1. Today, services like authorization and authentication are delivered via APIs: JSON /
REST HTTP “endpoints.” Some of the most popular authentication API’s on the Internet
are using different profiles of OAuth2. Because consolidation increases efficiency,
Google, Microsoft, Yahoo, and others came together to define one standard profile for
OAuth 2.0 authentication: OpenID Connect.
OpenID Connect documents a single profile of OAuth2 that can be used by any Internet
domain. One standard for domain authentication will simplify security for application
developers (web and mobile), make end users more secure, and enable easier integration
of mobile devices and cloud agents.
See Toshiba Cloud TV in Action.
Specifically, OpenID Connect defines several endpoints to enable domains to offer : (1)
user authentication; (2) client registration; (3) client authentication; (4) user claims; (5)
client claims; and (6) discovery. Industry analysts are predicting that sso service is on a
trajectory for significant adoption.

2. The standard should be finalized by the end of 2013. Nat Sakimura (NTT) , Vice-
Chairman of the OpenID Foundation, has said this about OpenID Connect: “we are
done apart from formalities.”
Learn more about OpenID Connect via slides from Microsoft’s Michael B. Jones.
The partnership with Toshiba has driven the implementation of a number of features to
the OX platform. For example, they wanted to build a highly available “cluster” of
authentication servers delivered across multiple geographic regions to ensure business
continuity. This would enable Toshiba engineers to take a server out for maintenance,
and just add it back later.
Toshiba has also been helpful with testing and benchmarking. OX has been in
production there since last year, so we have also been able to observe the behavior of the
platform over time, while handling significant load.
For reasons like these, Toshiba decided in 2012 to align with OpenID Connect. As Gluu’s
open source “OX” platform performed well in the identity provider saml (“OP”)
Internop, Toshiba decided it was preferable to use OX rather than write their own
implementation.

3. Gluu has also built features to enable Toshiba to use the central publication of multi-
party federation metadata to enable globally delivered websites to trust identity
providers in different regions (Japan, US, and Europe) without persisting any personally
identifiable data outside of the region. Although JSON multiparty federation metadata is
not currently a feature of OpenID Connect, Gluu has documented its implementation at
the OpenID Foundation in the Emerging Work Section.
Toshiba is keen to promote the OX open source platform within the Smart TV Alliance,
which is why they authorized the May 1, 2013 press release. Adoption of the OX open
source platform will help members of the Smart TV Alliance collaborate on the
development of an Internet scale, interoperable security infrastructure, a goal everyone
wants to achieve.
Gluu provides services to companies that want to use the OX platform: Design, Build,
Operate, and Transfer (DBOT). We were able to help Toshiba engineers jumpstart their
development effort and to provide some tactical feature enhancements in the open
source project to support their rollout.
Article resource:-https://sites.google.com/site/thegluuserver/how-why-gluu-s-open-
source-authorization-and-authentication-platform-was-chosen-by-toshiba-for-new-
cloud-tv