Announcing the Final Draft “Government-Issued Digital Credentials and the Privacy Landscape”
Published May 4, 2023, revised August 25, 2023. Version 1.1 of this paper was published August 25, 2023 to include a narrow set of corrections submitted by the cobranding organizations, and incorporated at the discretion of the editor. Revision history is available upon request. The OpenID Foundation is pleased announce the final publication of the […]
Vulnerability Alert – OpenID 2.0 Implementations Vulnerabilities found in some OPs
Please be advised a number of OpenID Authentication 2.0 server implementations were found to be vulnerable due to non-compliance to the normative requirements of the OpenID Authentication 2.0 specification. The nature of the vulnerability In section 11.4.2.1 of the OpenID Authentication 2.0, it is stated that “For verifying signatures an OP MUST only use private […]
PAPE Approved as an OpenID Specification
The OpenID Foundation membership has approved OpenID Provider Authentication Policy Extension 1.0 as an OpenID specification by a vote of forty-two to three, with seven abstentions. This is a significant development for the OpenID community for two reasons…
Challenges facing OpenID
Its been an busy week in the world of OpenID. On Friday Ben Laurie announced a security vulnerability around OpenID that relates to existing problems with DNS and certain SSL certificates. Discussions on the OpenID General mailing list have been fruitful and the major OpenID providers out there today have disclosed that they are either […]