Latest News

Current news about the OpenID Foundation and the community at large. Please visit the News Archive to view news older than two years.

AuthZEN Authorization API 1.0 Implementer’s Draft Approved

The OpenID Foundation membership has approved the following AuthZEN specifications as an OpenID Implementer’s Draft: Authorization API 1.0 Implementer’s Draft: https://openid.net/specs/authorization-api-1_0-01.html An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. This Implementer’s Draft is a product of the AuthZEN Working

Read More »

For the Record: The IPSIE WG and OpenID Foundation Processes

We recently shared some exciting news about a new Working Group, Interoperability Profiling for Secure Identity in the Enterprise (IPSIE). However, there have been some misunderstandings in the media coverage that followed the OpenID Foundation’s announcement. The OIDF is keen to clarify our ways of working and affirm that all

Read More »

FAPI 2.0 Conformance Tests Now Support DPoP

The OpenID Foundation is pleased to announce the release of DPoP (Demonstration of Proof-of-Possession, RFC 9449) support in FAPI 2.0 Conformance Tests. Implementers can now certify their solutions with DPoP, adding an additional layer of security for client authentication. This update follows the beta phase and addresses the community’s feedback

Read More »

Public Review Period for Proposed Implementer’s Draft of OpenID4VP Specification

The OpenID AB/Connect Working Group recommends approval of the following specification as an OpenID Implementer’s Draft: OpenID4VP: https://openid.net/specs/openid-4-verifiable-presentations-1_0-22.html This would be the third Implementer’s Draft of this specification. This version has 3 major changes: Introduces the Digital Credentials Query Language; this is an alternative to Presentation Exchange Introduces the transaction data mechanism

Read More »

Revisions to OpenID Process Document and IPR Policy Approved

A subgroup of OpenID Foundation board members and key staff have been working to update the “OpenID Process” document based on issues raised by some board members to ensure the document aligns with how the Foundation currently works. This update addresses those original issues and also identified a significant number

Read More »

Announcing the IPSIE Working Group

The OpenID Foundation is delighted to announce the formation of the Interoperability Profiling for Secure Identity in the Enterprise (IPSIE) Working Group. This WG aims to tackle key challenges that underlie identity security in today’s enterprise environments.  The Core Challenge Identity and Access Management (IAM) within the enterprise is a

Read More »

10 Years On: OpenID Connect Published as an ISO/IEC Spec

The OpenID Connect Final specification was launched on February 26, 2014 with a vision of increased security, privacy, and usability on the internet. Ten years after that publication, we are delighted to announce that 9 OpenID Connect specifications are now published as ISO/IEC standards. ISO/IEC 26131:2024 — Information technology —

Read More »

Three OpenID Connect for Identity Assurance Final Specifications Approved

The OpenID Foundation membership has approved the following three OpenID Connect for Identity Assurance specifications as an OpenID Final Specifications:   OpenID Identity Assurance Schema Definition 1.0 – https://openid.net/specs/openid-ida-verified-claims-1_0-final.html OpenID Connect for Identity Assurance Claims Registration 1.0 – https://openid.net/specs/openid-connect-4-ida-claims-1_0-final.html OpenID Connect for Identity Assurance 1.0 – https://openid.net/specs/openid-connect-4-identity-assurance-1_0-final.html   A Final Specification provides intellectual

Read More »

Announcing the Death and the Digital Estate Community Group

By Dean H. Saxe I am happy to announce the formation of the Death and the Digital Estate Community Group (DADE CG).  DADE CG has been created as a space for the OpenID Foundation and identity community to develop an understanding of how individuals can manage their digital estate in

Read More »

Accelerating mDL Adoption in the United States

The OpenID Foundation is delighted to announce that it is one of 15 parties to a Collaborative Research and Development Agreement (CRADA) with the National Cybersecurity Council Center of Excellence. This project will accelerate digital identity adoption in the United States. Its first use case supports financial institutions to meet

Read More »

Proposed Revisions to OpenID Process Document and IPR Policy

Dear OpenID Foundation Members, A subgroup of OpenID Foundation board members and key staff have been working to update the “OpenID Process” document based on issues raised by some board members to ensure the document aligns with how the Foundation currently works. This update addresses those original issues and also

Read More »

OIDF to Co-Host Mobile Drivers License Hackathons

Image sourced from Chat GPT The OpenID Foundation is proud to co-host two Hackathons with the California Department of Motor Vehicles (DMV) in support of their Mobile Drivers License (mDL) pilot. What is the Project? In 2021, the California legislature authorized the DMV to start an mDL pilot, and since

Read More »

Three Shared Signals Implementer’s Drafts Approved

The OpenID Foundation membership has approved the following three Shared Signals specifications as OpenID Implementer’s Drafts: OpenID Shared Signals Framework Specification 1.0: https://openid.net/specs/openid-sharedsignals-framework-1_0-ID3.html OpenID Continuous Access Evaluation Profile 1.0: https://openid.net/specs/openid-caep-1_0-ID2.html CAEP Interoperability Profile 1.0: https://openid.net/specs/openid-caep-interoperability-profile-1_0-ID1.html An Implementer’s Draft is a stable version of a specification providing intellectual property protections to

