The purpose of this working group is to develop a security and privacy profile of the OpenID Connect specifications that enable users to authenticate to OpenID Providers using strong authentication specifications. The resulting profile will enable use of IETF Token Binding specifications with OpenID Connect and integration with FIDO relying parties and/or other strong authentication technologies.
I’m pleased to announce that two new draft OpenID specifications have been adopted by the EAP working group to meet those two goals:
- OpenID Connect Token Bound Authentication 1.0 – Defines how to apply Token Binding to OpenID Connect ID Tokens
- OpenID Connect EAP ACR Values 1.0 – Enables OpenID Connect RPs to request that specific authentication context classes be applied to authentications performed and for OPs to inform RPs whether these requests were satisfied
Please give them a read and give your feedback to the working group. Or even better yet, implement them (they’re both very straightforward) and send us your feedback!