CINXE.COM

<?xml version="1.0" encoding="UTF-8"?><rss version="2.0" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:wfw="http://wellformedweb.org/CommentAPI/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:sy="http://purl.org/rss/1.0/modules/syndication/" xmlns:slash="http://purl.org/rss/1.0/modules/slash/" > <channel> <title>OpenID Foundation</title> <atom:link href="https://openid.net/feed/" rel="self" type="application/rss+xml" /> <link>https://openid.net</link> <description>Helping people assert their identity wherever they choose</description> <lastBuildDate>Sat, 05 Apr 2025 07:10:37 +0000</lastBuildDate> <language>en-US</language> <sy:updatePeriod> hourly </sy:updatePeriod> <sy:updateFrequency> 1 </sy:updateFrequency> <generator>https://wordpress.org/?v=6.7.2</generator> <image> <url>https://openid.net/wp-content/uploads/2022/11/favicon_23-150x150.jpg</url> <title>OpenID Foundation</title> <link>https://openid.net</link> <width>32</width> <height>32</height> </image> <item> <title>OIDF & OIDF-J welcome the Japanese Digital Agency, West Japan Railway Company, and the National Institute of Informatics’ Student VC Project</title> <link>https://openid.net/oidf-oidf-j-welcome-the-japanese-digital-agency-west-japan-railway-company-and-the-national-institute-of-informatics-student-vc-project/</link> <dc:creator><![CDATA[Serj Hallam]]></dc:creator> <pubDate>Fri, 04 Apr 2025 12:29:50 +0000</pubDate> <category><![CDATA[Blogs]]></category> <category><![CDATA[Japan]]></category> <category><![CDATA[News]]></category> <category><![CDATA[DCP]]></category> <category><![CDATA[Specification]]></category> <guid isPermaLink="false">https://openid.net/?p=50523</guid> <description><![CDATA[Translated from the OIDF-J announcement. The OpenID Foundation and the OpenID Foundation Japan would like to express our sincere welcome to the pilot project for the social implementation of services for students using verifiable credentials, which was conducted and announced in March 2025 by the Digital Agency, West Japan Railway Company, and the National Institute […] The post <a href="https://openid.net/oidf-oidf-j-welcome-the-japanese-digital-agency-west-japan-railway-company-and-the-national-institute-of-informatics-student-vc-project/">OIDF & OIDF-J welcome the Japanese Digital Agency, West Japan Railway Company, and the National Institute of Informatics’ Student VC Project</a> first appeared on <a href="https://openid.net">OpenID Foundation</a>.]]></description> <content:encoded><![CDATA[Translated from the OIDF-J announcement. The OpenID Foundation and the OpenID Foundation Japan would like to express our sincere welcome to the pilot project for the social implementation of services for students using verifiable credentials, which was conducted and announced in March 2025 by the Digital Agency, West Japan Railway Company, and the National Institute of Informatics. <h2>Details of the pilot project</h2> <ul> <li style="font-weight: 400">Announcement from the Digital Agency Japan <a href="https://www.digital.go.jp/news/52905baa-6a19-40ad-aca3-0bde0c0dcb64">https://www.digital.go.jp/news/52905baa-6a19-40ad-aca3-0bde0c0dcb64</a></li> <li style="font-weight: 400">Announcement from West Japan Railway <a href="https://www.westjr.co.jp/press/article/2025/03/page_27752.html">https://www.westjr.co.jp/press/article/2025/03/page_27752.html</a></li> </ul> In this pilot project, universities will issue student enrolment certificates as verifiable credentials to students’ digital wallets. By presenting these credentials at ticket sales sites provided by West Japan Railway Company and others, the goal is to enable students to access student-specific services. <img fetchpriority="high" decoding="async" class="alignnone wp-image-50538" src="https://openid.net/wp-content/uploads/2025/04/Picture1-Japan-300x225.jpg" alt="" width="456" height="342" srcset="https://openid.net/wp-content/uploads/2025/04/Picture1-Japan-300x225.jpg 300w, https://openid.net/wp-content/uploads/2025/04/Picture1-Japan-1024x768.jpg 1024w, https://openid.net/wp-content/uploads/2025/04/Picture1-Japan-768x576.jpg 768w, https://openid.net/wp-content/uploads/2025/04/Picture1-Japan.jpg 1299w" sizes="(max-width: 456px) 100vw, 456px" /> Students who have already purchased tickets can pass through the facial recognition system. <img decoding="async" class="alignnone wp-image-50539" src="https://openid.net/wp-content/uploads/2025/04/Picture2-Japan-300x225.jpg" alt="" width="455" height="341" srcset="https://openid.net/wp-content/uploads/2025/04/Picture2-Japan-300x225.jpg 300w, https://openid.net/wp-content/uploads/2025/04/Picture2-Japan-1024x768.jpg 1024w, https://openid.net/wp-content/uploads/2025/04/Picture2-Japan-768x576.jpg 768w, https://openid.net/wp-content/uploads/2025/04/Picture2-Japan.jpg 1299w" sizes="(max-width: 455px) 100vw, 455px" /> Students can present the ticket on their smartphone. <h2><img decoding="async" class="alignnone wp-image-50540" src="https://openid.net/wp-content/uploads/2025/04/Picture3-Japan-300x225.jpg" alt="" width="453" height="340" srcset="https://openid.net/wp-content/uploads/2025/04/Picture3-Japan-300x225.jpg 300w, https://openid.net/wp-content/uploads/2025/04/Picture3-Japan-1024x768.jpg 1024w, https://openid.net/wp-content/uploads/2025/04/Picture3-Japan-768x576.jpg 768w, https://openid.net/wp-content/uploads/2025/04/Picture3-Japan.jpg 1299w" sizes="(max-width: 453px) 100vw, 453px" /></h2> The press conference. From left to right in the photo: <ul> <li style="font-weight: 400"><a href="https://www.openid.or.jp/about/">Naohiro Fujie, Chair, OpenID Foundation Japan</a></li> <li style="font-weight: 400"><a href="https://www.westjr.co.jp/global/en/ir/library/annual-report/2022/pdf/c12.pdf">Hideo Okuda, Director and Managing Executive Officer, West Japan Railway Company</a></li> <li style="font-weight: 400"><a href="https://www.digital.go.jp/en/about/member/kishinobuchiyo">Nobuchiyo Kishi, Parliamentary Secretary for Digital Affairs, Digital Agency</a></li> <li style="font-weight: 400"><a href="https://www.nii.ac.jp/en/faculty/architecture/sato_hiroyuki/">Hiroyuki Sato, Director, Research and Development Center for Trust and Digital ID, National Institute of Informatics</a></li> <li style="font-weight: 400"><a href="https://rd.iai.osaka-u.ac.jp/en/fbee80dc2f61fb58.html">Toru Yarimizu, Deputy Director, OUDX Promotion Office, Osaka University</a></li> </ul>   The <a href="https://openid.net/wg/digital-credentials-protocols/">Digital Credentials Protocols Working Group</a> of the OpenID Foundation is currently working on technical specifications¹ for issuing and presenting verifiable credentials, namely “OpenID for Verifiable Credential Issuance” and “OpenID for Verifiable Presentations”, which have already been adopted by the <a href="https://ec.europa.eu/digital-building-blocks/sites/display/EUDIGITALIDENTITYWALLET/EU+Digital+Identity+Wallet+Home">European Digital Identity Wallet project</a>² and others. We believe that the adoption of these technical specifications, and their promotion in Japan by the West Japan Railway Company, which provides important social infrastructure with government support, and the National Institute of Informatics, which operates an academic authentication federation involving many universities and research institutions, is a highly significant development for the global identity community. The Japanese government has provided significant support to the OpenID Foundation and the OpenID Foundation Japan through funding for the development of certification programs that verify proper implementation of the technical specifications provided by the OpenID Foundation, as well as through the adoption of OpenID-related protocols in government administrative services. The OpenID Foundation and OpenID Foundation Japan sincerely thank all supporters to date and warmly welcome this demonstration project. We will continue to provide technical specifications and support for the promotion of social implementation. <h2>■ Comments from