OpenID Connect is a simple yet powerful signin protocol.
Learn More
You do not remember which account you used to signin? Do not worry. Account Chooser will take care of it.
Learn More
The Office of the National Coordinator for Health Information Technology (ONC) located within the Office of the Secretary for the U.S. Department of Health and Human Services (HHS) has joined the OpenID Foundation (OIDF). ONC is the principal federal entity charged with coordination of nationwide efforts to implement and utilize the most advanced health information [...]
Those of us working on Internet identity issues have lots of conferences to attend when it comes to technology and privacy. Less attention has been paid to how to make money, how value is created, and how business models and monetization works across sectors. Meanwhile governments and companies are reorganizing to better address Internet identity [...]
“Covert Redirect”, publicized in May, 2014, is an instance of attackers using open redirectors – a well-known threat, with well-known means of prevention. The OpenID Connect protocol mandates strict measures that preclude open redirectors to prevent this vulnerability. Please see Section 4.2.4 of RFC 6819 (http://tools.ietf.org/html/rfc6819#section-4.2.4) for more information on open redirector threats and their [...]
In my last blog, I noted, “it’s time to build out the final elements of OpenID Connect and move to mobile.” We’ll soon announce the official working group with the GSMA focused on a OpenID Connect mobile profile. Foundation members, partners and independent developers continue to integrate OpenID Connect in robust and interoperable identity services [...]
The list of publicly available OpenID Connect libraries is growing, with implementations available for numerous development platforms and environments, including Drupal, Java, PHP, Python, and Ruby. See the Libraries page for a list of OpenID Connect libraries, as well as libraries implementing the related JSON Web Token (JWT) and JSON Object Signing and Encryption (JOSE) [...]
This is my first blog after a successful OpenID Connect launch in San Francisco, Barcelona and Japan on February 26th. The launch generated global buzz and coverage. Below are a few links to my previous posts highlighting statements of support and press coverage: Statements of Support Additional Statements of Support OpenID Connect Press Coverage Congratulations [...]
This past Wednesday, February 26th, the OpenID Foundation, it’s members and the OpenID Connect Working Group successfully launched the OpenID Connect standard in the US, Europe and Japan. The launch generated press coverage at RSA in San Francisco and the Mobile World Congress in Barcelona. This was made possible by you; our members, contributors. Thanks [...]
Providing Increased Security, Usability, and Privacy on the Internet RSA 2014 and Mobile World Congress- San Francisco, CA, and Barcelona, Spain – Feb. 26, 2014 – The OpenID Foundation announced today that its membership has ratified the OpenID Connect standard. Organizations and businesses can now use OpenID Connect to develop secure, flexible, and interoperable identity [...]
Passwords are a pain. Internet security is difficult. But getting consensus among competing vendors, independent developers, privacy advocates seemed impossible. But OpenID Connect is finally done. This internet identity layer is already helping websites, enterprises and mobile network operators identify people. OpenID Connect enables better privacy controls and stronger (and more user friendly) authentication. Application [...]
With the OpenID Connect specifications expected to be approved on Tuesday, February 25, 2014, a set of answers to Frequently Asked Questions has been published at http://openid.net/connect/faq/ to help answer questions people might have about OpenID Connect. OpenID Connect is an interoperable authentication protocol based on the OAuth 2.0 family of specifications. It uses straightforward [...]