OpenID Certification Adoption Continues – Well Done Symantec!

Congratulations to the Symantec Identity team on the certification of it’s expanding OpenID Connect capabilities and their registration on the OIXnet registry.  This would not have been possible without the vision and pioneering leadership of Nico Popp and the sustained support of Open Identity Exchange Vice Chairman Paul Agbabian and Brian […]


Harmonizing IETF SCIM and OpenID Connect: Enabling OIDC Clients to Use SCIM Services   Recently updated !

OpenID Connect(OIDC) 1.0 is a key component of the “Cloud Identity” family of standards. At Oracle, we have been impressed by its ability to support federated identity both for cloud business services and in the enterprise. This is the reason why we recently joined the OpenID Foundation as a Sustaining […]


Registration Open for OpenID Foundation Workshop on Monday, October 24, 2016

OpenID Foundation Workshops provide insight and influence on important Internet identity standards. The workshop provides updates on the development of profiles of OpenID Connect as well as review progress on OpenID Connect Certification and an update on Relying Party certification.   We will introduce the FastFed (Fast Federation) while providing […]


Initial OpenID Connect Enhanced Authentication Profile (EAP) Specifications

The OpenID Enhanced Authentication Profile (EAP) working group charter states that: The purpose of this working group is to develop a security and privacy profile of the OpenID Connect specifications that enable users to authenticate to OpenID Providers using strong authentication specifications. The resulting profile will enable use of IETF […]


Preventing Mix-Up Attacks with OpenID Connect

Recently the OAuth community has been concerned with some attack vectors around mixed up clients, particularly when dynamic client registration and discovery are used with user-selected OpenID Providers. Broadly, the attacks consist of using dynamic client registration, or the compromise of an OpenID Provider (OP), to trick the Relying Party […]


Announcing the Financial API (FAPI) Working Group

In many cases, Fintech services such as aggregation services uses screen scraping and stores user passwords. This model is both brittle and insecure. To cope with the brittleness, the new OpenID Foundation Work Group invites developers, architects and technologists to contribute to an open standard approach using an API model […]


HEART Implementer’s Drafts Approved

The OpenID Foundation members have approved of the following specifications as OpenID Implementer’s Drafts: Health Relationship Trust Profile for OAuth 2.0 Health Relationship Trust Profile for OpenID Connect 1.0 Health Relationship Trust Profile for User Managed Access 1.0 An Implementer’s Draft is a stable version of a specification providing intellectual […]


Vote Early and Often!   Recently updated !

More often than not OpenID Foundation members vote with their feet. Members typically signal their interest in a topic or work group by participating on a spectrum from “leader to lurker” on a mailing list discussion or in a work group’s agenda setting. On important, rare occasions, real people have […]


New OpenID Foundation Board Leadership   Recently updated !

Thanks to all who voted for representatives to the OpenID Foundation Board of Directors.  George Fletcher of AOL will begin a new two year term as the community member representative. His continued leadership on the Executive Committee ensures continuity on important initiatives like OpenID Connect Certification and his deep technical expertise will […]