OpenID Foundation’s Financial API (FAPI) Working Group has advised the foundation to start the public review period for consideration as an Implementer’s Draft for the specification: Financial API – Part 1: Read Only API Security Profile, draft 01 It is a specification that documents the security profiles of OAuth 2.0 and […]
Congratulations to the Symantec Identity team on the certification of it’s expanding OpenID Connect capabilities and their registration on the OIXnet registry. This would not have been possible without the vision and pioneering leadership of Nico Popp and the sustained support of Open Identity Exchange Vice Chairman Paul Agbabian and Brian […]
A very brief history of OpenID Connect
OpenID Connect(OIDC) 1.0 is a key component of the “Cloud Identity” family of standards. At Oracle, we have been impressed by its ability to support federated identity both for cloud business services and in the enterprise. This is the reason why we recently joined the OpenID Foundation as a Sustaining […]
OpenID Foundation Workshops provide insight and influence on important Internet identity standards. The workshop provides updates on the development of profiles of OpenID Connect as well as review progress on OpenID Connect Certification and an update on Relying Party certification. We will introduce the FastFed (Fast Federation) while providing […]
The OpenID Enhanced Authentication Profile (EAP) working group charter states that: The purpose of this working group is to develop a security and privacy profile of the OpenID Connect specifications that enable users to authenticate to OpenID Providers using strong authentication specifications. The resulting profile will enable use of IETF […]
Recently the OAuth community has been concerned with some attack vectors around mixed up clients, particularly when dynamic client registration and discovery are used with user-selected OpenID Providers. Broadly, the attacks consist of using dynamic client registration, or the compromise of an OpenID Provider (OP), to trick the Relying Party […]
In many cases, Fintech services such as aggregation services uses screen scraping and stores user passwords. This model is both brittle and insecure. To cope with the brittleness, the new OpenID Foundation Work Group invites developers, architects and technologists to contribute to an open standard approach using an API model […]
The OpenID Foundation members have approved of the following specifications as OpenID Implementer’s Drafts: Health Relationship Trust Profile for OAuth 2.0 Health Relationship Trust Profile for OpenID Connect 1.0 Health Relationship Trust Profile for User Managed Access 1.0 An Implementer’s Draft is a stable version of a specification providing intellectual […]
More often than not OpenID Foundation members vote with their feet. Members typically signal their interest in a topic or work group by participating on a spectrum from “leader to lurker” on a mailing list discussion or in a work group’s agenda setting. On important, rare occasions, real people have […]
