Webinar on IPSIE secures more than 300 registrations
More than 300 identity security leaders and identity professionals registered for a recent webinar where our Executive Director Gail Hodges discussed with industry experts Jeff Reich, Dean H. Saxe, Aaron Parecki and George Fletcher, how enterprises can achieve secure, interoperable identity management using multiple standards, new enterprise interoperability profiles to strengthen security and streamline identity […]
Notice of a Security Vulnerability
The OpenID Foundation is committed to maintaining the highest security standards in identity protocols and takes security research seriously. As our specifications move towards final, we engage security researchers to conduct a rigorous security analysis and identify any vulnerabilities in the specifications. During a formal analysis of OpenID Federation, a security vulnerability was discovered relating […]
OIDF Feedback on NIST’s Attribute Validation Services
The National Institute of Standards and Technology (NIST) recently released a draft report entitled Attribute Validation Services for Identity Management, which seeks to provide a comprehensive framework for agencies considering implementing Attribute Validation Services (AVS) services. AVS are critical for identity proofing, fraud prevention, and ensuring equal access to digital resources, within government services. They […]
Strengthening cybersecurity measures – the OpenID Foundation’s recommendations on ENISA’s guidance for the NIS2 Directive
As the European Union continues to strengthen its cybersecurity framework, the NIS2 Directive serves as a pivotal measure to protect critical infrastructure and essential services across member states. Committed to advancing secure and interoperable digital identity standards, the OpenID Foundation welcomes the opportunity to contribute to this critical initiative and has provided comments on ENISA’s […]
Announcing the Final Draft “Government-Issued Digital Credentials and the Privacy Landscape”
Published May 4, 2023, revised August 25, 2023. Version 1.1 of this paper was published August 25, 2023 to include a narrow set of corrections submitted by the cobranding organizations, and incorporated at the discretion of the editor. Revision history is available upon request. The OpenID Foundation is pleased announce the final publication of the […]
Vulnerability Alert – OpenID 2.0 Implementations Vulnerabilities found in some OPs
Please be advised a number of OpenID Authentication 2.0 server implementations were found to be vulnerable due to non-compliance to the normative requirements of the OpenID Authentication 2.0 specification. The nature of the vulnerability In section 11.4.2.1 of the OpenID Authentication 2.0, it is stated that “For verifying signatures an OP MUST only use private […]
PAPE Approved as an OpenID Specification
The OpenID Foundation membership has approved OpenID Provider Authentication Policy Extension 1.0 as an OpenID specification by a vote of forty-two to three, with seven abstentions. This is a significant development for the OpenID community for two reasons…
Challenges facing OpenID
Its been an busy week in the world of OpenID. On Friday Ben Laurie announced a security vulnerability around OpenID that relates to existing problems with DNS and certain SSL certificates. Discussions on the OpenID General mailing list have been fruitful and the major OpenID providers out there today have disclosed that they are either […]