Current Working Groups

AB/Connect WG

The AB/Connect working group is a combined working group of the Artifact Binding (AB) Working Group and the Connect Working Group aimed at producing the OAuth 2.0 based “OpenID Connect” specifications.

Account Chooser/OpenYOLO WG

This working group is producing user interface specifications for how a relying party can implement an account chooser for both adding accounts, and selecting an account that was previously added. The specification would include a definition for the API interaction between a JavaScript widget and RP server that are being used in combination to implement an account chooser.

Enhanced Authentication Profile (EAP) WG

The purpose of this working group is to develop a security and privacy profile of the OpenID Connect specifications that enable users to authenticate to OpenID Providers using strong authentication specifications. The resulting profile will enable use of IETF Token Binding specifications with OpenID Connect and integration with FIDO relying parties and/or other strong authentication technologies.


Financial API (FAPI) WG

The goal of FAPI is to provide JSON data schemas, security and privacy recommendations and protocols to:

  • enable applications to utilize the data stored in the financial account,
  • enable applications to interact with the financial account, and
  • enable users to control the security and privacy settings.

Heart WG

The HEART Working Group intends to harmonize and develop a set of privacy and security specifications that enable an individual to control the authorization of access to RESTful health-related data sharing APIs, and to facilitate the development of interoperable implementations of these specifications by others

International Government Assurance Profile (iGov) WG

The purpose of this working group is to develop a security and privacy profile of the OpenID Connect specifications that allow users to authenticate and share consented attribute information with public sector services across the globe. The resulting profile will enable standardized integration with public sector relying parties in multiple jurisdictions. The profile will be applicable to, but not exclusively targeted at, identity broker-based implementations.



The MODRNA (Mobile Operator Discovery, Registration & autheNticAtion) WG will develop a profile of OpenID Connect intended to be appropriate for use by mobile network operators (MNOs) providing identity services to RPs and for RPs in consuming those services as well as any other party wishing to be interoperable with this profile.

Additionally, it will identify and make recommendations for additional standards items.

RISC (Risk and Incident Sharing and Coordination) WG

The goal of RISC is to provide data sharing schemas, privacy recommendations and protocols to:

  • Share information about important security events in order to thwart attackers from leveraging compromised accounts from one Service Provider to gain access to accounts on other Service Providers (mobile or web application developers and owners).
  • Enable users and providers to coordinate in order to securely restore accounts following a compromise.

Internet accounts that use email addresses or phone numbers as the primary identifier for the account will be the initial focus.