Steps for Conformance certification submission

Getting the test completed

The first step is to ensure your implementation passed all the tests of the conformance test of the profile you are targeting. Each profile has a different logistics for running it, check the resource specific page under instruction page for the steps on running the tests

Getting a Payment Code

Every certification profile has a different fee depending upon your company is member or non-member of OpenID Foundation. Before proceeding, check with your company is there is a desire to became member of OIDF and take a seat on discussing and driving the evolution of open standards.

To start the payment process, head to Certification Payment page at https://openid.net/foundation/members/certifications/new. This page will not require an account to be created,  but if you are member, check the login link on it to enable the member fee.

Entity name,  version and email for payment code

The Certification Payment page requires you to enter Name of Entity, Implementer’s email and Deployment Name&Version.

The Entity name and Deployment Name and version are used to identify your company when we publish your certification under Certification list page. The Entity name might be your company name, trademark, or whatever makes more sense for your scenario, while the Deployment name and version identifies the actual software with its version that are declared as conformant. 

While OpenID Foundation set no requirement for the Entity name,  the Deployment name & version is required to identify a specific point in time for the declaration of conformance. The version number is reasonable for COTS products, but it might not be applicable to Saas products. For scenarios where there is no version number, the requirement is to identify the approximate date, using current month and year.

The email is required to be the address of a valid inbox, as the Payment Code will be sent to that email.

Certification profile

The payment requires you to identify what is the type of the certification.

The profiles for Brazil and KSA FAPI profiles requires you to select the “FAPI”, while the emerging Openbanking initiatives, like ConnectID, UAE, Colombia and Chile, requires you to select “FAPI2” certification type.

The IDPs certification type is applicable for deployments that are transmitting data, while the RPs are certification for products federating with those.

Payment options

For the payment, there are 2 options: via invoice, or Paypal.

If you click the “pay with Paypal”, you will be redirect to that provider and the once completed, a payment code will be shown. Be aware that PayPal will interact directly to your card processing (if credit card used) and the exchange rate might not be the one you are expecting.

If you click “request an invoice”, a payment code with be shown and a manual process on OpenID Foundation will kick in. Our staff will create a invoice and send to the implementer’s email. This will take up to 2 days for OIDF Team to send it to you an invoice.

Payment Code

The payment code will be presented to you, if you request an invoice OR pay using PayPal.

Save it for later reference as the Payment code will be required for submission

Exporting the test results

Declaration of Conformance

Once you have executed all the tests on the test plan and the tests are marked as wither “PASSED”, “REVIEW” or “WARNING”, you are good for submissions. Please note that if any test is marked as “FAILED”, the submission will not be accepted.
 
On the test plan, press “Publish for certification” button and a dialog will pop up to collect additional data and create a certification zip file for submission.
 
 
The first artifact to be uploaded is the Declaration of Conformance. This is a document where your company is declaring to be conformant to OpenID Certification profile.  The first section of the document identifies your compan,y, the certification profile and the test.
 
Conformance Profile
The OpenID Conformance Profile that you are required to inform is  presented at the test plan details. A screen capture below shows where you can find the text to be entered as the conformance profile. Please note that if this data is not valid or does not match the exactly name, you will be required to create another version of this document.
 
 
 
 Signature of Declaration
The declaration of conformance is required to be signed by one representative of the company, as it is the company asserting it is conformant to the profile and it will grant OpenID Foundation the permission to reproduce the Entity name and deployment name under certified deployments page.
The signature can be either electronic or wet, both options can accepted. By electronic signature, we accept Docusign, Adobe or other format can be traced.

 

RP test logs

 

Submitting the test results

Submitting to certification

After the completion of the previous steps, head to Submission form .
 
 

The Entity name and Deployment Name & Version should be provided as described at section “Entity name,  version and email for payment code” above. 

The Regulatory Regime should be kept at the default value, but if you received a express request from a regulator to provide a different value and you agree with that, change it accordingly.

The payment code to be provided is the code created by the payment system and described on section “Payment Code” above. The payment is not required to be completed during your submission, but it will be preprocessed and pushed to a queue for processing until the payment is completed.

The Certification zip file to be uploaded should be the zip as it was created by conformance suite on the section “Exporting test results” above. Be aware that generated zip file is digitally signed, so changing the zip might cause the signature to become invalid and our staff might require you to generated once again the zip file.

Please provide a monitored mailbox address under “Email confirmation”, as this address will be used by OIDF staff to report any problem with your submission.

Under normal circumstances, submissions are processed within 2-3 days.

Tracking progress and responding to OIDF analysts

It is crucial that a valid and monitored email is provided on the submission form. That is the only email that will receive any inquire or request from OIDF when processing your submission.
Every state machine transition is reported via automatic email from jira, which means that you will receive an email when status of your submission has changed.