OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner.
OpenID Connect performs many of the same tasks as OpenID 2.0, but does so in a way that is API-friendly, and usable by native and mobile applications. OpenID Connect defines optional mechanisms for robust signing and encryption. Whereas integration of OAuth 1.0a and OpenID 2.0 required an extension, in OpenID Connect, OAuth 2.0 capabilities are integrated with the protocol itself.
The OpenID Connect 1.0 specification consists of eight documents:
OpenID Connect also uses a number of other specifications, which are also shown in the diagram below. Click on the boxes in the diagram to view each specification.
The easiest way to monitor progress on the OpenID Connect 1.0 Specification is to join the mailing list at http://lists.openid.net/mailman/listinfo/openid-specs-ab.
Please note that while anyone can join the mailing list as a read-only recipient, posting to the mailing list or contributing to the specifications requires the submission of an IPR Agreement. More information is available at http://openid.net/intellectual-property. Make sure to specify the working group as “OpenID AB/Connect”, because this group is a merged working group and both names must be specified.
The working group specification repository is kept at http://svn.openid.net/repos/specifications/connect/1.0/. In this repository, only approved sub-versions are committed. If you want to live on the edge, go to http://hg.openid.net/connect/ where we keep edit by edit commits. These edits make it into SVN once they are approved by the editors.
Interop testing for OpenID Connect implementations is under way. If you are interested in participating in the interop activities, join the OpenID Connect Interop mailing list.
We are working on reference endpoints for developers and early adopters to use; stay tuned for information on the provider and client samples as they become available. Implementers are already using one another’s endpoints for testing in the current OpenID Connect Interop.
The OpenID Connect specifications are functionally complete. A first set of Implementer’s Drafts was approved in February, 2012. Feedback on these drafts based upon experience with implementations and deployments has been incorporated into the specifications; new Implementer’s Drafts incorporating that feedback will be published in May, 2013.
The OpenID Connect working group is currently waiting for the IETF specifications that OpenID Connect depends upon to stabilize before publishing final specifications. People are encouraged to deploy the current specifications and continue providing feedback on them.
See more details at the OpenID Connect Working Group Page.