Specifications and Implementer’s Guides

Final Specifications

• OpenID Connect Core – Defines the core OpenID Connect functionality: authentication built on top of OAuth 2.0 and the use of claims to communicate information about the End-User
• OpenID Connect Discovery – (Optional) Defines how clients dynamically discover information about OpenID Providers
• OpenID Connect Dynamic Registration – (Optional) Defines how clients dynamically register with OpenID Providers
• OAuth 2.0 Multiple Response Types – Defines several specific new OAuth 2.0 response types
• OAuth 2.0 Form Post Response Mode – (Optional) Defines how to return OAuth 2.0 Authorization Response parameters (including OpenID Connect Authentication Response parameters) using HTML form values that are auto-submitted by the User Agent using HTTP POST
• OpenID 2.0 to OpenID Connect Migration 1.0 – (Optional) Defines how to migrate from OpenID 2.0 to OpenID Connect

Implementer’s Drafts

• Session Management – (Optional) Defines how to manage OpenID Connect sessions, including postMessage-based logout and RP-initiated logout functionality
• Front-Channel Logout – (Optional) Defines a front-channel logout mechanism that does not use an OP iframe on RP pages
• Back-Channel Logout – (Optional) Defines a logout mechanism that uses direct back-channel communication between the OP and RPs being logged out
• OpenID Connect Federation – (Optional) Defines how sets of OPs and RPs can establish trust by utilizing a Federation Operator

Drafts

• OpenID Connect Profile for SCIM Services – (Optional) Defines how to use SCIM with OpenID Connect
• OpenID Connect for Identity Assurance – (Optional) Defines an OpenID Connect extension for Identity Assurance

Implementer’s Guides

Two implementer’s guides are also available to serve as self-contained references for implementers of basic Web-based Relying Parties:

• Basic Client Implementer’s Guide – Simple subset of the Core functionality for a web-based Relying Party using the OAuth code flow
• Implicit Client Implementer’s Guide – Simple subset of the Core functionality for a web-based Relying Party using the OAuth implicit flow

Repository and Editor’s Drafts

• Official Repository
• HTML editor’s drafts corresponding to the repository contents

Active Members (past and present)

• Nat Sakimura (Chair)
• Mike Jones (Co-Chair)
• John Bradley (Co-Chair)

• Anthony Nadalin (tonynad@microsoft.com), Microsoft
• Andreas Akre Solberg (andreas.solberg@uninett.no), UNINET
• Axel Nennker (axel.nennker@telekom.de), Deutsche Telekom
• Breno de Medeiros (breno@gmail.com), Google
• Casper Biering (cb@peercraft.com), Peercraft
• Chuck Mortimore (cmortimore@salesforce.com), Salesforce
• David Recordon (dr@fb.com), Facebook
• Edmund Jay (ejay@mgi1.com), Illumila
• George Fletcher (george.fletcher@oath.com), Oath
• Hideki Nara (hideki.nara@gmail.com), Takt Communications
• Johnny Bufu (jbufu@janrain.com), Janrain
• John Bradley (ve7jtb@ve7jtb.com), Yubico
• Justin Richer (jricher@mitre.org), Mitre
• Luke Shepard (lshepard@fb.com), Facebook
• Michael B. Jones (mbj@microsoft.com), Microsoft
• Nat Sakimura (n-sakimura@nri.co.jp), Nomura Research Institute, Ltd.
• Nov Matake (nov@matake.jp), YOauth.jp
• Pamela Dingle (Pamela.Dingle@microsoft.com), Microsoft
• Paul Tarjan (pt@fb.com), Facebook
• Phil Hunt (phil.hunt@oracle.com), Oracle
• Rich Levinson (rich.levinson@oracle.com), Oracle
• Roland Hedberg (roland@catalogix.se), Independent
• Ryo Itou (ritou@yahoo-corp.jp), Yahoo! Japan
• Torsten Lodderstedt (torsten@lodderstedt.net), yes.com
• Vladimir Dzhuvinov (vladimir@nimbusds.com), Nimbus Directory Service
• Bjorn Hjelm (Bjorn.Hjelm@verizonwireless.com), Verizon Wireless