The OpenID Connect Working Group recommends approval of the following specifications as Final OpenID Specifications: OpenID Connect Core – Defines the core OpenID Connect functionality: authentication built on top of OAuth 2.0 and the use of Claims to communicate information about the End-User. OpenID Connect Discovery – Defines how Relying […]
The OIDF board recently voted to adopt an OpenID Trademark and Service Mark License policy. The following are some of the guidelines regarding acceptable uses of OIDF trademarks outlined in the license: The owner of OIDF marks must be clearly identified as the “OpenID Foundation”. For example, “OpenID® is a […]
While the testing of Windows Azure Active Directory (WAAD) support for OpenID Connect has been going on for some months, Microsoft is now publicly participating in the OSIS interoperability testing. While most people think of Connect as being adopted by Social sites like Google for Login, it is […]
The Winter ’14 release includes OpenID Connect Authentication Providers, allowing your org to be an OpenID Connect Client, and leverage an Authorization Server for user login. Let’s take a look at how this works: If you want to walk through the protocol in detail, there’s an excellent, detailed description on Google’s […]
Please be advised a number of OpenID Authentication 2.0 server implementations were found to be vulnerable due to non-compliance to the normative requirements of the OpenID Authentication 2.0 specification. The nature of the vulnerability In section 11.4.2.1 of the OpenID Authentication 2.0, it is stated that “For verifying signatures an […]
The OpenID membership has approved the following specifications as OpenID Implementer’s Drafts in the vote held from July 23 and July 30, 2013: Basic Client Profile – Simple, self-contained profile for a Web-based Relying Parties using the OAuth code flow. Implicit Client Profile – Simple, self-contained profile for a Web-based […]
Nat Sakimura has written a valuable post describing how to write an OpenID Connect server in three simple steps. It shows by example how simple it is for OAuth servers to add OpenID Connect functionality. This post is a companion to his previous post OpenID Connect in a Nutshell, which […]
Please vote now at https://openid.net/foundation/members/polls/68. The vote is open between July 23 and July 30, 2013. The OpenID Connect Working Group recommends approval of the following specifications as OpenID Implementer’s Drafts: • Basic Client Profile – Simple, self-contained profile for a Web-based Relying Parties using the OAuth code flow. • […]
OpenID Foundation is hosting a joint WG meeting at IETF 87 Berlin on Sunday, July 28. Time: 2:00pm, Sunday, July 28 Venue: @IETF 87 Berlin, Germany Registration Site: http://openid-ietf-87.eventbrite.com People interested in OpenID Connect, Account Chooser, and how they relate to IETF specifications such as OAuth, JSON Web Token (JWT), and JSON […]
OpenID Foundation Japan’s Enterprise identity working group (EIWG) will host the following seminar. The working group is a joint working group with Japan Network Security Association’s Identity Management WG. Date: July 4, 2013 Time: 14:00-17:00 Venue: Nomura Research Institute, Marunouchi Centre 9F. (Tokyo) Entrance: Free Capacity: 100 Langauge: Japanese Cloud […]