What's happening at OTTO?
This year we started with a talk by Roland Hedberg, primary author of OpenID Connect Federation 1.0 - draft 01. One of the unique approaches of this federation draft is the use of "metadata statements", which include information about a federation participant, and the services it offers. The IT Architect at an organization submits an initial metadata statement to the federation operator, and then system administrators and developers at the organization submit additional information about the services. All of these metadata statements are bundled into one aggregated JWT. It makes sense for OTTO to leverage the OIDC Federation spec. An OTTO federation could provide a way to publish the public key of the organization. Also, a central federation could provide discovery services for the members of the ecosystem.
Work is proceeding on developing the API's and schema for OTTO. One of the drivers is the CCICADA project, which was approved in mid January. This project is the first real world application of OTTO. Gluu had already developed an OTTO API server, but the use cases presented by this project are helping to flush out the security and schema, and will result in end-to-end testing.
In the next three months, we expect the first draft of OTTO to be complete. The primary focus will be on OpenID Connect Providers, Relying Parties, and Trustmarks.