each organization</h2> Mr. Nobuchiyo Kishi, Parliamentary Secretary for Digital Affairs, Digital Agency “In recent years, alongside the use of My Number cards for identity verification, there has been increasing demand for online verification methods such as in this initiative. We recognize the importance of creating practical use cases to support future expansion. We hope this initiative will continue to grow, involving multiple universities, certificate issuers, transportation agencies, and more. “We will continue working with the OpenID Foundation Japan to explore possibilities for social implementation and international collaboration.” <img loading="lazy" decoding="async" class="alignnone size-full wp-image-50541" src="https://openid.net/wp-content/uploads/2025/04/Picture4-logo-japan.jpg" alt="" width="273" height="122" /> Mr. Hideo Okuda, Director and Managing Executive Officer, General Manager of the Digital Solutions Division, West Japan Railway Company “Through our digital strategy, we aim to ‘move people’s hearts by fully utilizing data and digital technology to connect each customer with the Group’s diverse services’. “With this initiative, we also hope to ‘improve operational efficiency and evolve the customer experience by digitizing qualification verification, including school enrollment certification’, by promoting the ‘utilization of My Number cards to connect with each customer’.” <img loading="lazy" decoding="async" class="alignnone size-full wp-image-50542" src="https://openid.net/wp-content/uploads/2025/04/Picture5-logo-Japan.png" alt="" width="266" height="198" /> Professor Hiroyuki Sato, Director, Research and Development Center for Trust and Digital ID, National Institute of Informatics “We welcome this successful experiment, which has shown that issuing digital certificates through academic institutions and linking them to digital authentication apps can bring real benefits, such as student discounts, to students and others. This adds new value to the use of digital certificates and digital authentication applications. Moving forward, we aim to further enhance their value by standardizing formats.” <img loading="lazy" decoding="async" class="alignnone wp-image-50543" src="https://openid.net/wp-content/uploads/2025/04/Picture6-logo-Japan.png" alt="" width="283" height="100" /> Footnotes: *1 <a href="https://openid.net/wg/digital-credentials-protocols/">Digital Credentials Protocols Working Group </a>*2 EU Digital Identity Wallet Architecture Reference Framework ■ Contact OpenID Foundation Japan contact@openid.or.jp <h2>About the OpenID Foundation</h2> The OpenID Foundation (OIDF) is a global open standards body committed to helping people assert their identity wherever they choose. Founded in 2007, we are a community of technical experts leading the creation of open identity standards that are secure, interoperable, and privacy preserving. The Foundation’s OpenID Connect standard is now used by billions of people across millions of applications. In the last five years, the Financial Grade API has become the standard of choice for Open Banking and Open Data implementations, allowing people to access and share data across entities. Today, the OpenID Foundation’s standards are the connective tissue to enable people to assert their identity and access their data at scale, the scale of the internet, enabling “networks of networks” to interoperate globally. Individuals, companies, governments and non-profits are encouraged to join or participate. Find out more at<a href="http://www.openid.net/"> openid.net</a>.  The post <a href="https://openid.net/oidf-oidf-j-welcome-the-japanese-digital-agency-west-japan-railway-company-and-the-national-institute-of-informatics-student-vc-project/">OIDF & OIDF-J welcome the Japanese Digital Agency, West Japan Railway Company, and the National Institute of Informatics’ Student VC Project</a> first appeared on <a href="https://openid.net">OpenID Foundation</a>.]]></content:encoded> </item> <item> <title>AuthZEN & Shared Signals in the Gartner IAM 2025 spotlight</title> <link>https://openid.net/authzen-shared-signals-in-the-gartner-iam-2025-spotlight/</link> <dc:creator><![CDATA[Serj Hallam]]></dc:creator> <pubDate>Wed, 02 Apr 2025 19:23:32 +0000</pubDate> <category><![CDATA[Authorization]]></category> <category><![CDATA[Blogs]]></category> <category><![CDATA[Events]]></category> <category><![CDATA[Foundation]]></category> <category><![CDATA[News]]></category> <category><![CDATA[Shared Signals]]></category> <category><![CDATA[Working Group]]></category> <category><![CDATA[CAEP]]></category> <category><![CDATA[Digital Identity]]></category> <category><![CDATA[Interoperability]]></category> <category><![CDATA[OpenID Foundation]]></category> <guid isPermaLink="false">https://openid.net/?p=50491</guid> <description><![CDATA[An intense and unforgettable two days for the OpenID Foundation The OpenID Foundation was again invited to lead cutting-edge interoperability demonstrations at the March 2025 Gartner Identity & Access Management Summit in London this week. This time, two Working Groups, Shared Signals and AuthZEN, had a presence. The demand for our sessions far exceeded expectations, […] The post <a href="https://openid.net/authzen-shared-signals-in-the-gartner-iam-2025-spotlight/">AuthZEN & Shared Signals in the Gartner IAM 2025 spotlight</a> first appeared on <a href="https://openid.net">OpenID Foundation</a>.]]></description> <content:encoded><![CDATA[<h2>An intense and unforgettable two days for the OpenID Foundation</h2> <img loading="lazy" decoding="async" class="size-medium wp-image-50495 alignleft" src="https://openid.net/wp-content/uploads/2025/04/IMG_2570-1-300x225.jpg" alt="" width="300" height="225" srcset="https://openid.net/wp-content/uploads/2025/04/IMG_2570-1-300x225.jpg 300w, https://openid.net/wp-content/uploads/2025/04/IMG_2570-1-1024x768.jpg 1024w, https://openid.net/wp-content/uploads/2025/04/IMG_2570-1-768x576.jpg 768w, https://openid.net/wp-content/uploads/2025/04/IMG_2570-1-1536x1152.jpg 1536w, https://openid.net/wp-content/uploads/2025/04/IMG_2570-1-2048x1536.jpg 2048w" sizes="(max-width: 300px) 100vw, 300px" />The OpenID Foundation was again invited to lead cutting-edge interoperability demonstrations at the <a href="https://www.gartner.com/en/conferences/emea/identity-access-management-uk" class="broken_link">March 2025 Gartner Identity & Access Management Summit</a> in London this week. This time, two Working Groups, <a href="https://openid.net/wg/sharedsignals/">Shared Signals</a> and <a href="http://authzen">AuthZEN</a>, had a presence. The demand for our sessions far exceeded expectations, making them some of the most attended and well-received presentations at the entire event. Each demonstration session was packed to capacity – so much so that crowd control became necessary! The sheer level of interest was overwhelming, with participants queuing down the corridors and waiting up to 25 minutes just to get into the room. Attendees ranged from deeply technical professionals to those relatively new to interoperability, highlighting the broad industry appeal and necessity of these innovations.