Preventing Mix-Up Attacks with OpenID Connect

Recently the OAuth community has been concerned with some attack vectors around mixed up clients, particularly when dynamic client registration and discovery are used with user-selected OpenID Providers. Broadly, the attacks consist of using dynamic client registration, or the compromise of an OpenID Provider (OP), to trick the Relying Party […]


Announcing the Financial API (FAPI) Working Group

In many cases, Fintech services such as aggregation services uses screen scraping and stores user passwords. This model is both brittle and insecure. To cope with the brittleness, the new OpenID Foundation Work Group invites developers, architects and technologists to contribute to an open standard approach using an API model […]


HEART Implementer’s Drafts Approved

The OpenID Foundation members have approved of the following specifications as OpenID Implementer’s Drafts: Health Relationship Trust Profile for OAuth 2.0 Health Relationship Trust Profile for OpenID Connect 1.0 Health Relationship Trust Profile for User Managed Access 1.0 An Implementer’s Draft is a stable version of a specification providing intellectual […]


Vote Early and Often!

More often than not OpenID Foundation members vote with their feet. Members typically signal their interest in a topic or work group by participating on a spectrum from “leader to lurker” on a mailing list discussion or in a work group’s agenda setting. On important, rare occasions, real people have […]


New OpenID Foundation Board Leadership

Thanks to all who voted for representatives to the OpenID Foundation Board of Directors.  George Fletcher of AOL will begin a new two year term as the community member representative. His continued leadership on the Executive Committee ensures continuity on important initiatives like OpenID Connect Certification and his deep technical expertise will […]


Registration Now Open for OpenID Foundation Workshop on Monday, April 25, 2016

OpenID Foundation Workshops provide insight and influence on important internet identity standards.  The workshop provides updates on the adoption of OpenID Connect across industry sectors. We’ll review progress on OpenID Connect Certification and gather feedback for planned Relying Party certification. Work Group Leaders will overview the MODRNA (Mobile Profile of […]


Leaders Lead

The inaugural meeting of the iGov Working Group took place on Wednesday, January 14th where three co-chairs were elected by acclamation. John Bradley of Ping Identity, Paul Grassi of the US NIST and Adam Cooper of the UK Cabinet Office Identity Assurance Program are the elected co-chairs. Acclamation may be […]


Announcing The OpenID Foundation Individual Community Board Member 2016 Election

The OpenID Foundation plays an important role in the interoperability of Internet identity. This is to announce the OpenID Foundation Individual community board member 2016 election schedule. Those elected will help determine the role the Foundation plays in facilitating the adoption of open identity standards. Per our bylaws, Individual community […]


Review of Proposed Implementer’s Drafts of HEART Specifications

The OpenID HEART Working Group recommends approval of the following specifications as OpenID Implementer’s Drafts: Health Relationship Trust Profile for OAuth 2.0 Health Relationship Trust Profile for OpenID Connect 1.0 Health Relationship Trust Profile for User Managed Access 1.0 An Implementer’s Draft is a stable version of a specification providing […]