Tag Archives : OpenID Connect


Initial OpenID Connect Enhanced Authentication Profile (EAP) Specifications

The OpenID Enhanced Authentication Profile (EAP) working group charter states that: The purpose of this working group is to develop a security and privacy profile of the OpenID Connect specifications that enable users to authenticate to OpenID Providers using strong authentication specifications. The resulting profile will enable use of IETF […]


Preventing Mix-Up Attacks with OpenID Connect

Recently the OAuth community has been concerned with some attack vectors around mixed up clients, particularly when dynamic client registration and discovery are used with user-selected OpenID Providers. Broadly, the attacks consist of using dynamic client registration, or the compromise of an OpenID Provider (OP), to trick the Relying Party […]


Building on What’s Built: OpenID Certification Momentum   Recently updated !

At the OpenID Certification Launch in April 2015, 6 organizations had certified 8 OpenID Connect Provider implementations for 21 conformance profiles. Now, as you can see at http://openid.net/certification/, 14 organizations and individuals have certified 16 OpenID Connect Provider implementations for 48 conformance profiles. The OpenID Foundation has championed self-certification as […]


Announcing the OIDF iGov Working Group   Recently updated !

A recent US NIST announcement describes the newly formed OIDF International Government Assurance Profile (iGov) Working Group which is an international public and private sector collaboration that will develop an interoperable profile of OpenID Connect to allow users to authenticate and share consented attribute information in a consistent and user-centric […]


OpenID Connect’s Real Estate Identity   Recently updated !

One of the sure signs of adoption momentum is when other standards organizations, particularly those not typically involved in online identity, implement OpenID Connect and leverage self certification throughout their networks. A new member, Cal Heldenbrand shared the context for a new deployment and the value of self certification in […]


The Path Forward for Self-Certification   Recently updated !

The increasing adoption of OpenID Connect deployments has required the OpenID Foundation to develop new certification models that support the practical business, legal and technical realities of today’s Internet scale deployments. Throughout 2015, the pilot phase of OpenID Connect self-certification has been testing the efficiencies, cost effectiveness and trustworthiness of […]


Certification pilot expanded to all OIDF members   Recently updated !

The OpenID Foundation has opened the OpenID Certification pilot phase to all OpenID members, as the Board previously announced we would do in May. This enables individual and non-profit members to also self-certify OpenID Connect implementations. The OpenID Board has not yet finalized beta pricing to cover the costs of […]


Certification Accomplishments and Next Steps   Recently updated !

I’d like to take a moment and congratulate the OpenID Foundation members who made the successful OpenID Certification launch happen. By the numbers, six organizations were granted 21 certifications covering all five defined conformance profiles. See Mike Jones’ note Perspectives on the OpenID Connect Certification Launch for reflections on what […]


Final OAuth 2.0 Form Post Response Mode Specification Approved   Recently updated !

The OAuth 2.0 Form Post Response Mode specification has been approved as a Final Specification by a vote of the OpenID Foundation members. A Final Specification provides intellectual property protections to implementers of the specification and is not subject to further revision. This specification defines how to return OAuth 2.0 […]


The OpenID Foundation Launches OpenID Connect Certification Program   Recently updated !

Google, Microsoft, Ping Identity, ForgeRock, Nomura Research Institute, and PayPal OpenID Connect Deployments First to Self-Certify Conformance RSA Conference 2015, San Francisco, CA – April 22, 2015 – Today the OpenID® Foundation introduced OpenID Connect Certification – a program that enables organizations to certify that their OpenID Connect implementations conform […]