<img loading="lazy" decoding="async" class="size-medium wp-image-50498 alignright" src="https://openid.net/wp-content/uploads/2025/04/cc17b520-7542-4689-a9cd-26d3d7ac6803-1-300x225.jpg" alt="" width="300" height="225" srcset="https://openid.net/wp-content/uploads/2025/04/cc17b520-7542-4689-a9cd-26d3d7ac6803-1-300x225.jpg 300w, https://openid.net/wp-content/uploads/2025/04/cc17b520-7542-4689-a9cd-26d3d7ac6803-1-1024x768.jpg 1024w, https://openid.net/wp-content/uploads/2025/04/cc17b520-7542-4689-a9cd-26d3d7ac6803-1-768x576.jpg 768w, https://openid.net/wp-content/uploads/2025/04/cc17b520-7542-4689-a9cd-26d3d7ac6803-1-1536x1152.jpg 1536w, https://openid.net/wp-content/uploads/2025/04/cc17b520-7542-4689-a9cd-26d3d7ac6803-1.jpg 2048w" sizes="(max-width: 300px) 100vw, 300px" /> Over the course of two days, over 200 people attended these sessions, eager to witness the future of authorization and real-time security signaling. It was incredible to see how many firms were integrating and implementing these groundbreaking technologies. We’re proud that these sessions occupied such a unique and forward-looking place at Gartner IAM. <h2>AuthZEN — A vision for the future of digital security</h2> Traditionally, authorization systems have functioned in silos, creating barriers to interoperability. AuthZEN has emerged as a game-changer, much like OpenID Connect did for authentication, by bridging Policy Decision Points (PDPs), identity providers, and API gateways. Its standardization enables organizations to scale while maintaining strong security—a necessity in today’s complex regulatory landscape. During the event, 15 prominent industry players, including Aserto, Axiomatics, AWS, Cerbos, OpenFGA, Topaz, Rock Solid Knowledge, Sgnl, Amazon API Gateway, Broadcom, Envoy, Kong, Tyk, WSO2 and Zuplo, conducted <a href="https://openid.net/wp-content/uploads/2025/04/OpenID-AuthZEN-Datasheet-Gartner-London.pdf">live demonstrations showcasing how AuthZEN seamlessly integrates multiple systems into a unified security fabric</a>. This approach not only reinforces the principle of least privilege, but also introduces dynamic separation of duties and continuous authorization enforcement, greatly enhancing auditability and compliance. <img loading="lazy" decoding="async" class="size-medium wp-image-50499 alignleft" src="https://openid.net/wp-content/uploads/2025/04/IMG_2569-300x225.jpg" alt="" width="300" height="225" srcset="https://openid.net/wp-content/uploads/2025/04/IMG_2569-300x225.jpg 300w, https://openid.net/wp-content/uploads/2025/04/IMG_2569-1024x768.jpg 1024w, https://openid.net/wp-content/uploads/2025/04/IMG_2569-768x576.jpg 768w, https://openid.net/wp-content/uploads/2025/04/IMG_2569-1536x1152.jpg 1536w, https://openid.net/wp-content/uploads/2025/04/IMG_2569-2048x1536.jpg 2048w" sizes="(max-width: 300px) 100vw, 300px" />One of the standout moments was the executive session titled “<a href="https://openid.net/wp-content/uploads/2025/04/AuthZEN-Gartner-IAM-2025-London.pdf">AuthZEN: The OpenID Connect’ of Authorization</a>.” Working Group Chairs Omri Gazitt, CEO of Aserto, and David Brossard, CTO of Axiomatics, took the stage to provide deep insights into the strategic importance of AuthZEN. Their presentation emphasized how the rising number of interoperable implementations since December 2024 signals an “OAuth moment” for runtime authorization—a turning point in the industry. The immense interest from attendees underscored that the industry is ready to move beyond legacy authorization systems and embrace a dynamic, scalable future. <h2>Shared Signals Framework- Strengthening trust in real time</h2> <img loading="lazy" decoding="async" class="size-medium wp-image-50500 alignright" src="https://openid.net/wp-content/uploads/2025/04/IMG_2551-300x225.jpg" alt="" width="300" height="225" srcset="https://openid.net/wp-content/uploads/2025/04/IMG_2551-300x225.jpg 300w, https://openid.net/wp-content/uploads/2025/04/IMG_2551-1024x768.jpg 1024w, https://openid.net/wp-content/uploads/2025/04/IMG_2551-768x576.jpg 768w, https://openid.net/wp-content/uploads/2025/04/IMG_2551-1536x1152.jpg 1536w, https://openid.net/wp-content/uploads/2025/04/IMG_2551-2048x1536.jpg 2048w" sizes="(max-width: 300px) 100vw, 300px" />Alongside the success of AuthZEN, the event also celebrated the growing impact of the Shared Signals Framework (SSF) and the Continuous Access Evaluation Protocol (CAEP). These technologies are driving new levels of transparency and reliability in authorization by enabling real-time sharing of security signals. Led by Atul Tulshibagwale, Corporate Board Member of the OpenID Foundation, WG Co-Chair, and CTO of SGNL, SSF was showcased by nine industry leaders, including SGNL, Google, IBM, Okta, Omnissa, Relock, SailPoint, Thales, and Beyond Identity. <a href="https://openid.net/wp-content/uploads/2025/04/OpenID-CAEP-and-SSF-Datasheet-Gartner-London-2.pdf">Their demonstrations illustrated how SSF and CAEP create a “trust fabric”—a dynamic, interconnected system that enhances security through continuous access evaluation.</a> <img loading="lazy" decoding="async" class="size-medium wp-image-50502 alignleft" src="https://openid.net/wp-content/uploads/2025/04/IMG_2541-300x225.jpg" alt="" width="300" height="225" srcset="https://openid.net/wp-content/uploads/2025/04/IMG_2541-300x225.jpg 300w, https://openid.net/wp-content/uploads/2025/04/IMG_2541-1024x768.jpg 1024w, https://openid.net/wp-content/uploads/2025/04/IMG_2541-768x576.jpg 768w, https://openid.net/wp-content/uploads/2025/04/IMG_2541-1536x1152.jpg 1536w, https://openid.net/wp-content/uploads/2025/04/IMG_2541-2048x1536.jpg 2048w" sizes="(max-width: 300px) 100vw, 300px" /> Atul Tulshibagwale’s presentation, “<a href="https://openid.net/wp-content/uploads/2025/04/Mar25-Gartner-IAM_-Building-a-Trust-Fabric-with-the-OpenID-Shared-Signals-Framework.pdf">Building a Trust Fabric with the OpenID Shared Signals Framework</a>” was another major highlight. The session drew a large audience keen to understand how SSF is reshaping security through proactive, real-time decision-making. The overwhelming turnout reinforced the industry’s commitment to adopting innovative trust-based frameworks for authentication and authorization. <h2>A glimpse into the future of security</h2> The convergence of AuthZEN and Shared Signals at Gartner IAM 2025 marked a pivotal moment in addressing the complex challenges of modern authorization. These technologies are not only robust and scalable, but also agile enough to adapt to evolving security threats and compliance requirements. For security professionals, IAM teams, and technology architects, these sessions served as a call to action—an invitation to rethink, refine, and revolutionize their authorization strategies. The event provided a valuable forum for the community to discuss, question, and contribute to the ongoing evolution of these standards, fostering a culture of collaboration and innovation. Looking back, the energy, the discussions, the live demos, and the sheer enthusiasm of attendees made it clear: AuthZEN and Shared Signals are not just theoretical advancements, they are practical, game-changing solutions already making a significant impact on enterprise security. And the OpenID Foundation is proud to be at the forefront of this transformation. <h2>About the OpenID Foundation</h2> The OpenID Foundation (OIDF) is a global open standards body committed to helping people assert their identity wherever they choose. Founded in 2007, we are a community of technical experts leading the creation of open identity standards that are secure, interoperable, and privacy preserving. The Foundation’s OpenID Connect standard is now used by billions of people across millions of applications. In the last five years, the Financial Grade API has become the standard of choice for Open Banking and Open Data implementations, allowing people to access and share data across entities. Today, the OpenID Foundation’s standards are the connective tissue to enable people to assert their identity and access their data at scale, the scale of the internet, enabling “networks of networks” to interoperate globally. Individuals, companies, governments and non-profits are encouraged to join or participate. Find out more at<a href="http://www.openid.net/"> openid.net</a>. The post <a href="https://openid.net/authzen-shared-signals-in-the-gartner-iam-2025-spotlight/">AuthZEN & Shared Signals in the Gartner IAM 2025 spotlight</a> first appeared on <a href="https://openid.net">OpenID Foundation</a>.]]