Read More »

GAIN Community Group: An Update

Over the last two years, the GAIN POC Community Group has been working steadily on demonstrating that disparate digital identity implementations can be integrated. We have been through two cycles that largely ended up with the same high-level process: Agree specifics Implement code changes Integrate & demonstrate interoperability The two

Read More »

Fourth Implementer’s Draft of OpenID Federation Approved

The OpenID Foundation membership has approved the following specification as an OpenID Implementer’s Draft: OpenID Federation 1.0 This is the fourth Implementer’s Draft of this specification. An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. This specification is a product

Read More »

Guidance to the CFPB regarding US Open Banking

Authors: Gail Hodges, Joseph Heenan, Dima Postnikov, Mark Haine, Mike Leszcz, Elizabeth Garber  Following our May 16 open letter to the Consumer Financial Protection Bureau, the OpenID Foundation has been engaged in discussions about their rule-making on Personal Financial Data Rights. This post summarizes our guidance to the CFPB. Why

Read More »

All Aboard the CAEP-Ability Hype Train!

Authors: Sean O’Dell (Disney), Atul Tulshibagwale (SGNL) An Identiverse 2024 Panel Recap The attendance for this panel, which featured all co-chairs of the Shared Signals Working Group (SSWG), was near capacity and the engagement from the audience in the Q&A was resounding…because the hype is real with CAEP. The panel

Read More »

New Shared Signals Drafts

Authors / Shared Signals Co-Chairs: Atul Tulshibagwale, SGNL; Shayne Miel, Cisco; Sean O’Dell, Disney; and Tim Cappalli, Okta The OpenID SSWG has released three new drafts for review by the OpenID Foundation membership. We would like to describe the salient features of these drafts here. At the end of the

Read More »

OpenID for Verifiable Credentials Wins EIC Award!

The OpenID Foundation is proud to announce that, for the work building the “OpenID for Verifiable Credentials” family of specifications, members of the Digital Credentials Protocol (DCP) Work Group won the “Future Technologies and Standards” award at the European Identity and Cloud Conference. For the last several years, this group

Read More »

Public Review Period for Three Shared Signals Drafts

The OpenID Shared Signals Working Group recommends approval of the following three specifications as OpenID Implementer’s Drafts: Shared Signals Framework Draft 03 Other formats: TXT, XML, MD CAEP Draft 03 Other formats: TXT, XML, MD CAEP Interoperability Profile Draft 00 Other formats: TXT, XML, MD An Implementer’s Draft is a stable version

Read More »

Digital Identity at the G20

On June 18, 2024 the OpenID Foundation’s Executive Director, Gail Hodges, spoke about Digital Identity at the G20 during the Digital Government and Inclusion Workshop. The following are her prepared remarks.   Bom dia and hello. I’d first like to applaud the Brazilian Government for your impressive work on Digital

Read More »

AuthZEN Work Group Announces Authorization Interop Results

Conformance with the AuthZEN request/response protocol marks a significant milestone in simplifying and standardizing authorization approaches   The OpenID Foundation led the standardization of authentication protocols with OpenID Connect and now we are proud to host the AuthZEN Working Group as they seek to do the same for authorization.” —

Read More »

AI for Identity Standards

The OpenID Foundation recently convened a panel on Artificial Intelligence and Identity Standards. The panelists included: Nancy Cam-Winget, Cisco Kaelig Deloumeau-Prigent, Netlify Mike Kiser, SailPoint Geraint Rogers, Daon Gail Hodges, OpenID Foundation (moderator) This summary draws out general themes and comments are not attributed to individuals or their organizations. Technology

Read More »

Letter to the CFPB on US Open Banking

The Honorable Rohit ChopraDirectorConsumer Financial Protection Bureau 1700 G St NWWashington, DC 20552  rohit.chopra@cfpb.gov May 16, 2024 Director Chopra, The OpenID Foundation is a non-profit organization whose mission is to lead the global community in creating open standards that are secure, interoperable and privacy-preserving. As part of that mission, we have

Read More »

OIDF Welcomes Mastercard to the Board

The OpenID Foundation (OIDF) is thrilled to welcome Mastercard to the Board of Directors as a Sustaining Member. Since joining in 2022 as a Corporate Member, Mastercard has been involved in several OIDF Work Groups. The Foundation welcomes Mastercard as a global technology leader in the payments industry.  “Mastercard have

Read More »

Post-Quantum Identity Standards

Image generated by Dall-e At its pre-IIW workshop on Monday, April 14, the OpenID Foundation convened a panel on Post-Quantum Computing and Identity. The panelists included: Andrea D’Intino, Dyne.org Nancy Cam-Winget, Cisco John Bradley, Yubico Rick Byers, Google Gail Hodges, OpenID Foundation (moderator) This summary draws out general themes and

Read More »

