Errata Corrections to JWT Secured Authorization Response Mode for OAuth 2.0 (JARM) Approved
Errata to the following specification have been approved by a vote of the OpenID Foundation members: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM) – This specification was created to bring some of the security features defined as part of OpenID Connect to OAuth 2.0 An Errata version of a specification incorporates corrections identified after the Final Specification […]
Notice of Vote to Approve Proposed Errata Corrections to JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)
This is a notice of an upcoming vote to approve proposed errata corrections to JWT Secured Authorization Response Mode for OAuth 2.0 (JARM). The official voting period will be between Monday, July 28, 2025 and Monday, August 4, 2025, once the 45 day review of the specification has been completed. For the convenience of members who […]
FAPI 2.0 Security Profile and FAPI 2.0 Message Signing: Final Conformance Tests and Certifications Now Available
The OpenID Foundation is pleased to announce the availability of conformance tests and certifications for the final versions of the FAPI 2.0 Security Profile and FAPI 2.0 Message Signing specifications for both authorization servers and OAuth clients. FAPI 2.0 Security Profile was approved as a Final specification in February 2025, and FAPI 2.0 Message Signing […]
OpenID Foundation presents at Financial Data Exchange Summit
The OpenID Foundation’s Gail Hodges and Joseph Heenan presented a talk on “If, when, and why to implement the FDX ‘blue’ security profile with FAPI 2.0” on Tuesday April 22nd for the benefit of North American attendees at the Financial Data Exchange’s Spring Global Summit held at the Gaylord National Harbor. This talk is especially […]
FAPI 2.0 Security Profile and Attacker Model Final Specifications Approved
The OpenID Foundation membership has approved the following OpenID Final Specifications: FAPI 2.0 Security Profile: https://openid.net/specs/fapi-security-profile-2_0-final.html FAPI 2.0 Attacker Model: https://openid.net/specs/fapi-attacker-model-2_0-final.html A Final Specification provides intellectual property protections to implementers of the specification and is not subject to further revision. The FAPI Final Specifications are the product of the FAPI Working Group. The voting results […]
Notice of Vote for Proposed FAPI 2.0 Security Profile and Attacker Model Final Specifications
The official voting period will be between Saturday, February 8, 2025 and Saturday, February 15, 2025 (12:00pm PT), once the 60 day review of the specifications has been completed. For the convenience of members who have completed their reviews by then, voting will actually begin on Saturday, February 1, 2025. The FAPI working group page: […]
FAPI 2.0 Conformance Tests Now Support DPoP
The OpenID Foundation is pleased to announce the release of DPoP (Demonstration of Proof-of-Possession, RFC 9449) support in FAPI 2.0 Conformance Tests. Implementers can now certify their solutions with DPoP, adding an additional layer of security for client authentication. This update follows the beta phase and addresses the community’s feedback on DPoP testing. DPoP tests […]
An Outreach Workshop for Open Banking Chile
Mike Leszcz, OpenID Foundation Operations Director This was a hybrid event with some CMF and ecosystem members participating in person in Santiago. OIDF was very fortunate to have founding member and long-time board member, John Bradley with Yubico, representing OIDF in person. The goal of the workshop was to introduce OIDF and OpenID specifications with […]
Announcing the IPSIE Working Group
The OpenID Foundation is delighted to announce the formation of the Interoperability Profiling for Secure Identity in the Enterprise (IPSIE) Working Group. This WG aims to tackle key challenges that underlie identity security in today’s enterprise environments. The Core Challenge Identity and Access Management (IAM) within the enterprise is a multifaceted endeavor, as indicated by […]
Guidance to the CFPB regarding US Open Banking
Authors: Gail Hodges, Joseph Heenan, Dima Postnikov, Mark Haine, Mike Leszcz, Elizabeth Garber Following our May 16 open letter to the Consumer Financial Protection Bureau, the OpenID Foundation has been engaged in discussions about their rule-making on Personal Financial Data Rights. This post summarizes our guidance to the CFPB. Why are we engaged? The OpenID […]