The OpenID Connect Federation 1.0 specification is being developed to enable large-scale federations to be deployed using OpenID Connect. It enables trust among federation participants to be established through signed statements made by federation operators and organizations about federation participants.
The design of this specification builds upon the experiences gained in operating large-scale SAML 2.0 federations, and indeed, is authored by people having practical experience with these federations. A key innovation that differentiates OpenID Connect federations from most SAML 2.0 federations is that OpenID Connect federation employs hierarchal metadata, where participants directly publish statements about themselves, versus the aggregated metadata approach used by many SAML 2.0 federations, where the federation operator publishes a single file concatenating all the metadata for all the federation participants. Note that unlike older versions of the specification, this version treats OpenID Providers and Relying Parties symmetrically, with metadata being published about both.
In preparation for prototype implementations and trial deployments, Roland Hedberg
and Mike Jones
just spent time at the TNC19 conference
refining the specification. Most of the updates were to make the identifiers more consistent and the examples more complete. The syntax and semantics should be stable at this point, subject to refinements addressing continued feedback from implementations and deployments.
The latest version of specification is available at:
This URL always points to the latest published version:
Please review and implement this important specification and send your feedback to the OpenID Connect working group