Category Archives : Specs


Notice of Vote for Implementer’s Draft of “Financial API – Part 1: Read Only API Security Profile”

The official voting period will be between Friday, February 3 and Friday, February 10, 2017, following the 45 day review of the specification. For the convenience of members, voting will actually open a week before Friday, February 3 on Friday, January 27 for members who have completed their reviews by […]


Public Review Period for “Financial API – Part 1: Read Only API Security Profile” Started   Recently updated !

OpenID Foundation’s Financial API (FAPI) Working Group has advised the foundation to start the public review period for consideration as an Implementer’s Draft for the specification: Financial API – Part 1: Read Only API Security Profile, draft 01 It is a specification that documents the security profiles of OAuth 2.0 and […]


Initial OpenID Connect Enhanced Authentication Profile (EAP) Specifications

The OpenID Enhanced Authentication Profile (EAP) working group charter states that: The purpose of this working group is to develop a security and privacy profile of the OpenID Connect specifications that enable users to authenticate to OpenID Providers using strong authentication specifications. The resulting profile will enable use of IETF […]


HEART Implementer’s Drafts Approved

The OpenID Foundation members have approved of the following specifications as OpenID Implementer’s Drafts: Health Relationship Trust Profile for OAuth 2.0 Health Relationship Trust Profile for OpenID Connect 1.0 Health Relationship Trust Profile for User Managed Access 1.0 An Implementer’s Draft is a stable version of a specification providing intellectual […]


Review of Proposed Implementer’s Drafts of HEART Specifications

The OpenID HEART Working Group recommends approval of the following specifications as OpenID Implementer’s Drafts: Health Relationship Trust Profile for OAuth 2.0 Health Relationship Trust Profile for OpenID Connect 1.0 Health Relationship Trust Profile for User Managed Access 1.0 An Implementer’s Draft is a stable version of a specification providing […]


Introducing RISC: Working together to protect users

According to a recent Gallup poll, more people are worried about their online accounts being hacked than having their home broken into.With more and more of our digital lives accessible online, attackers are redoubling efforts to steal our personal information, and increasingly exploiting the interconnectedness of web services and apps […]


Final OAuth 2.0 Form Post Response Mode Specification Approved

The OAuth 2.0 Form Post Response Mode specification has been approved as a Final Specification by a vote of the OpenID Foundation members. A Final Specification provides intellectual property protections to implementers of the specification and is not subject to further revision. This specification defines how to return OAuth 2.0 […]


Final OpenID 2.0 to OpenID Connect Migration Specification Approved

The OpenID 2.0 to OpenID Connect Migration specification has been approved as a Final Specification by a vote of the OpenID Foundation members. A Final Specification provides intellectual property protections to implementers of the specification and is not subject to further revision. This specification defines how to migrate from OpenID […]