News


Notice of Vote for Implementer’s Draft of FAPI Client Initiated Backchannel Authentication (CIBA) Profile

The official voting period will be between Friday, August 16 and Friday, August 23, 2019, following the 45 day review of the specification. For the convenience of members, voting will actually open early on Friday, August 9, providing for a two-week voting period. The FAPI working group page is https://openid.net/wg/fapi/. […]


Public Review Period for FAPI Client Initiated Backchannel Authentication (CIBA) Profile Started

The OpenID OpenID FAPI Working Group recommends approval of the following specification as an OpenID Implementer’s Draft: Financial-grade API: Client Initiated Backchannel Authentication Profile An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. This note starts the 45-day public review […]


Open Letter from the OpenID Foundation to Apple Regarding Sign In with Apple

June 27, 2019 Mr. Craig Federighi Apple Senior Vice President of Software Engineering One Apple Park Way Cupertino, CA 95014 RE: Open Letter from the OpenID Foundation to Apple Regarding Sign In with Apple Dear Mr. Federighi, The OpenID Foundation applauds Apple’s efforts to allow users to login to third-party […]


OpenID Connect Federation Progress

The OpenID Connect Federation 1.0 specification is being developed to enable large-scale federations to be deployed using OpenID Connect. It enables trust among federation participants to be established through signed statements made by federation operators and organizations about federation participants. The design of this specification builds upon the experiences gained […]


Notice of Vote for Proposed Implementer’s Drafts of Two EAP Specifications

The official voting period will be between Friday, June 7, 2019 and Friday, June 14, 2019, once the 45 day review of the specifications has been completed. For the convenience of members, voting will actually remain open until Friday, June 21, 2019, providing for a two-week voting period. The Enhanced […]


Financial Data and Technology Association and OpenID Foundation in Global Agreement

Not-for-profits to campaign jointly on open finance initiatives The OpenID Foundation (OIDF), the international standardisation organisation which maintains a standard known as the Financial-grade API (FAPI), and the Financial Data and Technology Association (FDATA Global), the global trade association for companies working to promote ‘open finance’ and best practise financial […]


Public Review Period for Two Proposed EAP Implementer’s Drafts

The OpenID Enhanced Authentication Profile (EAP) Working Group recommends approval of the following specifications as OpenID Implementer’s Drafts: OpenID Connect Token Bound Authentication 1.0 OpenID Connect Extended Authentication Profile (EAP) ACR Values 1.0 The first specification enables OpenID Connect implementations to apply Token Binding to the OpenID Connect ID Token. […]


Financial Data Exchange, OpenID Foundation Take Step Towards Global Standard for Financial Data Sharing

The Financial Data Exchange (FDX) and the OpenID Foundation (OIDF) have announced an agreement to collaborate in order to advance a common technical standard for the secure exchange of consumer financial information. As online banking evolves and fintech apps grow in popularity, consumers increasingly wish to share their personal account, […]


Guest Blog: Formal Analysis of the OpenID Financial-grade API

Guest blog post by Daniel Fett (yes.com), Pedram Hosseyni, and Ralf Küsters (University of Stuttgart). The security of a web protocol is crucial, especially in the domain of financial applications and in other high-stakes environments. For identifying weaknesses in protocols and ensuring security, formal protocol analysis is the state-of-the-art method. […]


Implementer’s Drafts of Four HEART Specifications Approved

The OpenID Foundation membership has approved the following Health Relationship Trust (HEART) specifications as OpenID Implementer’s Drafts: Health Relationship Trust Profile for OAuth 2.0 Health Relationship Trust Profile for Fast Healthcare Interoperability Resources (FHIR) OAuth 2.0 Scopes Health Relationship Trust Profile for User-Managed Access 2.0 Health Relationship Trust Profile for […]