This page describes how to submit completed conformance testing results to the OpenID Foundation to request OpenID Certifications. Before submission, first all tests must be successfully passed for the desired conformance profiles and testing results gathered, as described in the instructions. All tests MUST be in the ‘FINISHED’ status. Note that results with warnings are acceptable for certification purposes.
Please note that the full supplied log files will be published as part of a successful certification and these may contain client credentials, private keys, and other potentially sensitive data that are part of the test configuration, so it is recommended to deactivate clients and revoke keys prior to submitting your results. You must make your results public by using the Publish Everything button prior to submission.
Some certification profiles require more than one test plan to be run:
- Form Post OP: The tests must be run for each of basic/hybrid/implicit that your system supports.
- All logout OP profiles: The tests must be run for each response type that your system supports.
Note that FAPI-RW and FAPI-CIBA have separate profiles for MTLS and private_key_jwt authentication – a separate submission package should be prepared for each one. FAPI-CIBA also has separate profiles for poll and ping modes.
For all other profiles, simply running the relevant test plan once is all that is required.
For each conformance profile being certified to, the following information must be submitted in its own certification package:
- A signed copy of the Certification of Conformance (docx) (PDF) naming that profile. This should use the filename
OpenID-Certification-of-Conformance.pdfin the submitted results. (A different extension such as .jpg for the scanned document may be used as appropriate.)
- A copy of the Certification Terms and Conditions document accompanying the Certification of Conformance. This must use the filename
OpenID-Certification-Terms-and-Conditions.pdfin the submitted results. (This document is not signed but is included for completeness since it is referenced from the Certification of Conformance.)
- The downloaded zip files with the logs. These can be downloaded using the ‘Download All Logs’ button on the test plan page. The original filenames for the zip files should be retained. (For Form Post / logout there may/will be multiple zip files.)
- A text file with the filename
OpenID-Certification-plan-url.txtcontaining the URL(s) for each test plan results page. For Form Post and some logout profiles there will be multiple URLs. (Note that if these URLs don’t end with
&public=true, you’ve forgotten to use the Publish Everything button.)
The certification package should consist of a single .zip file containing all the files and using the paths above. The filename should contain the name of the organization, the software being certified, the profile being certified to, the client authentication type and the current date. For example, a certification request by the ProseWare organization of its “Humongous Identity” software for the OP FAPI-RW w/MTLS profile, second implementers draft on April 1, 2019 should use a filename like
ProseWare-Humongous_Identity-OP-FAPI-RW-ID2-MTLS-1-Apr-2019.zip. If you instead tested with private_key_jwt client authentication, the filename should be like
Other example submission filenames are:
- Name of Entity (“Implementer”) Making this Certification: ProseWare
- Software or Service (“Deployment”) Name & Version #: Humongous Identity 3.14159
- OpenID Connect Conformance Profile: OP FAPI-RW ID2 OAuth-MTLS
- Conformance Test Suite Software & Version #: www.certification.openid.net 2.0.99
- Test Date: April 1, 2019
- Authorized Signature: HQB
- Name: Harry Q. Bovik
- Title: Senior Computer Scientist
- Date: April 1, 2019
- Implementer’s Name: Jane Doe
- Implementer’s Title: Programmer Extraordinaire
- Implementer’s Phone: +1 (412) 555-1234
- Implementer’s Email: firstname.lastname@example.org
- Implementer’s Address: 5000 Forbes Ave.
- Implementer’s City, State/Province, Postal Code: Pittsburgh, PA 15213
- Implementer’s Country: United States of America
The conformance test suite software version number you used can be found on the results page for your test plan.
The certification package must be sent to the OpenID Foundation as an attachment at email@example.com. The subject line of the e-mail request should be along the lines of “Certification request by ProseWare of Humongous Identity for the Basic OP profile”. If receipt of the submission is not acknowledged within two days (or three days if over a weekend), feel free to inquire about whether it was received by e-mailing a message without the attachment (to keep the size of the inquiry small) to firstname.lastname@example.org, cc’ing email@example.com. Please note that the attachments MUST be less than 25 MB in size.
A fee is required for certifications unless the conformance profile is still in the pilot phase. See the OpenID Certification Fee Schedule page for more information. Please pay for your certification application at the Certification Payment page when you make your submission.