Guest Blog: OpenID Connect Relying Party Certification for mod_auth_openidc

A Note from the Executive Director  Hans Zandbelt’s blog reflects the kind of initiative that makes the OpenID Foundation a valuable resource for its members and the community at large. The OpenID Foundation Certification Program aims to promote interoperability among implementations. With over 100 certifications to date, self certification has proven […]


Announcing the 2017 OpenID Foundation Individual Community Board Member Election

The OpenID Foundation plays an important role in the interoperability of Internet identity.  This is to announce the OpenID Foundation individual community board member 2017 election schedule.  Those elected will help determine the role the Foundation plays in facilitating the creation and adoption of open identity standards. Per our bylaws, […]


OpenID Certification Adoption Continues – Well Done Symantec!   Recently updated !

Congratulations to the Symantec Identity team on the certification of it’s expanding OpenID Connect capabilities and their registration on the OIXnet registry.  This would not have been possible without the vision and pioneering leadership of Nico Popp and the sustained support of Open Identity Exchange Vice Chairman Paul Agbabian and Brian […]


Registration Open for OpenID Foundation Workshop on Monday, October 24, 2016   Recently updated !

OpenID Foundation Workshops provide insight and influence on important Internet identity standards. The workshop provides updates on the development of profiles of OpenID Connect as well as review progress on OpenID Connect Certification and an update on Relying Party certification.   We will introduce the FastFed (Fast Federation) while providing […]


Initial OpenID Connect Enhanced Authentication Profile (EAP) Specifications

The OpenID Enhanced Authentication Profile (EAP) working group charter states that: The purpose of this working group is to develop a security and privacy profile of the OpenID Connect specifications that enable users to authenticate to OpenID Providers using strong authentication specifications. The resulting profile will enable use of IETF […]


Preventing Mix-Up Attacks with OpenID Connect   Recently updated !

Recently the OAuth community has been concerned with some attack vectors around mixed up clients, particularly when dynamic client registration and discovery are used with user-selected OpenID Providers. Broadly, the attacks consist of using dynamic client registration, or the compromise of an OpenID Provider (OP), to trick the Relying Party […]