></content:encoded> </item> <item> <title>Implementer’s Draft of OpenID4VC High Assurance Interoperability Profile Approved</title> <link>https://openid.net/implementers-draft-of-openid4vc-haip/</link> <dc:creator><![CDATA[Elizabeth Garber]]></dc:creator> <pubDate>Tue, 01 Apr 2025 21:15:43 +0000</pubDate> <category><![CDATA[Implementer's Draft]]></category> <category><![CDATA[News]]></category> <category><![CDATA[OpenID4VC]]></category> <category><![CDATA[Working Group]]></category> <category><![CDATA[DCP]]></category> <category><![CDATA[HAIP]]></category> <category><![CDATA[OID4VC]]></category> <guid isPermaLink="false">https://openid.net/?p=50477</guid> <description><![CDATA[The OpenID Foundation membership has approved the following OpenID Implementer’s Draft: OpenID for OpenID4VC High Assurance Interoperability Profile: https://openid.net/specs/openid4vc-high-assurance-interoperability-profile-1_0-ID1.html An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. OpenID for OpenID4VC High Assurance Interoperability Profile Implementer’s Draft is the product of the Digital Credentials Protocols […] The post <a href="https://openid.net/implementers-draft-of-openid4vc-haip/">Implementer’s Draft of OpenID4VC High Assurance Interoperability Profile Approved</a> first appeared on <a href="https://openid.net">OpenID Foundation</a>.]]></description> <content:encoded><![CDATA[<div>The OpenID Foundation membership has approved the following OpenID Implementer’s Draft:</div> <div aria-hidden="true"> </div> <div>OpenID for OpenID4VC High Assurance Interoperability Profile: <a id="LPlnkOWA59734543-96c7-22cc-8fdf-07a9b86c3ec5" title="https://openid.net/specs/openid4vc-high-assurance-interoperability-profile-1_0-ID1.html" href="https://openid.net/specs/openid4vc-high-assurance-interoperability-profile-1_0-ID1.html" target="_blank" rel="noopener noreferrer" data-auth="NotApplicable" data-linkindex="0">https://openid.net/specs/openid4vc-high-assurance-interoperability-profile-1_0-ID1.html</a></div> <div>An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. OpenID for OpenID4VC High Assurance Interoperability Profile Implementer’s Draft is the product of the <a href="https://openid.net/wg/digital-credentials-protocols/">Digital Credentials Protocols (DCP) Working Group</a>.</div> <div aria-hidden="true"> </div> <div>The voting results were:</div> <div>· Approve – 87 votes</div> <div>· Object – 1 vote</div> <div>· Abstain – 18 votes</div> <div>Total votes: 106 (out of 364 members = 29% > 20% quorum requirement)</div> <div>Marie Jordan – OpenID Foundation Secretary</div> <div dir="auto"> OpenID Foundation The OpenID Foundation (OIDF) is a global open standards body committed to helping people assert their identity wherever they choose. Founded in 2007, we are a community of technical experts leading the creation of open identity standards that are secure, interoperable, and privacy preserving. The Foundation’s OpenID Connect standard is now used by billions of people across millions of applications. In the last five years, the Financial Grade API has become the standard of choice for Open Banking and Open Data implementations, allowing people to access and share data across entities. Today, the OpenID Foundation’s standards are the connective tissue to enable people to assert their identity and access their data at scale, the scale of the internet, enabling “networks of networks” to interoperate globally. Individuals, companies, governments and non-profits are encouraged to join or participate. Find out more at <a href="http://www.openid.net/">openid.net</a>. </div>The post <a href="https://openid.net/implementers-draft-of-openid4vc-haip/">Implementer’s Draft of OpenID4VC High Assurance Interoperability Profile Approved</a> first appeared on <a href="https://openid.net">OpenID Foundation</a>.]]></content:encoded> </item> <item> <title>Implementer’s Guide: FAPI 2.0 Final vs. Implementer’s Draft 2.0</title> <link>https://openid.net/implementers-guide-fapi-2-final-vs-implementers-draft-2/</link> <dc:creator><![CDATA[Elizabeth Garber]]></dc:creator> <pubDate>Thu, 20 Mar 2025 22:44:38 +0000</pubDate> <category><![CDATA[News]]></category> <category><![CDATA[Adoption]]></category> <category><![CDATA[FAPI]]></category> <category><![CDATA[Open Banking]]></category> <category><![CDATA[Open Banking Implementation Entity]]></category> <guid isPermaLink="false">https://openid.net/?p=50388</guid> <description><![CDATA[Author: Dima Postnikov, Vice-Chair of OpenID Foundation and FAPI WG Member Contributors: Gail Hodges, Nat Sakimura, Ralph Bragg, Filip Skokan, Joseph Heenan. This article is also accessible on Medium. Introduction In a significant milestone for the global Open Banking and Open Data community, on February 22nd, the OpenID Foundation published and approved the new and […] The post <a href="https://openid.net/implementers-guide-fapi-2-final-vs-implementers-draft-2/">Implementer’s Guide: FAPI 2.0 Final vs. Implementer’s Draft 2.0</a> first appeared on <a href="https://openid.net">OpenID Foundation</a>.]]></description> <content:encoded><![CDATA[Author: Dima Postnikov, Vice-Chair of OpenID Foundation and FAPI WG Member Contributors: Gail Hodges, Nat Sakimura, Ralph Bragg, Filip Skokan, Joseph Heenan. This article is also accessible on <a href="https://medium.com/@dimapostnikov/implementers-guide-fapi-2-0-final-specification-vs-implementers-draft-2-0-fc148b013969" target="_blank" rel="noopener">Medium</a>. <h2 dir="ltr">Introduction</h2> In a significant milestone for the global Open Banking and Open Data community, on February 22nd, the OpenID Foundation published and approved the new and final version of the FAPI 2 Security profile and its Attacker model. <a href="https://openid.net/specs/fapi-security-profile-2_0-final.html">FAPI 2.0 Security Profile</a> <a href="https://openid.net/specs/fapi-attacker-model-2_0-final.html">FAPI 2.0 Attacker Model</a> A Final Specification provides intellectual property protections to implementers of the specification and is not subject to further revision. OpenID Foundation’s FAPI working group and many invited experts have worked extensively on the specification to make it simpler, easier to understand, more secure, and more interoperable. This version has been through <a href="https://openid.net/wordpress-content/uploads/2022/12/Formal-Security-Analysis-of-FAPI-2.0_FINAL_2022-10.pdf">formal security analysis</a> by the University of Stuttgart, and the <a href="https://openid.net/how-to-certify-your-implementation/">certification test suite</a> is being updated to reflect FAPI 2.0 Final. Since the last Implementer’s Draft, there have been many editorial changes: new introduction sections, formatting, corrected typos, section renumbering, updated references to sections of this document and other specifications, and added acknowledgments. Note: The previous approved implementer’s draft can be found <a href="https://openid.net/specs/fapi-2_0-security-profile-ID2.html" target="_blank" rel="noopener">here</a>. Below is a detailed summary of the key changes that can impact existing FAPI 2.0 implementations. These changes should be reviewed by all implementers (live or planning to go live) who had built their implementations against the last implementer’s draft. If you have questions about the specs, please direct them to the FAPI WG mailing list at <a href="mailto:openid-specs-fapi-owner@lists.openid.net">openid-specs-fapi-owner@lists.openid.net</a>. If you have certification questions, please direct them to <a href="mailto:certification@oidf.org">certification@oidf.org</a>. <h2 dir="ltr">Summary of changes between FAPI 2.0 Implementer’s Draft 2.0 and Final</h2> The changes below are labeled AS if relevant for Authorization Servers, RP for Relying Parties and Clients, and Ecosystem for Ecosystem operators. <h2 dir="ltr">‘aud’ claim value in client authentication assertions. AS RP </h2> Why? This additional security control has been introduced as a result of the FAPI working group discussion after the specification’s formal security analysis. Impact: If your ecosystem or implementation uses and/or supports client authentication assertions, e.g., private_key_jwt, this impacts your implementation (client or authorization server). The specification was updated to only allow the issuer identifier value as a value for ‘aud’. Authorization servers are required to enforce this behavior. Note: Previously, other values were allowed for interoperability purposes. Conformance tests will enforce this. <h2 dir="ltr">TLS security deferred to BCP195 AS</h2> Why? Instead of repeating the content of BCP195, FAPI will refer all TLS security matters to BCP195. Impact on Authorization Servers: <ul> <li dir="ltr" aria-level="1"> IETF periodically publishes BCP195. FAPI 2 implementers must comply with BCP195 changes within 12 months after publication. </li> <li dir="ltr" aria-level="1"> Some ciphers have recently been removed from the recommended list. Please review BCP195 to ensure you are up to date. </li> </ul> Conformance tests will enforce this. <h2 dir="ltr">Elliptic curve keys’ length AS</h2> Why: The FAPI2 specification aligns with TLS BCP requirements (<a href="https://www.rfc-editor.org/rfc/rfc9325.html">https://www.rfc-editor.org/rfc/rfc9325.html</a> ) and NIST Guidelines [<a href="https://www.rfc-editor.org/rfc/rfc9325.html#NIST.SP.800-56A">NIST.SP.800-56A</a>], which have been updated recently. Impact: Elliptic curve keys used by AS shall have a minimum length of 224 bits. Conformance tests will enforce this minimum length. <h2 dir="ltr">Clock skew AS</h2> Why: Clock skew causes many interoperability issues: even a few hundred milliseconds of clock skew can cause JWTs to be rejected by AS as “issued in the future.” This new specification provides additional guidance for dealing with clock skews. Impact: Authorization servers are required to accept JWTs with an iat or nbf timestamp between 0 and 10 seconds in the future and to reject JWTs with an iat or nbf timestamp greater than 60 seconds in the future. Conformance tests will test this. <h2 dir="ltr">MTLS ecosystems AS RP Ecosystem</h2> Why? Some ecosystems have implemented MTLS as an additional security control at the transport layer for all server-to-server endpoints requiring transmitting sensitive data. For example, private_key_jwt is sometimes used for client authentication in conjunction with MTLS connectivity. FAPI 2 recognizes this existing deployment practice and provides additional guidance to improve interoperability. Key impacts (for ecosystems that choose to use it): <ul> <li dir="ltr" aria-level="1"> Authorization server implementations may utilize mtls_endpoint_aliases authorization server metadata to provide a discovery mechanism for endpoints that might have both MTLS and non-MTLS endpoints; </li> <li dir="ltr" aria-level="1"> New client metadata `use_mtls_endpoint_aliases` was introduced for clients to indicate that they will be using mutual-TLS endpoint aliases [@RFC8705] declared by the authorization server in its metadata even beyond the Mutual-TLS Client Authentication and Certificate-Bound Access Tokens use cases. Client implementations shall use client metadata use_mtls_endpoint_aliases, if present. </li> </ul> Conformance tests will test this. <h2 dir="ltr">One-time use of `request_uri` AS</h2> Why? Recent implementation experience of x2app with PAR highlighted that some operating systems pre-load authorization URLs and, in some cases, invalidate `request_uri` before an intended recipient app can use it. Impact: Authorization servers are provided with additional guidance on enforcing one-time use of `request_uri` values: enforcement should occur at the time of authorization(where an authenticated user is presented with the consent details), not at the point of loading an authorization page. Once a user has been presented with consent details, request_uri should be invalidated independently of what the user chooses to do (accept, reject, or ignore/close a browser window or an application). <h2 dir="ltr">Refresh token rotation prohibition Ecosystem</h2> Why? Refresh token rotation has traditionally been used as a security control. Still, it is known to cause significant operational issues and user experience degradation, with clients losing access to their existing consents. FAPI2 doesn’t require this security control because of the use of confidential clients and sender-constrained access tokens. Impact: Ecosystems using refresh token rotation should require Authorisation Servers to remove it unless used for infrastructure migration or other extraordinary circumstances. <h2 dir="ltr">Some other items we knew already but needed to clarify</h2> <ul> <li dir="ltr" aria-level="1"> Authorization servers only support confidential clients. Ecosystem </li> <li dir="ltr" aria-level="1"> Authorization servers shall not support CORS for the authorization endpoint (clients are not accessing this endpoint correctly). AS </li> <li dir="ltr" aria-level="1"> As accepted best practice, Authorization Servers should restrict the privileges associated with an access token to the minimum required for the particular application or use case. AS </li> <li dir="ltr" aria-level="1"> Authorization servers should not allow clients to influence their client_id so that it can be mistaken for an end-user subject identifier (a new attack has been added to security considerations: Client Impersonating Resource Owner). AS Ecosystem </li> <li dir="ltr" aria-level="1"> Clients shall only send `client_id` and `request_uri` request parameters to the authorization endpoint (all other authorization request parameters are sent via PAR (RFC9126). Clients will fail if they don’t conform to this behavior. AS will fail if they don’t ignore other request parameters sent to the authorization endpoint. AS RP Ecosystem </li> <li dir="ltr" aria-level="1"> Clients are required to use `code` as the value for `response_type`. Used to say shall support the authorization code grant (`response_type=code` & `grant_type=authorization_code`) described in [@!RFC6749]; AS RP Ecosystem </li> <li dir="ltr" aria-level="1"> Clients shall generate the PKCE challenge specifically for each authorization request and securely bind the challenge to the client and the user agent in which the flow was started; RP </li> <li dir="ltr" aria-level="1"> For interoperability reasons, clients using authorization code flow and OpenID Connect should not use nonce longer than 64 characters. RP </li> <li dir="ltr" aria-level="1"> Additional guidance is provided to limit the impact of key compromises in the security considerations section. AS Ecosystem </li> </ul> <div dir="auto"> OpenID Foundation The OpenID Foundation (OIDF) is a global open standards body committed to helping people assert their identity wherever they choose. Founded in 2007, we are a community of technical experts leading the creation of open identity standards that are secure, interoperable, and privacy preserving. The Foundation’s OpenID Connect standard is now used by billions of people across millions of applications. In the last five years, the Financial Grade API has become the standard of choice for Open Banking and Open Data implementations, allowing people to access and share data across entities. Today, the OpenID Foundation’s standards are the connective tissue to enable people to assert their identity and access their data at scale, the scale of the internet, enabling “networks of networks” to interoperate globally. Individuals, companies, governments and non-profits are encouraged to join or participate. Find out more at <a href="http://www.openid.net/">openid.net</a>. </div>The post <a href="https://openid.net/implementers-guide-fapi-2-final-vs-implementers-draft-2/">Implementer’s Guide: FAPI 2.0 Final vs. Implementer’s Draft 2.0</a> first appeared on <a href="https://openid.net">OpenID Foundation</a>.]]