AB/Connect Working Group - Specifications
The AB/Connect working group is a combined working group of the Artifact Binding (AB) Working Group and the Connect Working Group aimed at producing the OAuth 2.0 based “OpenID Connect” specifications. It also includes a project named OpenID for Verifiable Credentials which consists of three specifications.
AB/Connect Working Group
OVERVIEW
AB/Connect Working Group
CHARTER
AB/Connect Working Group
SPECIFICATIONS
AB/Connect Working Group
REPOSITORY
The working group has been developing the following specifications:
Final Specifications
- OpenID Connect Core – Defines the core OpenID Connect functionality: authentication built on top of OAuth 2.0 and the use of claims to communicate information about the End-User
- OpenID Connect Discovery – Defines how clients dynamically discover information about OpenID Providers
- OpenID Connect Dynamic Registration – Defines how clients dynamically register with OpenID Providers
- OAuth 2.0 Multiple Response Types – Defines several specific new OAuth 2.0 response types
- OAuth 2.0 Form Post Response Mode – Defines how to return OAuth 2.0 Authorization Response parameters (including OpenID Connect Authentication Response parameters) using HTML form values that are auto-submitted by the User Agent using HTTP POST
- OpenID 2.0 to OpenID Connect Migration 1.0 – Defines how to migrate from OpenID 2.0 to OpenID Connect
- OpenID Connect RP-Initiated Logout – Defines how a Relying Party requests that an OpenID Provider log out the End-User
- Session Management – Defines how to manage OpenID Connect sessions, including postMessage-based logout and RP-initiated logout functionality
- Front-Channel Logout – Defines a front-channel logout mechanism that does not use an OP iframe on RP pages
- Back-Channel Logout – Defines a logout mechanism that uses direct back-channel communication between the OP and RPs being logged out
- OpenID Connect Core Error Code unmet_authentication_requirements – Defines the unmet_authentication_requirements authentication response error code
- Initiating User Registration via OpenID Connect – Defines the prompt=create authentication request parameter
Implementer's Drafts
- OpenID Federation 1.0 – Defines how parties within a federation can establish trust with one another
– Most recent Implementer’s Draft - Self-Issued OpenID Provider V2 – Enables End-users to use OpenID Providers (OPs) that they control
– Most recent Implementer’s Draft - OpenID Connect Native SSO for Mobile Apps – Enables native applications by the same vendor to share login information
– Most recent Implementer’s Draft - OpenID for Verifiable Presentations (OpenID4VP) – Defines a mechanism on top of OAuth 2.0 to allow presentation of claims in the form of Verifiable Credentials as part of the protocol flow
– Most recent Implementer’s Draft
Drafts
- OpenID Connect Claims Aggregation – Enables RPs to request and Claims Providers to return aggregated claims through OPs
- OpenID Federation Extended Subordinate Listing – Extends OpenID Federation to facilitate listings of large numbers of subordinates
- OpenID Federation Wallet Architectures – Defines how to perform trust establishment for Wallet ecosystems with OpenID Federation
- OpenID Connect Relying Party Metadata Choices – Enables RPs to express a set of supported values for RP metadata parameters
Resources
Two implementer’s guides are also available to serve as self-contained references for implementers of basic Web-based Relying Parties:
- Basic Client Implementer’s Guide – Simple subset of the Core functionality for a web-based Relying Party using the OAuth code flow
- Implicit Client Implementer’s Guide – Simple subset of the Core functionality for a web-based Relying Party using the OAuth implicit flow