Shared Signals: Enhanced Security for All

Last month, at the Gartner Identity and Access Management Summit in London, industry leaders showcased successful, interoperable implementations of the Shared Signals Framework (SSF) and Continuous Access Evaluation Profile (CAEP). This included Okta, SailPoint, and Cisco as well as security startups SGNL, VeriClouds, and Helisoft.  The SSF suite of standards

Read More »

Implementer’s Draft of OpenID for Verifiable Credential Issuance Approved

The OpenID Foundation membership has approved the following specification as an OpenID Implementer’s Draft: OpenID for Verifiable Credential Issuance 1.0 This is the first Implementer’s Draft of this specification. An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. This specification

Read More »

OpenID Summit Tokyo 2024 and Celebrating 10 Years of OpenID Connect

OpenID Foundation Japan (OIDF-J) hosted the OpenID Summit Tokyo 2024 in Shibuya Tokyo on Friday, January 19, 2024 with over 250 in attendance. The OpenID Foundation (OIDF) was thrilled to be a part of the Summit that included contributors from Japan and abroad presenting on current digital identity, security, and

Read More »

Formal Security Analysis of OpenID for Verifiable Credentials

The first in-depth security analysis of OpenID for Verifiable Credentials has been completed, with the goal of increasing confidence in the security of these specifications. The formal security analysis includes the protocols OpenID for Verifiable Credential Issuance (OID4VCI) and OpenID for Verifiable Presentations (OID4VP), both part of the OpenID for

Read More »

2024 OpenID Foundation Board of Directors Election Results

I want to personally thank all OpenID Foundation members who voted in the 2024 elections for representatives to the OpenID Foundation board of directors. Please note that the OpenID Foundation board of directors unanimously approved updated Bylaws at a board meeting on November 16, 2023, with full details, including a

Read More »

Second Errata Set for OpenID Connect Specifications Approved

Errata to the following specifications have been approved by a vote of the OpenID Foundation members: OpenID Connect Core 1.0 – Defines the core OpenID Connect functionality: authentication built on top of OAuth 2.0 and the use of Claims to communicate information about the End-User OpenID Connect Discovery 1.0 –

Read More »

The Importance of OpenID Foundation Shared Signals Framework

Published December, 2023, revised February 14, 2024 to confirm interoperability demonstration at Gartner IAM conference held in London, UK. Blog authored by Apoorva Deshpande, Engineering Leader, Okta. The OpenID Foundation Shared Signals Framework (SSF) is an emerging and promising standard for sharing security signals between trusted parties. It has the

Read More »

Announcing the 2024 OpenID Foundation Community Representatives Election

This is to announce the 2024 OpenID Foundation Community Representatives election schedule. Those elected will help guide the Foundation’s efforts in facilitating the development and adoption of important open identity standards enabling global interoperability as well as the strategic direction of the Foundation. Please note that the OpenID Foundation board of

Read More »

Second Implementer’s Draft of Shared Signals Framework Specification Approved

The OpenID Foundation membership has approved the following Shared Signals specifications as OpenID Implementer’s Drafts: OpenID Shared Signals Framework Specification An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. This is the second Shared Signals Framework Implementer’s Drafts. The Implementer’s

Read More »

OpenID Foundation Updates Bylaws

The OpenID Foundation board of directors unanimously approved updating the Foundation’s Bylaws by a 75% supermajority vote as required by the Bylaws (Section 9.2 Bylaw Amendments) at the November 16, 2023 board meeting. The new Bylaws are effective as of November 16, 2023. From the founding of the OpenID Foundation,

Read More »

OpenID Foundation Joins CAMARA

Published November 21, 2023, revised November 22, 2023 to include Deutsche Telekom quote. The OpenID Foundation is pleased to announce that it has joined the Linux Foundation’s CAMARA project as an Associate Member. CAMARA is an open source project within Linux Foundation that defines, develops and tests the APIs enabling

Read More »

What’s New in the Shared Signals Framework?

Authors: Atul Tulshibagwale (SGNL), Apoorva Deshpande (Okta), and Shayne Miel (Cisco Duo). A new draft of the Shared Signals Framework has been released for public review. Here’s how it is different from the previous version. The OpenID Shared Signals Working Group (SSWG) has made important changes to the Shared Signals

Read More »

Review of Second Proposed Errata Set for OpenID Connect Specifications

The OpenID Connect Working Group recommends the approval of Errata corrections to the following specifications: OpenID Connect Core 1.0 – Defines the core OpenID Connect functionality: authentication built on top of OAuth 2.0 and the use of Claims to communicate information about the End-User OpenID Connect Discovery 1.0 – Defines how Relying

Read More »

Announcing the Authorization Exchange (AuthZEN) Working Group

A new working group has been accepted by the OpenID Foundation (OIDF) Specs Council that will focus on increasing interoperability of authorization systems. The new working group, called  Authorization Exchange (AuthZEN), resulted from a series of conversations at the two most recent Identiverse conferences. After this year’s event, it was

Read More »

OpenID Foundation Announces New Whitepaper Process

The OpenID Foundation is pleased to announce a new Whitepaper Process as approved by the Board of Directors on October 9, 2023.  OIDF-led and co-led whitepapers help ecosystem stakeholders understand the wider landscape and the role of OIDF standards within that wider landscape. Such whitepapers make OIDF’s global, technical expertise more accessible to ecosystem stakeholders,

Read More »

Public Review Period for Shared Signals Framework Specification

The OpenID Shared Signals Working Group recommends approval of the following specification as OpenID Implementer’s Draft: OpenID Shared Signals Framework Specification This would be the second Implementer’s Draft of this specification. An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification.

