the talk titled "How ID Technology/ID Teams Have Contributed to Business Growth - SoftBank's Initiatives" particularly fascinating.
It was interesting to hear about how, in the era of feature phones, it was easy to log in by identifying subscribers via the carrier's network, but as smartphones became popular and shifted to standard internet connections, inquiries skyrocketed. This led them to introduce OpenID and add cellular line possession authentication. Since I'm usually involved in web development, the challenges unique to carrier networks were refreshing to hear about.
Furthermore, regarding the growth of the ID development organization, the message that the organization must not become a bottleneck for business growth was excellent. They mentioned that while developing and operating their own authentication infrastructure, they are also verifying whether it is actually sustainable to keep updating it. Since hiring and managing experts in authentication and authorization internally is quite difficult, and with various IDaaS solutions available today, adopting such services could be a viable option.
Conclusion
Overall, OpenID Summit Tokyo 2024 was a highly satisfying event. I heard it is held roughly every four years, so I definitely want to participate next time.
Discussion