></content:encoded> </item> <item> <title>Standardized, Fine-Grained Authorization Using OAuth 2 Grant Management and Rich Authorization Requests</title> <link>https://openid.net/standardized-fine-grained-authorization-with-oauth2-grant-management-and-rich-authorization-requests/</link> <dc:creator><![CDATA[Elizabeth Garber]]></dc:creator> <pubDate>Wed, 19 Mar 2025 16:54:40 +0000</pubDate> <category><![CDATA[News]]></category> <category><![CDATA[Papers]]></category> <category><![CDATA[Adoption]]></category> <category><![CDATA[FAPI]]></category> <category><![CDATA[Open Banking]]></category> <category><![CDATA[Open Banking Implementation Entity]]></category> <guid isPermaLink="false">https://openid.net/?p=50360</guid> <description><![CDATA[Since 2018, the OpenID Foundation’s FAPI Working Group and the global community have been developing standards to support Open Banking and Open Data. In “Standardized and Fine-Grained Authorization with OAuth 2 Grant Management and Rich Authorization Requests,” Dima Postnikov (OIDF Vice Chairman) and Gail Hodges (OIDF Executive Director) lay out how implementations around the world […] The post <a href="https://openid.net/standardized-fine-grained-authorization-with-oauth2-grant-management-and-rich-authorization-requests/">Standardized, Fine-Grained Authorization Using OAuth 2 Grant Management and Rich Authorization Requests</a> first appeared on <a href="https://openid.net">OpenID Foundation</a>.]]></description> <content:encoded><![CDATA[<div dir="auto"> Since 2018, the OpenID Foundation’s <a href="https://openid.net/wg/fapi/">FAPI Working Group</a> and the global community have been developing standards to support Open Banking and Open Data. In “<a href="https://openid.net/wp-content/uploads/2025/03/GM-and-RAR-vs-Consent-API-OIDF-draft.pdf">Standardized and Fine-Grained Authorization with OAuth 2 Grant Management and Rich Authorization Requests</a>,” Dima Postnikov (OIDF Vice Chairman) and Gail Hodges (OIDF Executive Director) lay out how implementations around the world have contributed to improvements in the specifications over time and explain the FAPI WG recommendations related to <a href="https://openid.net/specs/oauth-v2-grant-management-ID1.html">OAuth2 Grant Management</a> and <a href="https://openid.net/specs/oauth-v2-grant-management-ID1.html">Rich Authorization Requests (RAR)</a> to enable fine-grained authorization. Previously deployed ecosystems did not have an opportunity to use a standard-based approach in fine-grained authorization. This draft paper explains why the FAPI WG is encouraging new ecosystems to become early adopters of Grant Management and RAR. </div> What to do next: <ul> <li>Read the draft paper <a href="https://openid.net/wp-content/uploads/2025/03/GM-and-RAR-vs-Consent-API-OIDF-draft.pdf">here</a>.</li> <li style="font-weight: 400;"> Implementers interested in being early adopters of Grant Management and RAR should contact <a href="mailto:openid-specs-fapi-owner@lists.openid.ne">openid-specs-fapi-owner@lists.openid.net</a> to discuss the next steps. </li> <li style="font-weight: 400;"> More broadly, the <a href="https://openid.net/wg/fapi/">FAPI Working Group</a> is open to the public, and anyone can contribute at no cost by signing a contribution agreement. To learn more about FAPI or the <a href="https://openid.net/wg/fapi/">FAPI Working Group</a>, visit <a href="https://openid.net/wg/fapi/">https://openid.net/wg/fapi/</a>, sign up for the mailing list, and attend WG meetings. </li> <li style="font-weight: 400;">We also recommend that all current and new ecosystems join the newly established<a href="https://openid.net/cg/ecosystem-support-community-group/"> Ecosystem Community Group</a> to help the OIDF community provide ongoing support for ecosystem leaders. To learn more about <a href="https://openid.net/cg/ecosystem-support-community-group/">Ecosystem Community Group</a>, visit <a href="https://openid.net/cg/ecosystem-support-community-group/">https://openid.net/cg/ecosystem-support-community-group/</a>, sign up for the mailing list, and attend CG meetings.</li> </ul> <div dir="auto"> OpenID Foundation The OpenID Foundation (OIDF) is a global open standards body committed to helping people assert their identity wherever they choose. Founded in 2007, we are a community of technical experts leading the creation of open identity standards that are secure, interoperable, and privacy preserving. The Foundation’s OpenID Connect standard is now used by billions of people across millions of applications. In the last five years, the Financial Grade API has become the standard of choice for Open Banking and Open Data implementations, allowing people to access and share data across entities. Today, the OpenID Foundation’s standards are the connective tissue to enable people to assert their identity and access their data at scale, the scale of the internet, enabling “networks of networks” to interoperate globally. Individuals, companies, governments and non-profits are encouraged to join or participate. Find out more at<a href="http://www.openid.net/">openid.net</a>. </div>The post <a href="https://openid.net/standardized-fine-grained-authorization-with-oauth2-grant-management-and-rich-authorization-requests/">Standardized, Fine-Grained Authorization Using OAuth 2 Grant Management and Rich Authorization Requests</a> first appeared on <a href="https://openid.net">OpenID Foundation</a>.]]></content:encoded> </item> <item> <title>Notice of Vote for Proposed Implementer’s Draft of OpenID4VC High Assurance Interoperability Profile</title> <link>https://openid.net/notice-of-vote-for-proposed-implementers-draft-oid4vc-haip/</link> <dc:creator><![CDATA[Mike Leszcz]]></dc:creator> <pubDate>Mon, 10 Mar 2025 22:38:48 +0000</pubDate> <category><![CDATA[News]]></category> <category><![CDATA[Specs]]></category> <category><![CDATA[Working Group]]></category> <category><![CDATA[DCP]]></category> <category><![CDATA[Digital Credentials Protocols]]></category> <category><![CDATA[HAIP]]></category> <category><![CDATA[Implementer's Draft]]></category> <category><![CDATA[OpenID4VC]]></category> <category><![CDATA[Specification]]></category> <category><![CDATA[Vote]]></category> <guid isPermaLink="false">https://openid.net/?p=50232</guid> <description><![CDATA[The official voting period will be between Tuesday, March 25, 2025 and Tuesday, April 1, 2025 (12:00pm PT), once the 45 day review of the specification has been completed. For the convenience of members who have completed their reviews by then, early voting will begin on Tuesday, March 18, 2025. The Digital Credentials Protocols (DCP) working […] The post <a href="https://openid.net/notice-of-vote-for-proposed-implementers-draft-oid4vc-haip/">Notice of Vote for Proposed Implementer’s Draft of OpenID4VC High Assurance Interoperability Profile</a> first appeared on <a href="https://openid.net">OpenID Foundation</a>.]]></description> <content:encoded><![CDATA[<div class="x_elementToProof" data-olk-copy-source="MessageBody">The official voting period will be between Tuesday, March 25, 2025 and Tuesday, April 1, 2025 (12:00pm PT), once the <a id="OWA30ed1cf7-0de4-fa13-e25c-bbe9a49b9879" class="x_OWAAutoLink" title="https://openid.net/public-review-period-for-proposed-implementers-draft-openid4vc-haip/" href="https://openid.net/public-review-period-for-proposed-implementers-draft-openid4vc-haip/" target="_blank" rel="noopener noreferrer" data-auth="NotApplicable" data-linkindex="0">45 day review</a> of the specification has been completed. For the convenience of members who have completed their reviews by then, early voting will begin on Tuesday, March 18, 2025.</div> <div class="x_elementToProof" aria-hidden="true"> </div> <div class="x_elementToProof">The Digital Credentials Protocols (DCP) working group page is <a id="OWAba00e3e1-a4cf-ee51-424f-1320a240c060" class="x_OWAAutoLink" title="https://openid.net/wg/digital-credentials-protocols/" href="https://openid.net/wg/digital-credentials-protocols/" target="_blank" rel="noopener noreferrer" data-auth="NotApplicable" data-linkindex="1">https://openid.net/wg/digital-credentials-protocols/</a>. If you’re not already an OpenID Foundation member, or if your membership has expired, please consider joining to participate in the approval vote. Information on joining the OpenID Foundation can be found at <a id="OWA5f61515e-cb47-7dd6-631e-0ab8e6cf3d19" class="x_OWAAutoLink" title="https://openid.net/foundation/members/registration" href="https://openid.net/foundation/members/registration" target="_blank" rel="noopener noreferrer" data-auth="NotApplicable" data-linkindex="2">https://openid.net/foundation/members/registration</a>.