The OpenID Foundation Launches OpenID Connect Certification Program

Published April 17, 2015

OpenID Certified mark

Google, Microsoft, Ping Identity, ForgeRock, Nomura Research Institute, and PayPal
OpenID Connect Deployments First to Self-Certify Conformance

RSA Conference 2015, San Francisco, CA – April 22, 2015 – Today the OpenID® Foundation introduced OpenID Connect Certification – a program that enables organizations to certify that their OpenID Connect implementations conform to specified profiles of the OpenID Connect standard. The certification program is a tool to ensure that implementations by different parties will successfully interoperate. OpenID Connect is a secure, mobile-ready, privacy-enhancing open identity standard. It has been widely adopted since its finalization last year during the 2014 RSA Conference. The OpenID Certification program provides important assurances to the global community of developers that the Internet identity services that certifying organizations have deployed reliably conform to the OpenID Connect standard. The goal is that OpenID Certified implementations will “just work” with one another. Google, Microsoft, ForgeRock, Ping Identity, Nomura Research Institute, and PayPal are the first industry leaders to participate in the OpenID Connect Certification program and certify that their implementations conform to one or more of the profiles of OpenID Connect standard. Overview of OpenID Connect Certification Program Process The OpenID Connect Certification program is based on self-certification – a formal public declaration by an entity that its specific identified deployment of a product or service meets the requirements of specified conformance profiles of the OpenID Connect standard, as demonstrated by passing a set of self-administered conformance tests for those profiles. With self-certification, the organization implementing an OpenID Connect deployment tests its own deployment via the OpenID Connect Conformance Test Suite™ software and verifies that it conforms to one or more defined OpenID Connect profiles. Once the tests for a profile are successfully completed, the organization signs and submits to the OpenID Foundation a Certification of Conformance attesting that it successfully completed the software tests, and asserting that its deployment conforms to the designated OpenID Connect profile. Following submission of the required materials, the self-certifications are published. These certifications are also registered by the OpenID Foundation at the Open Identity Exchange’s publically accessible identity registry, known as OIXnet. The OpenID Foundation is taking a phased approach to rolling out the OpenID Connect Certification program. The initial phase is now complete, launching with the certification of OpenID Connect identity providers by Google, Microsoft, ForgeRock, Ping Identity, Nomura Research Institute, and PayPal. The next phase will add relying party certification and make self-certification available to all OIDF members in good standing starting in May 2015. The planned third phase in the roadmap will make the OpenID Connect Certification program generally available in January 2016. The OpenID Certification testing suite is open source software that was developed in cooperation with Umeå University in Sweden, with its development also partially supported by the European Union GÉANT project under a grant to promote interoperability of digital identity systems. Comments by Industry Leaders “The rapid adoption of OpenID Connect worldwide required us to create light-weight certification processes to meet the growing volume, velocity and variety of online transactions,” said Don Thibeau, Executive Director of the OpenID Foundation. “Self-certification is an important tool created and vetted by industry leaders. These intense competitors have come together to build a more secure and trusted Internet identity ecosystem.” “Widely-available secure interoperable digital identity is the key to enabling easy-to-use, high-value cloud-based services and applications available for people to use on the devices they love,” said Alex Simons, Director of Program Management for Microsoft Active Directory. “Certification of Azure Active Directory and additional products to come helps assure developers, customers, and partners that OpenID Connect will just work.” “This program enables us to build conformance testing into our ongoing engineering process which ensures that Google's system for managing users' account information remains interoperable with apps and web sites across the Internet,” said Eric Sachs, Product Management Director for Identity. “Ping Identity lives and breathes open identity standards. They are key to the expertise and experience that we provide to our clients. The OpenID certification of Ping deployments is proof positive of the interoperability today’s enterprise requires,” said Andre Durand, CEO of Ping Identity. “ForgeRock is at the center of multiple open standards communities globally as we pride ourselves on our open architecture and user-centric focus. We see OpenID Connect self-certification providing the reliability and consistency that the market demands,” said Lasse Andresen, CTO of ForgeRock. “As a leader in payment services, PayPal is continually investing in its security infrastructure to ensure consumers have a seamless experience whether they’re on their mobile, online or in store. We have always embraced open standards, and this initiative further raises the bar on assurance for our consumers when they use PayPal across the digital ecosystem,” said Raj Mata, Sr. Director, Platform Product Management. “PayPal is excited to be part of this effort to make interoperable digital identity a reality across platforms and vendors.” “NRI Group has been working on the identity standards for over a decade and is happy to ‘Self-certify’ both our open source implementation and the product provided through NRI Secure Technologies, our security solution subsidiary,” said Hiroshi Masutani, Senior Managing Director of Nomura Research Institute. “Self-certification is a low overhead, low cost, scalable open source option that’s another tool to provide robust services based on an open standard. The registration of the OpenID Connect self-certifications will increase trust through transparency and enable increased interoperability.” “The OIXnet Registry and the OpenID Connect test suite will be hosted by Symantec to ensure the security of the trust framework resources and certifications,” said Vice Chairman of OIX Paul Agbabian, VP, Fellow, and CTO, Enterprise Security Business at Symantec. “As a global leader in security, we are excited to lend our expertise and be a part of these valuable efforts.” About OpenID Connect OpenID Connect is a secure, mobile-ready, privacy-enhancing open identity standard. OpenID Connect has been widely adopted since its finalization in 2014. Further information about OpenID Connect and the OpenID Connect Self-Certification program is available at and About the OpenID Foundation The OpenID Foundation is an international non-profit organization of individuals and companies committed to enabling, promoting and protecting OpenID technologies. Formed in June 2007, the foundation serves as a public trust organization representing the open community of developers, vendors, and users. The OIDF assists the community by providing needed infrastructure and help in promoting and supporting expanded adoption of OpenID technologies. This entails managing intellectual property and brand marks as well as fostering viral growth and global participation in the proliferation of OpenID. OpenID is a registered trademark of the OpenID® Foundation.

# # #

News Media Contacts: Jeff Fishburn
OnPR for OpenID Foundation Don Thibeau
Executive Director, OpenID Foundation