Read More »

A Major Step Towards Interoperable Identity Assurance

By Mark Haine & Drummond Reed A persistent goal of digital identity technology is to enable relying parties to reach the level of identity assurance they need to proceed with any specific interaction. Although there are many descriptions of “identity assurance levels”, such as the three levels defined in the NIST

Read More »

Announcing the Digital Credentials Protocols Working Group

Announcing the Digital Credentials Protocols Working Group The OpenID Foundation (OIDF) Specs Council has accepted a proposal to create a new working group as a dedicated home of the OpenID for Verifiable Credentials specs family. The new working group is designated as “Digital Credentials Protocols Working Group” (DCP WG). The

Read More »

Announcing “GAIN in 2023” Whitepaper

We are delighted to announce the joint publication of “GAIN in 2023” which is a collaboration between  six organizations who continue to pursue the vision of interoperable high trust identity networks, as articulated in the “GAIN Digital Trust” paper, published in 2021 by 156 independent identity industry experts and stakeholders.

Read More »

Second Implementer’s Draft of Grant Management for OAuth 2.0 Approved

The OpenID Foundation membership has approved the following Financial-grade API (FAPI) specification as an OpenID Implementer’s Draft: Grant Management for OAuth 2.0 An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. This is the first Implementer’s Draft of this specification.

Read More »

Open for Comment “Human-Centric Identity: a primer for government officials”

Government officials, policymakers, technologists, legal scholars, and human rights advocates are invited to offer feedback on a new white paper “Human-Centric Identity: a primer for government officials”. This follows the publication of “Government-issued Digital Credentials and the Privacy Landscape” (Flanagan, 2023), which delved into challenges of creating a globally viable

Read More »

OpenID Foundation Announces FAPI-RW App2app Certification Launched

Global interoperability, a common cause among many national and industry groups, seems especially urgent these days, especially in matters of security. Interop requires open standards, a “best idea wins” debate among experts and patience, lots of patience. The Financial-Grade API Working Group has a singular focus on developing its security

Read More »

Implementer’s Draft of FAPI 2.0 Message Signing Approved

The OpenID Foundation membership has approved the following Financial-grade API (FAPI) specification as an OpenID Implementer’s Draft: FAPI 2.0 Message Signing An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. This is the first Implementer’s Draft of this specification. The

Read More »

First FAPI 2.0 Certifications Published

OpenID Foundation is pleased to announce that the first set of FAPI 2.0 self-certifications have been published and can now be viewed on the Certification Listings. We congratulate Authlete, Cloudentity, ConnectID, Ping Identity, and Raidiam for achieving compliance with the current FAPI 2.0 certifications and for being thought leaders on

Read More »

Second Implementer’s Draft of OpenID for Verifiable Presentations Specification Approved

Second Implementer’s Draft of OpenID for Verifiable Presentations Specification Approved The OpenID Foundation membership has approved the following specification as an OpenID Implementer’s Draft: OpenID for Verifiable Presentations An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. This is the

Read More »

Announcing the 2023 OpenID Foundation Kim Cameron Award Recipients

The OpenID Foundation is pleased to announce the 2023 Kim Cameron award recipients. The goal of the awards is to increase representation from young people’s who’ve demonstrated an interest in subjects consistent with best practices and identity standards that are secure, interoperable, and privacy preserving. First, many thanks to the

Read More »

FAPI 2.0 Conformance Tests and Certifications Now Available

The OpenID Foundation is pleased to announce the availability of certification tests for both FAPI 2.0 Security Profile Implementers Draft 2and the upcoming first Implementer’s Draft of FAPI 2.0 Message Signing. The FAPI Working Group has taken many of the learnings from FAPI 1.0 and also formulated an attacker model,

Read More »

Public Review Period for Proposed Second Implementer’s Draft of OpenID for Verifiable Presentations Specification

The OpenID Connect Working Group recommends approval of the following specification as an OpenID Implementer’s Draft: OpenID for Verifiable Presentations This would be the second Implementer’s Draft of this specification. An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. This

Read More »

OpenID Foundation Joins the OpenWallet Foundation

OpenID Foundation Workshops provide technical insight and influence on current digital identity standards while offering a collaborative platform to openly address current trends and market opportunities. This OpenID Foundation Workshop includes a number of presentations focused on 2023 Foundation key initiatives as well as updates on active working groups.

Read More »

2023 OpenID Foundation Kim Cameron Awards Now Open for Submissions

Overview The OpenID Foundation board of directors established the OpenID Foundation Kim Cameron Award Program in May 2022. Our goal is to encourage representation from young people who have an interest in subjects consistent with the OpenID Foundation Mission, in creating identity standards that are secure, interoperable, and privacy preserving.

