Last Friday in Palo Alto, CA, VMWare® hosted a face-to-face meeting of the NAPPS (Native Applications) working group of the OpenID® Foundation. The NAPPS WG is defining a profile of OpenID Connect that will enable an SSO (single sign-on) experience across both web and native mobile applications.
Currently, SSO across mobile services is not consistent across web-based and native mobile apps. The proliferation of native mobile apps requires a non-proprietary mechanism for enabling secure SSO for user experience as well as security integrity. This is where industry standards can add tremendous value in the market by ensuring a well documented, proven and interoperable framework that any provider can adopt with the confidence that the standard will evolve as requirements expand and new technologies become available--and protect themselves against vendor lock-in through proprietary mechanisms.
The meeting was both a forum for working group participants to continue the technical discussions that normally happen on the NAPPS mail list, as well as an educational session for NAPPS newcomers. With over 60 participants, the room was full with representatives ranging from Centrify™, Google, VMWare, Airwatch™, MobileIron®, Good™, Novell®, OneLogin and Samsung. There was a mix of use case discussions, technical proposals and presentations from participants on their developments around Native SSO--either based on the draft NAPPS spec or otherwise.
We'll have another similar meeting in the Mountain View area around the time of IIW (Internet Identity Workshop) in late October. More information as to specific timing will be posted to the NAPPS mail list. If you're in the area, come join us!