Submission of Results for RPs


This page describes how to submit completed RP conformance testing results to the OpenID Foundation to request OpenID Certifications. Before submission, first all tests must be successfully passed for the desired conformance profiles and testing results gathered, as described in the RP testing instructions. Note that results with warnings are acceptable for certification purposes.

While the Basic profile requires only one set of test runs (for the code response type), the Implicit profile requires two (for the id_token and id_token+token response types), and the Hybrid profile requires three (for the code+id_token, code+token, and code+id_token+token response types). The Config and Dynamic profiles require only one set of test runs each, which are performed using the code response type.

For each conformance profile being certified to, the following information must be submitted in its own certification package:

  • A signed copy of the Certification of Conformance (docx) (PDF) naming that profile. This should use the filename OpenID-Certification-of-Conformance.pdf in the submitted results. (A different extension such as .jpg for the scanned document may be used as appropriate.)
  • A copy of the Certification Terms and Conditions document accompanying the Certification of Conformance. This must use the filename OpenID-Certification-Terms-and-Conditions.pdf in the submitted results. (This document is not signed but is included for completeness since it is referenced from the Certification of Conformance.)
  • Test log files for each test in the profile (which are text file) for each response_type value required for the profile. Each log file should either be retrieved from the log page https://rp.certification.openid.net:8080/log/RP_ID/TEST_ID and saved with the filename response_type/test-ID.txt or from https://rp.certification.openid.net:8080/log/RP_ID/. For instance, the filename id_token+token/rp-id_token-bad-sig-rs256.txt should be used for the log of running the bad ID Token signature test with the “id_token token” response type. Note that the log file must demonstrate that the intended response_type was used when running the test.
  • Evidence demonstrating the behavior of the relying party when the test is run for each response_type value required for the profile. This can take the form of RP log files, screen captures (image files), or both. For instance, the filename id_token+token/rp-id_token-bad-sig-rs256.log could be used for an RP log file confirming that the error was detected and handled by the RP when the ID Token signature is invalid and the test is run with the “id_token token” response type. Or the filename id_token+token/rp-id_token-bad-sig-rs256.png could be used for the screen shot of the error shown by the RP. (A different extension such as .jpg for the screen shot may also be used.)
  • A readme.txt file describing how third parties can determine from the log files and/or screen shots included that the RP behaved as specified for each test instance. (readme.html or readme.docx files are also fine.)
  • Other pertinent material may also be included if described in the readme.txt file.

The certification package should consist of a single .zip or .tar file containing all the files and using the paths above. The filename should contain the name of the organization, the software being certified, the profile being certified to, and the current date. For example, a certification request by the ProseWare organization of its “Humongous Identity” software for the RP Basic profile on December 13, 2016 should use a filename like ProseWare-Humongous_Identity-RP-Basic-13-Dec-2016.zip.

Example values for the blanks in the Certification of Conformance (docx) (PDF) are as follows:

  • Name of Entity (“Implementer”) Making this Certification: ProseWare
  • Software or Service (“Deployment”) Name & Version #: Humongous Identity 3.14159
  • OpenID Connect Conformance Profile: Basic Relying Party
  • Conformance Test Suite Software & Version #: rp.certification.openid.net 1.0.3
  • Test Date: December 10, 2016
  • Authorized Signature: HQB
  • Name: Harry Q. Bovik
  • Title: Senior Computer Scientist
  • Date: December 13, 2016
  • Implementer’s Name: Jane Doe
  • Implementer’s Title: Programmer Extraordinaire
  • Implementer’s Phone: +1 (412) 555-1234
  • Implementer’s Email: jane@proseware.org
  • Implementer’s Address: 5000 Forbes Ave.
  • Implementer’s City, State/Province, Postal Code: Pittsburgh, PA 15213
  • Implementer’s Country: United States of America

The conformance test suite software version number can be found at the bottom right of the testing Web pages and at the top of the log files.

Contents for several certification submission examples can be viewed at Certification Submission Examples. These examples show the expected contents of the .zip or .tar files for certification submissions for each conformance profile.

The certification package must be sent to the OpenID Foundation as an attachment at certification@oidf.org. The subject line of the e-mail request should be along the lines of “Certification request by ProseWare of Humongous Identity for the Basic RP profile”. If receipt the submission is not acknowledged within two days (or three days if over a weekend), feel free to inquire about whether it was received by e-mailing a message without the attachment (to keep the size of the inquiry small) to certification@oidf.org, cc’ing director@oidf.org.

Now that the pilot phase of Relying Party certification has completed, a fee is required for certifications of Relying Parties. The fee is intentionally low, to encourage participation, but is there to help cover the ongoing costs of operating the certification program. The price to OpenID foundation members is US$ 200.00 per deployment. The price to non-members is US$ 999.00 for certifying a new deployment. However, the non-member price for certifying a new deployment of an already-certified implementation is only US$ 499.00. These prices enable participants to certify a deployment to as many profiles as they choose within a calendar year for this one payment. For instance, a member could certify to the RP Basic and RP Config profiles by paying US$ 200.00 and then later add certifications for RP Implicit, RP Hybrid, and RP Dyanmic within the same calendar year at no additional cost.

Please pay for your certification application at the Certification Payment page when you send in your submission. See the OpenID Certification Fee Schedule page for more information.