Read More »

2023 OpenID Foundation Board of Directors Election Results

I want to personally thank all Foundation members who voted in the 2023 elections for representatives to the OpenID Foundation board of directors. Each year Corporate members of the Foundation elect a member to represent them on the board with all Corporate members in good standing eligible to nominate and

Read More »

Second Implementer’s Drafts of Two FAPI 2.0 Specifications Approved

The OpenID Foundation membership has approved the following Financial-grade API (FAPI) specifications as OpenID Implementer’s Drafts: FAPI 2.0 Security Profile FAPI 2.0 Attacker Model An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. These are the second FAPI 2.0 Implementer’s

Read More »

Second Implementer’s Drafts of Two FAPI 2.0 Specifications Approved

The OpenID Foundation membership has approved the following Financial-grade API (FAPI) specifications as OpenID Implementer’s Drafts: FAPI 2.0 Security Profile FAPI 2.0 Attacker Model An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. These are the second FAPI 2.0 Implementer’s

Read More »

Implementer’s Draft of OpenID Connect Native SSO for Mobile Apps Approved

The OpenID Foundation membership has approved the following specification as an OpenID Implementer’s Draft: OpenID Connect Native SSO for Mobile Apps 1.0 This is the first Implementer’s Draft of this specification. An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification.

Read More »

FAPI 2.0 – Announcing New Drafts and Security Analysis

The OpenID Foundation’s FAPI working group is pleased to announce the public review period has started for new Implementer’s Drafts of the FAPI 2.0 Security Profile and the FAPI 2.0 Attacker Model. These drafts coincide with the recently completed formal security analysis of the FAPI 2.0 specifications, the result of

Read More »

Initiating User Registration via OpenID Connect is now a Final Specification

The OpenID Foundation membership has approved the following OpenID Connect specification as an OpenID Final Specification: Initiating User Registration via OpenID Connect A Final Specification provides intellectual property protections to implementers of the specification and is not subject to further revision. The Final Specification is available at: https://openid.net/specs/openid-connect-prompt-create-1_0-final.html The voting

Read More »

Unmet Authentication Requirements is now a Final Specification

The OpenID Foundation membership has approved the following OpenID Connect specification as an OpenID Final Specification: OpenID Connect Core Error Code unmet_authentication_requirements A Final Specification provides intellectual property protections to implementers of the specification and is not subject to further revision. The Final Specification is available at: https://openid.net/specs/openid-connect-unmet-authentication-requirements-1_0-final.html The voting

Read More »

Public Review Period for Two Proposed FAPI 2.0 Second Implementer’s Drafts

The OpenID Financial-grade API (FAPI) Working Group recommends approval of the following specifications as OpenID Implementer’s Drafts: FAPI 2.0 Security Profile FAPI 2.0 Attacker Model An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. This note starts the 45-day public

Read More »

Fourth Implementer’s Draft of OpenID Connect for Identity Assurance Specification Approved

The OpenID Foundation membership has approved the following specification as an OpenID Implementer’s Draft: OpenID Connect for Identity Assurance 1.0 An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. This is the fourth Implementer’s Draft of this specification. This specification

Read More »

The OpenID Connect Logout specifications are now Final Specifications

The OpenID Foundation membership has approved the following OpenID Connect specifications as OpenID Final Specifications: OpenID Connect Session Management 1.0 OpenID Connect Front-Channel Logout 1.0 OpenID Connect Back-Channel Logout 1.0 OpenID Connect RP-Initiated Logout 1.0 A Final Specification provides intellectual property protections to implementers of the specification and is not

Read More »

Public Review Period for Proposed Final JWT Secured Authorization Response Mode for OAuth 2.0 (JARM) Specification

The OpenID Financial-grade API (FAPI) Working Group recommends approval of the following specification as an OpenID Final Specification: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM) A Final Specification provides intellectual property protections to implementers of the specification and is not subject to further revision. This note starts the

Read More »

Second Implementer’s Draft of RISC Profile Approved

The OpenID Foundation membership has approved the following Shared Signals and Events (SSE) specification as an OpenID Implementer’s Draft: OpenID RISC Profile Specification 1.0 An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. The Implementer’s Draft is available at: https://openid.net/specs/openid-risc-profile-specification-1_0-ID2.html

Read More »

Public Review Period for Proposed Final OpenID Connect Logout Specifications

The OpenID OpenID Connect Working Group recommends approval of the following specifications as OpenID Final Specifications: OpenID Connect Session Management 1.0 OpenID Connect Front-Channel Logout 1.0 OpenID Connect Back-Channel Logout 1.0 OpenID Connect RP-Initiated Logout 1.0 A Final Specification provides intellectual property protections to implementers of the specification and is

Read More »

Public Review Period for Second Proposed RISC Profile Implementer’s Draft

The OpenID Shared Signals and Events (SSE) Working Group recommends approval of the following specification as an OpenID Implementer’s Draft: OpenID RISC Profile Specification 1.0 An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. This note starts the 45-day public