</div> <div class="x_elementToProof" aria-hidden="true"> </div> <div class="x_elementToProof">The vote will be conducted at <a id="OWA0755ac89-925c-f7fc-f2fc-6b4cadae6852" class="x_OWAAutoLink" title="https://openid.net/foundation/members/polls/355" href="https://openid.net/foundation/members/polls/355" target="_blank" rel="noopener noreferrer" data-auth="NotApplicable" data-linkindex="3">https://openid.net/foundation/members/polls/355</a>.</div> <div class="x_elementToProof" aria-hidden="true"> </div> <div class="x_elementToProof">Marie Jordan – OpenID Foundation Secretary</div> <div> </div> <div> <h2>About the OpenID Foundation</h2> The OpenID Foundation (OIDF) is a global open standards body committed to helping people assert their identity wherever they choose. Founded in 2007, we are a community of technical experts leading the creation of open identity standards that are secure, interoperable, and privacy preserving. The Foundation’s OpenID Connect standard is now used by billions of people across millions of applications. In the last five years, the Financial Grade API has become the standard of choice for Open Banking and Open Data implementations, allowing people to access and share data across entities. Today, the OpenID Foundation’s standards are the connective tissue to enable people to assert their identity and access their data at scale, the scale of the internet, enabling “networks of networks” to interoperate globally. Individuals, companies, governments and non-profits are encouraged to join or participate. Find out more at<a href="http://www.openid.net/"> openid.net</a>. </div>The post <a href="https://openid.net/notice-of-vote-for-proposed-implementers-draft-oid4vc-haip/">Notice of Vote for Proposed Implementer’s Draft of OpenID4VC High Assurance Interoperability Profile</a> first appeared on <a href="https://openid.net">OpenID Foundation</a>.]]></content:encoded> </item> <item> <title>Webinar on IPSIE secures more than 300 registrations</title> <link>https://openid.net/webinar-on-ipsie-secures-more-than-300-registrations/</link> <dc:creator><![CDATA[Serj Hallam]]></dc:creator> <pubDate>Fri, 07 Mar 2025 14:33:47 +0000</pubDate> <category><![CDATA[Blogs]]></category> <category><![CDATA[Foundation]]></category> <category><![CDATA[News]]></category> <category><![CDATA[Working Group]]></category> <category><![CDATA[Interoperability]]></category> <category><![CDATA[Security]]></category> <guid isPermaLink="false">https://openid.net/?p=50212</guid> <description><![CDATA[More than 300 identity security leaders and identity professionals registered for a recent webinar where our Executive Director Gail Hodges discussed with industry experts Jeff Reich, Dean H. Saxe, Aaron Parecki and George Fletcher, how enterprises can achieve secure, interoperable identity management using multiple standards, new enterprise interoperability profiles to strengthen security and streamline identity […] The post <a href="https://openid.net/webinar-on-ipsie-secures-more-than-300-registrations/">Webinar on IPSIE secures more than 300 registrations</a> first appeared on <a href="https://openid.net">OpenID Foundation</a>.]]></description> <content:encoded><![CDATA[<img loading="lazy" decoding="async" class="size-medium wp-image-50213 alignleft" src="https://openid.net/wp-content/uploads/2025/03/IPSIE-webinar-300x208.png" alt="" width="300" height="208" srcset="https://openid.net/wp-content/uploads/2025/03/IPSIE-webinar-300x208.png 300w, https://openid.net/wp-content/uploads/2025/03/IPSIE-webinar-768x531.png 768w, https://openid.net/wp-content/uploads/2025/03/IPSIE-webinar.png 902w" sizes="(max-width: 300px) 100vw, 300px" />More than 300 identity security leaders and identity professionals registered for a recent webinar where our Executive Director Gail Hodges discussed with industry experts Jeff Reich, Dean H. Saxe, Aaron Parecki and George Fletcher, how enterprises can achieve secure, interoperable identity management using multiple standards, new enterprise interoperability profiles to strengthen security and streamline identity management. The webinar – Securing the Future of Identity with IPSIE – A New Industry Standard – introduced the OpenID Foundation’s <a href="https://openid.net/wg/ipsie/">IPSIE Working Group</a>, which is tackling this challenge head-on with new interoperability profiles to strengthen security and streamline identity management. <a href="https://www.brighttalk.com/webcast/18458/636068?utm_campaign=communication_recording_published&utm_medium=email&utm_source=brighttalk-transact&player-preauth=eZ%2FimEOUqH71SW1x8fpQBZnvbJgccL6jI9UlFjLhKk4%3D">You can listen to the webinar here.</a> The OpenID Foundation urges SaaS providers and enterprises to get in involved and be a part of shaping a new standard that will strengthen identity security across the enterprise landscape. For further details on how to participate, please visit the<a href="https://openid.net/wg/ipsie/"> IPSIE Working Group</a> page. The post <a href="https://openid.net/webinar-on-ipsie-secures-more-than-300-registrations/">Webinar on IPSIE secures more than 300 registrations</a> first appeared on <a href="https://openid.net">OpenID Foundation</a>.]]></content:encoded> </item> <item> <title>OpenID Federation Interop Event, April 28-30, 2025</title> <link>https://openid.net/openid-federation-interop-apr-28-30-2025/</link> <dc:creator><![CDATA[Mike Jones]]></dc:creator> <pubDate>Thu, 06 Mar 2025 03:56:50 +0000</pubDate> <category><![CDATA[Events]]></category> <category><![CDATA[News]]></category> <category><![CDATA[Workshop]]></category> <guid isPermaLink="false">https://openid.net/?p=50173</guid> <description><![CDATA[The OpenID Foundation will be holding an interop testing event Monday-Wednesday, April 28-30, 2025 for OpenID Federation implementations. In-person participation is encouraged, but if it works better for you, you can also participate remotely. The event will be hosted by SUNET at their office in Stockholm, Sweden. Event Details: 📅 Date: Monday-Wednesday, April 28-30, 2025 🕒 […] The post <a href="https://openid.net/openid-federation-interop-apr-28-30-2025/">OpenID Federation Interop Event, April 28-30, 2025</a> first appeared on <a href="https://openid.net">OpenID Foundation</a>.]]></description> <content:encoded><![CDATA[The OpenID Foundation will be holding an interop testing event Monday-Wednesday, April 28-30, 2025 for <a href="https://openid.net/specs/openid-federation-1_0.html">OpenID Federation</a> implementations. In-person participation is encouraged, but if it works better for you, you can also participate remotely. The event will be hosted by <a href="https://www.sunet.se/">SUNET</a> at their office in Stockholm, Sweden. <h3>Event Details:</h3> <img src="https://s.w.org/images/core/emoji/15.0.3/72x72/1f4c5.png" alt="📅" class="wp-smiley" style="height: 1em; max-height: 1em;" /> Date: Monday-Wednesday, April 28-30, 2025 <img src="https://s.w.org/images/core/emoji/15.0.3/72x72/1f552.png" alt="🕒" class="wp-smiley" style="height: 1em; max-height: 1em;" /> Time: Mid-day Monday to mid-day Wednesday <img src="https://s.w.org/images/core/emoji/15.0.3/72x72/1f4cd.png" alt="📍" class="wp-smiley" style="height: 1em; max-height: 1em;" /> Location: SUNET, Tulegatan 11, Third Floor, 113 53 Stockholm, Sweden <img src="https://s.w.org/images/core/emoji/15.0.3/72x72/1f6aa.png" alt="🚪" class="wp-smiley" style="height: 1em; max-height: 1em;" />Suggested Hotels: <ul> <li><a href="https://www.birgerjarl.se/">Hotel Birger Jarl</a> – Across the street from SUNET</li> <li><a href="https://www.bestwestern.se/hotel/88161">Best Western Kom Hotel Stockholm</a></li> <li><a href="https://hellsten.se/en/">Hotel Hellsten</a></li> </ul> <img src="https://s.w.org/images/core/emoji/15.0.3/72x72/1f4bb.png" alt="💻" class="wp-smiley" style="height: 1em; max-height: 1em;" /> Virtual Option: Details on how to participate remotely will be emailed to registrants nearer the time <h3>What is the interop event and who is eligible?