Specifications

OpenID specifications are developed by OpenID working groups and go through three phases: Drafts, Implementer’s Drafts, and Final Specifications. Implementer’s Drafts and Final Specifications provide intellectual property protections to implementers. Final Specifications are OpenID Foundation standards.

Final Specifications

OpenID Connect specifications:

• OpenID Connect Core – Defines the core OpenID Connect functionality: authentication built on top of OAuth 2.0 and the use of claims to communicate information about the End-User
• OpenID Connect Discovery – Defines how clients dynamically discover information about OpenID Providers
• OpenID Connect Dynamic Registration – Defines how clients dynamically register with OpenID Providers
• OAuth 2.0 Multiple Response Types – Defines several specific new OAuth 2.0 response types
• OAuth 2.0 Form Post Response Mode – Defines how to return OAuth 2.0 Authorization Response parameters (including OpenID Connect Authentication Response parameters) using HTML form values that are auto-submitted by the User Agent using HTTP POST
• OpenID 2.0 to OpenID Connect Migration 1.0 – Defines how to migrate from OpenID 2.0 to OpenID Connect

Implementer’s Drafts

OpenID Connect working group specifications:

• Session Management – Defines how to manage OpenID Connect sessions, including postMessage-based logout functionality
• Front-Channel Logout – Defines a front-channel logout mechanism that does not use an OP iframe on RP pages
• Back-Channel Logout – Defines a logout mechanism that uses direct back-channel communication between the OP and RPs being logged out

HEART working group specifications:

• Health Relationship Trust Profile for OAuth 2.0 – HEART OAuth 2.0 Profile
• Health Relationship Trust Profile for OpenID Connect 1.0 – HEART OpenID Connect Profile
• Health Relationship Trust Profile for User Managed Access 1.0 – HEART UMA Profile

Active Drafts

OpenID Connect working group specifications:

• OpenID Connect Profile for SCIM Services – Defines how to use SCIM with OpenID Connect
• OpenID Connect Federation – Defines how sets of OPs and RPs can establish trust by utilizing a Federation Operator

Account Chooser & Open YOLO working group specifications:

• Account Chooser 1.0

MODRNA working group specifications:

• OpenID Connect MODRNA Authentication Profile 1.0
• OpenID Connect Account Porting
• OpenID Connect User Questioning API 1.0
• OpenID Connect MODRNA Client initiated Backchannel Authentication Flow 1.0
• MODRNA Discovery
• MODRNA Registration

EAP working group specifications:

• Token Bound Authentication – Defines how to apply Token Binding to OpenID Connect ID Tokens
• EAP ACR Values – Enables OpenID Connect RPs to request that specific authentication context classes be applied to authentications performed and for OPs to inform RPs whether these requests were satisfied

iGov working group specifications:

• International Government Assurance Profile (iGov) for OpenID Connect 1.0
• International Government Assurance Profile (iGov) Use Cases

Inactive Drafts

Native Applications working group specifications:

• Native Applications Agent Core 1.0
• Native Applications Agent API Bindings 1.0

Obsolete Specifications

Final OpenID 2.0 specifications:

• OpenID Authentication 2.0 (txt)
• OpenID Attribute Exchange 1.0 (txt)
• OpenID Provider Authentication Policy Extension 1.0 (txt)
• OpenID Simple Registration Extension 1.0 (txt)
• Yadis Discovery Protocol (Developed separately from OpenID, though used in 2.0)

OpenID 2.0 Drafts:

• OpenID Simple Registration Extension 1.1 – Draft 1 (txt)
• Contract Exchange 1.0

Early OpenID specifications:

• OpenID Authentication 1.1 (txt)
• OpenID Authentication 1.1 (original format)
• OpenID Authentication 1.0 (original format)