Gluu Blog

Follow us:
Back to Blog

How & Why Gluu’s open source authorization and authentication platform was chosen by Toshiba for new Cloud TV.

Michael Schwartz May 15, 2013

Today, services like authorization and authentication are delivered via APIs: JSON / REST HTTP “endpoints.” Some of the most popular authentication API’s on the Internet are using different profiles of OAuth2. Because consolidation increases efficiency, Google, Microsoft, Yahoo, and others came together to define one standard profile for OAuth 2.0 authentication: OpenID Connect.

OpenID Connect documents a single profile of OAuth2 that can be used by any Internet domain.  One standard for domain authentication will simplify security for application developers (web and mobile), make end users more secure, and enable easier integration of mobile devices and cloud agents.

See Toshiba Cloud TV in Action.  

Specifically, OpenID Connect defines several endpoints to enable domains to offer : (1) user authentication; (2) client registration; (3) client authentication; (4) user claims; (5) client claims; and (6) discovery. Industry analysts are predicting that OpenID Connect is on a trajectory for significant adoption. The standard should be finalized by the end of 2013. Nat Sakimura (NTT) , Vice-Chairman of the OpenID Foundation, has said this about OpenID Connect: “we are done apart from formalities.

For reasons like these, Toshiba decided in 2012 to align with OpenID Connect. As Gluu’s open source “OX” platform performed well in the OpenID Connect OpenID Provider (“OP”) Internop, Toshiba decided it was preferable to use OX rather than write their own implementation.

Learn more about OpenID Connect via slides from Microsoft’s Michael B. Jones.

The partnership with Toshiba has driven the implementation of a number of features to the OX platform. For example, they wanted to build a highly available “cluster” of authentication servers delivered across multiple geographic regions to ensure business continuity. This would enable Toshiba engineers to take a server out for maintenance, and just add it back later.

Toshiba has also been helpful with testing and benchmarking. OX has been in production there since last year, so we have also been able to observe the behavior of the platform over time, while handling significant load.

Gluu has also built features to enable Toshiba to use the central publication of multi-party federation metadata to enable globally delivered websites to trust identity providers in different regions (Japan, US, and Europe) without persisting any personally identifiable data outside of the region. Although JSON multiparty federation metadata is not currently a feature of OpenID Connect, Gluu has documented its implementation at the OpenID Foundation in the Emerging Work Section, and hopes it will be included in a subsequent release:

Toshiba is keen to promote the OX open source platform within the SmartTV Alliance, which is why they authorized the May 1, 2013 press release. Adoption of the OX open source platform will help members of the SmartTV Alliance collaborate on the development of an Internet scale, interoperable security infrastructure, a goal everyone wants to achieve.

Gluu provides services to companies that want to use the OX platform: Design, Build, Operate, and Transfer (DBOT).  We were able to help Toshiba engineers jumpstart their development effort and to provide some tactical feature enhancements in the open source project to support their rollout.

Be sure to subscibe to
our RSS Feed

Mike Schwartz

Mike has been an entrepreneur and identity specialist for more than two decades. He is the technical and business visionary behind Gluu. Mike is an application security expert and has been a featured speaker at RSA Conference, Gartner Catalyst, Cloud Identity Summity (now "Identiverse") and many other security conferences around the world.

Reader Interactions