Read More »

2022 OpenID Foundation Kim Cameron Award Recipients Announced

The OpenID Foundation is pleased to announce the first cohort of awardees for inaugural launch of the Kim Cameron Award Program. We first must thank the many well-qualified applicants who presented compelling interest in user-centric identity.  The Foundation anticipates future opportunities for similar awards. The Foundation also thanks our partners;

Read More »

Announcing the 2022 OpenID Foundation Kim Cameron Award

Overview The OpenID Foundation Board has resolve to begin the OpenID Foundation Kim Cameron Award Program in May 2022. Increasing representation from young people’s who’ve demonstrated an interest in subjects consistent with the OpenID Foundation Mission, to lead the global community in creating identity standards that are secure, interoperable, and

Read More »

First Implementer’s Drafts of OpenID Connect SIOPV2 and OIDC4VP Specifications Approved

The OpenID Foundation membership has approved the following specifications as OpenID Implementer’s Drafts: Self-Issued OpenID Provider v2 OpenID Connect for Verifiable Presentations An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. These are the first Implementer’s Drafts of these specifications.

Read More »

First Implementer’s Draft of Initiating User Registration via OpenID Connect Approved

The OpenID Foundation membership has approved the following specification as an OpenID Implementer’s Draft: Initiating User Registration via OpenID Connect An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. This is the first Implementer’s Draft of this specification. This specification

Read More »

2022 OpenID Foundation Board Election Results

Thank you to all members who voted in the 2022 elections for representatives to the OpenID Foundation Board of Directors. As per the Foundation’s bylaws, three individual board members represent the membership and the community at large. Nat Sakimura and John Bradley both have one year remaining on their two-year

Read More »

First Public Review Period for OpenID Connect SIOPV2 and OIDC4VP Specifications Started

The OpenID Connect Working Group recommends approval of the following specifications as OpenID Implementer’s Drafts: Self-Issued OpenID Provider v2 OpenID Connect for Verifiable Presentations These would be the first Implementer’s Drafts of these specifications. An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers

Read More »

The OpenID Foundation Welcomes Visa to the Board of Directors

The OpenID Foundation is pleased to welcome David Henstock, Head of Identity Products at Visa to the board of directors as a sustaining member. Visa joins an accomplished group of identity thought leaders including, Cisco, Google, KDDI, Microsoft, NRI Secure, Okta, Ping Identity, Verizon and Yahoo Ad Tech. The Board

Read More »

In Praise of Kim Cameron

Much is made of attributes like “opinion leader”, “domain expert”, and “mentor”. Kim Cameron was all that and much more. Our colleague Joerg Resch has eloquently memorialized Kim’s many contributions to our industry as “fundamentally influencing the way we think about and deal with privacy and digital identity”. Not only

Read More »

FDX’s Financial-Grade API Security Specification v3.4 Supports the FAPI 1.0 Advanced and CIBA Standards

The OpenID Foundation is delighted see the Financial Data Exchange’s recent announcement that  FDX’s Financial-Grade API Security Specification v3.4 (companion to FDX API v5) supports the FAPI 1.0 Advanced and CIBA standards: “Alignment with Globally Interoperable Standards – The FDX API Security Specification v3.4 now references, supports and recommends utilization of

Read More »

Third Implementer’s Draft of OpenID Connect Federation Specification Approved

The OpenID Foundation membership has approved the following specification as an OpenID Implementer’s Draft: OpenID Connect Federation 1.0 An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. This is the third Implementer’s Draft of this specification. This specification is a

Read More »

Third Implementer’s Draft of OpenID Connect for Identity Assurance Specification Approved

The OpenID Foundation membership has approved the following specification as an OpenID Implementer’s Draft: OpenID Connect for Identity Assurance 1.0 An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. This is the third Implementer’s Draft of this specification. This specification

Read More »

Opportunity to Join the OpenID Foundation Certification Team

The OpenID Foundation is pleased to announce that it is looking to add a part-time member to the successful OpenID Certification program team. The OpenID Foundation enables deployments of OpenID Connect and the Financial-grade API (FAPI) to be certified to specific conformance profiles to promote interoperability among implementations. Later in 2021, the Foundation will

Read More »

Announcing the GAIN POC Pre-launch “Listening Tour”

As a follow up to our blog announcement on September 20th heralding our plans to host the Global Assured Identity Network POC, we are delighted to kickoff our GAIN POC pre-launch “listening tour.”   The objective of these sessions is to gather input for shaping the Community Group program targeted to launch

Read More »

Implementer’s Draft of FAPI Grant Management Approved

The OpenID Foundation membership has approved the following Financial-grade API (FAPI) specification as an OpenID Implementer’s Draft: Grant Management for OAuth 2.0 An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. The Implementer’s Draft is available at: https://openid.net/specs/fapi-grant-management-ID1.html The voting

Read More »

Global Assured Identity Network White Paper

The Global Assured Identity Network White Paper was the centerpiece of the OpenID Foundation’s  Chairman Nat Sakimura’s keynote at the European Identity Conference just a few days ago. His presentation can be found at https://nat.sakimura.org/2021/09/14/announcing-gain/. Nat describes GAIN as an overlay network on top of the Internet with all its participants identity proofed.

Read More »

Third Public Review Period for OpenID Connect Federation Specification Started

The OpenID Connect Working Group recommends approval of the following specification as an OpenID Implementer’s Draft: OpenID Connect Federation 1.0 This would be the third Implementer’s Draft of this specification. An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. This

Read More »

OpenID Connect Client-Initiated Backchannel Authentication (CIBA) Core is now a Final Specification

The OpenID Foundation membership has approved the following MODRNA specification as an OpenID Final Specification: OpenID Connect Client-Initiated Backchannel Authentication Flow – Core 1.0 A Final Specification provides intellectual property protections to implementers of the specification and is not subject to further revision. The Final Specification is available at: https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0-final.html

Read More »

Shared Signals: An Open Standard for Webhooks

New OpenID Foundation draft enables secure and privacy protected webhooks to power an “API-First” world Author: Atul Tulshibagwale   APIs are an increasingly important aspect of software today, and “API-First” is the mantra being followed in a lot of new software development. A critical aspect of efficient APIs is their

Read More »

Implementer’s Drafts of Two SSE Specifications Approved

The OpenID Foundation membership has approved the following Shared Signals and Events (SSE) specifications as OpenID Implementer’s Drafts: OpenID Shared Signals and Events Framework Specification OpenID Continuous Access Evaluation Profile An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. These

Read More »

Implementer’s Drafts of Two FAPI 2.0 Specifications Approved

The OpenID Foundation membership has approved the following Financial-grade API (FAPI) specifications as OpenID Implementer’s Drafts: FAPI 2.0 Baseline Profile FAPI 2.0 Attacker Model An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. These are the first FAPI 2.0 Implementer’s

Read More »

Public Review Period for Proposed FAPI Grant Management Implementer’s Draft

The OpenID Financial-grade API (FAPI) Working Group recommends approval of the following specification as an OpenID Implementer’s Draft: Grant Management for OAuth 2.0 An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. This note starts the 45-day public review period

Read More »

Public Review Period for Proposed RISC Profile Implementer’s Draft

The OpenID Shared Signals and Events (SSE) Working Group recommends approval of the following specification as an OpenID Implementer’s Draft: OpenID RISC Profile Specification An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. This note starts the 45-day public review

Read More »

Open Banking Brazil’s Adoption of Financial-grade API (FAPI) & FAPI Certification

The OpenID Foundation is pleased to announce the availability of Financial-grade API (FAPI) OP and dynamic client registration (DCR) tests for open banking Brazil. Release notes can be found here: https://gitlab.com/openid/conformance-suite/-/tags/release-v4.1.15 Brazil recently published their open banking technology stack including the security and identity standards that the financial services sector must adopt

Read More »

Public Review Period for Proposed Final OpenID Connect Client-Initiated Backchannel Authentication (CIBA) Core Specification

The OpenID MODRNA Working Group recommends approval of the following specification as an OpenID Final Specification: OpenID Connect Client-Initiated Backchannel Authentication Flow – Core 1.0 A Final Specification provides intellectual property protections to implementers of the specification and is not subject to further revision. This note starts the 60-day public

Read More »

Public Review Period for Two Proposed SSE Implementer’s Drafts

The OpenID Shared Signals and Events (SSE) Working Group recommends approval of the following specifications as OpenID Implementer’s Drafts: OpenID Shared Signals and Events Framework Specification OpenID Continuous Access Evaluation Profile An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification.

Read More »

Public Review Period for Proposed Final OpenID Connect Client-Initiated Backchannel Authentication (CIBA) Core Specification

The OpenID MODRNA Working Group recommends approval of the following specification as an OpenID Final Specification: OpenID Connect Client-Initiated Backchannel Authentication Flow – Core 1.0 A Final Specification provides intellectual property protections to implementers of the specification and is not subject to further revision. This note starts the 60-day public

Read More »

Public Review Period for Two Proposed FAPI 2.0 Implementer’s Drafts

The OpenID Financial-grade API (FAPI) Working Group recommends approval of the following specifications as OpenID Implementer’s Drafts: FAPI 2.0 Baseline Profile FAPI 2.0 Attacker Model An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. This note starts the 45-day public

Read More »

Welcoming Gail Hodges as Our New Executive Director

The OpenID Foundation is thrilled to welcome Gail Hodges as the new Executive Director of the OpenID Foundation. Those of you who already know Gail know that she’s passionate about enabling digital identity to serve the public good. She has extensive experience both in the digital identity space – for

Read More »

Guest Blog: Financial-grade API (FAPI), Explained by an Implementer – Updated

NOTE: This article was updated to align to the FAPI 1.0 Final version which was published in March, 2021. CLICK HERE TO VIEW THIS BLOG IN PORTUGUESE Introduction Financial-grade API (FAPI) is a technical specification that Financial-grade API Working Group of OpenID Foundation has developed. It uses OAuth 2.0 and OpenID Connect (OIDC) as its base and defines additional technical requirements

Read More »

The 7 Laws of Identity Standards

The OpenID Foundation is proud to participate in the first ever ‘Identity Management Day,’ an annual awareness event that will take place on the second Tuesday in April each year. The inaugural Identity Management Day is April 13, 2021. Founded by the Identity Defined Security Alliance (IDSA), the mission of Identity Management Day

Read More »

Guest Blog: SecureAuth’s OpenID Foundation Membership Drives Interoperability and Authentication for Customer Identity Security Across Cloud and Mobile

Today, SecureAuth is an official member of the OpenID Foundation a non-profit international standardization organization committed to enabling, promoting and protecting OpenID technologies. As a distinguished member of the Foundation, SecureAuth also now has a voice in the elections for the governing body. SecureAuth Innovation Labs is dedicated to actively

Read More »

FAPI 1.0 Part 1 and Part 2 are now Final Specifications

The OpenID Foundation membership has approved the following Financial-grade API (FAPI) specifications as OpenID Final Specifications: Financial-grade API 1.0 – Part 1: Baseline Security Profile Financial-grade API 1.0 – Part 2: Advanced Security Profile A Final Specification provides intellectual property protections to implementers of the specification and is not subject

Read More »

The Identity, Unlocked “eKYC with Mark Haine” Podcast Now Live

The OpenID Foundation is pleased to sponsor the Identity, Unlocked podcast. This week’s episode “eKYC with Mark Haine” features host Vittorio Bertocci and special guest Mark Haine. The episode focuses on the work of the OpenID Foundation’s eKYC & Identity Assurance Working Group. Mark Haine is the Director at considrd.consulting

Read More »

OpenID Foundation Announces Increases to Membership Dues in 2021

The OpenID Foundation is a non-profit international standardization organization of individuals and companies committed to enabling, promoting, and protecting OpenID technologies. Formed in June 2007, the Foundation serves as a public trust organization representing the open community of developers, vendors, and users. The Foundation assists the community by providing needed

Read More »

Resolution Thanking Don Thibeau for his Service

The OpenID Foundation Board of Directors unanimously approved the following resolution, proposed by Mike Jones and seconded by John Bradley, thanking Don Thibeau for his service: Resolved: The OpenID Foundation board thanks Don Thibeau for his exemplary service to the OpenID Foundation and the worldwide identity community during his decade-long

Read More »

An Update on the Collaboration of Technology Tools and Legal Rules

The US Federal Reserve is participating in a Committee on Payments and Market Infrastructures (CPMI) Cross-border Payments Task Force to identify ways to promote cross-border payments that are faster, less expensive and more transparent and inclusive. With the CPMI’s initiative to improve cross-border payments (and their upcoming conference https://lnkd.in/dBmT9q6), the Institute

Read More »

2021 OpenID Foundation Board Update

Thank you to all who voted in the 2021 elections for representatives to the OpenID Foundation Board of Directors. As per our bylaws, three individual board members represent the membership and the community at large. As George Fletcher has one year remaining on his 2-year term, I want to thank

Read More »

Ministry of Economy, Trade and Industry and OpenID Foundation in Liaison Agreement on eKYC & IDA for Legal Entities

The OpenID Foundation (OIDF), the international standards development organization which maintains the OpenID Connect for Identity Assurance (OIDC4IDA) standard, and the Japanese Government’s Ministry of Economy, Trade and Industry (METI) have signed a liaison agreement to work together. Under the agreement, METI will lead policy efforts to implement identity assurance

Read More »

“Exploring Financial-grade API (FAPI) with Torsten” Podcast is Live

The OpenID Foundation is pleased to sponsor the Identity, Unlocked second season premiere podcast featuring host Vittorio Bertocci and special guest Torsten Lodderstedt, “Exploring Financial-grade API (FAPI) with Torsten”. Torsten is a long time member of and contributor to the OpenID Foundation. Torsten has contributed significantly to the FAPI security

Read More »

Update on OpenID Foundation Leadership Transition

Dear OpenID Foundation Members: This is to update the OpenID Foundation community on our leadership transition and plans for 2021. We’ve enlisted the support of Women in Identity, IDPro and other groups to insure a broad international search and a diversity of backgrounds for the Foundation’s next Executive Director. Our

Read More »

First Implementer’s Drafts of Three FastFed Specifications Approved

The OpenID Foundation membership has approved the following Fast Federation (FastFed) specifications as OpenID Implementer’s Drafts: FastFed Core 1.0 FastFed Basic SAML Profile 1.0 FastFed Basic SCIM Profile 1.0 An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. These are

Read More »

Second Implementer’s Draft of OpenID Connect User Questioning API Specification Approved

The OpenID Foundation membership has approved the following specification as an OpenID Implementer’s Draft: OpenID Connect User Questioning API 1.0 An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. This is the second Implementer’s Draft of this specification. This specification

Read More »