</h3> Come test your OpenID Federation implementation with those by others. You need not have a complete implementation to participate. You’ll also be trying out the <a href="https://openid.net/certification/">OpenID Certification</a> tests being developed for OpenID Federation. <h3>Why Attend?</h3> <ul> <li style="font-weight: 400;" aria-level="1">Collaborate with others using OpenID Federation.</li> <li style="font-weight: 400;" aria-level="1">Validate the specification, helping us advance it towards final status.</li> <li style="font-weight: 400;" aria-level="1">Validate your implementation, identifying areas that you can improve.</li> <li aria-level="1">Test the tests, laying the groundwork for OpenID Federation certification testing.</li> </ul> <h3>Interop Topics Include:</h3> <ul> <li aria-level="1">Profiles: Automatic Registration, Explicit Registration, Federation Wallet, Extended Listing</li> <li aria-level="1">Metadata: Metadata Resolution, Metadata Policy Testing</li> <li aria-level="1">Trust Marks: Schema validation, Delegated Trust Marks, Trust Mark Status</li> <li aria-level="1">Topologies: Multiple Trust Anchors, Inter-federation where a Trust Anchor is subordinate to another</li> <li aria-level="1">Trust Chains</li> <li aria-level="1">Resolvers</li> <li aria-level="1">Historical Keys</li> <li aria-level="1">Error Scenarios</li> <li aria-level="1">Certification: Test the OpenID Federation certification tests!</li> <li aria-level="1">Bonus: Try out Giuseppe De Marco’s OpenID Federation browser</li> </ul> Watch this space for updates as the dates approach. <h3>Please register your interest in participating in the <a href="https://docs.google.com/spreadsheets/d/1zYl-wdzgyol9u3ho342GZhSsg0hhqqneJHlMXWJSIw0/edit?gid=25633585#gid=25633585">list of potential participants</a>.</h3>The post <a href="https://openid.net/openid-federation-interop-apr-28-30-2025/">OpenID Federation Interop Event, April 28-30, 2025</a> first appeared on <a href="https://openid.net">OpenID Foundation</a>.]]></content:encoded> </item> <item> <title>OPIN joins OIDF Board via Peers Consulting + Technology</title> <link>https://openid.net/opin-joins-oidf-board-via-peers-consulting-technology/</link> <dc:creator><![CDATA[Serj Hallam]]></dc:creator> <pubDate>Thu, 27 Feb 2025 20:24:12 +0000</pubDate> <category><![CDATA[Blogs]]></category> <category><![CDATA[Election]]></category> <category><![CDATA[Foundation]]></category> <category><![CDATA[News]]></category> <category><![CDATA[Board of Directors]]></category> <category><![CDATA[Digital Identity]]></category> <category><![CDATA[FAPI]]></category> <category><![CDATA[OpenID Foundation]]></category> <category><![CDATA[trust ecosystem]]></category> <guid isPermaLink="false">https://openid.net/?p=50098</guid> <description><![CDATA[The OpenID Foundation is delighted to announce that Open Insurance Brazil (OPIN) will be joining the OpenID Foundation Board of Directors as a Sustaining Member, via their strategic partnership with Peers Consulting + Technology. Francisco Leme, Chief Technology and Operations Officer for OPIN and representative for Peers Consulting, will represent them on the Board. Open […] The post <a href="https://openid.net/opin-joins-oidf-board-via-peers-consulting-technology/">OPIN joins OIDF Board via Peers Consulting + Technology</a> first appeared on <a href="https://openid.net">OpenID Foundation</a>.]]></description> <content:encoded><![CDATA[<img loading="lazy" decoding="async" class="size-medium wp-image-50100 alignleft" src="https://openid.net/wp-content/uploads/2025/02/INST_Logo_Peers_AzulVertical-300x200.png" alt="" width="300" height="200" srcset="https://openid.net/wp-content/uploads/2025/02/INST_Logo_Peers_AzulVertical-300x200.png 300w, https://openid.net/wp-content/uploads/2025/02/INST_Logo_Peers_AzulVertical-1024x683.png 1024w, https://openid.net/wp-content/uploads/2025/02/INST_Logo_Peers_AzulVertical-768x512.png 768w, https://openid.net/wp-content/uploads/2025/02/INST_Logo_Peers_AzulVertical-1536x1024.png 1536w, https://openid.net/wp-content/uploads/2025/02/INST_Logo_Peers_AzulVertical-2048x1366.png 2048w" sizes="(max-width: 300px) 100vw, 300px" /> The OpenID Foundation is delighted to announce that <a href="https://opinbrasil.com.br/">Open Insurance Brazil</a> (OPIN) will be joining the OpenID Foundation Board of Directors as a Sustaining Member, via their strategic partnership with <a href="https://peers.com.br/">Peers Consulting</a> + Technology. <a href="https://www.linkedin.com/in/franciscoleme/">Francisco Leme</a>, Chief Technology and Operations Officer for OPIN and representative for Peers Consulting, will represent them on the Board. Open Insurance Brazil (OPIN) is a major initiative in Brazil, which came into being in 2021 to ensure the standardization of insurance data and service sharing. The OPIN project is managed by Peers Consulting in partnership with ecosystem participants, in accordance with the regulations established by<a href="https://www.gov.br/susep/pt-br"> Superintendence of Private Insurance</a> (SUSEP). OPIN had already been working closely with the OpenID Foundation as a valued ecosystem partner, since it selected and mandated the OpenID Foundation’s <a href="https://openid.net/wg/fapi/">FAPI </a>standard and self-certification capabilities into its ecosystem. The decision to join the Board is a well received evolution of this strategic relationship with mutual benefits. It raises the profile of the insurance sector, Latin American requirements, and ecosystem experience to the OpenID Foundation leadership. OPIN follows in the footsteps of its domestic peer, <a href="https://openfinancebrasil.org.br/?cookie=true" class="broken_link">Open Finance Brazil</a> (represented on the OpenID Foundation’s Board by <a href="https://chicagoswards.org/">Chicago Advisory Partners</a>), a Latin American trailblazer in adopting and mandating the OpenID Foundation’s FAPI standard and FAPI certification for the Brazilian financial services vertical. Commenting on the appointment, OpenID Foundation’s Executive Director Gail Hodges said: “OPIN and Peers Consulting have already achieved a great result as the first open insurance ecosystem in the world to implement FAPI, and the OpenID Foundation has been proud to support them on their journey. “We have no doubt that OPIN, Peers and Francisco himself will have a positive impact on our work to scale the adoption of open standards within Brazil, Latin America, and beyond. “Their decision to join the OpenID Foundation is very timely as more countries increase their focus on open data requirements. According to the <a href="https://www.jbs.cam.ac.uk/faculty-research/centres/alternative-finance/publications/the-global-state-of-open-banking-and-open-finance-report/">Cambridge Centre for Alternative Finance</a>, there are now 95 jurisdictions that have open data legislation, regulation or guidance, and are either in the development stage, moving through the process of planning or have been passed. We welcome the opportunity to work with them all.” Francisco Leme added: “I’m very thrilled to be part of the Board of Directors of the OpenID Foundation, representing Open Insurance Brazil. We are now even more together, combining our expertise and knowledge for the benefit of all insurance companies.” <h2>About the OpenID Foundation</h2> The OpenID Foundation (OIDF) is a global open standards body committed to helping people assert their identity wherever they choose. Founded in 2007, we are a community of technical experts leading the creation of open identity standards that are secure, interoperable, and privacy preserving. The Foundation’s OpenID Connect standard is now used by billions of people across millions of applications. In the last five years, the Financial Grade API has become the standard of choice for Open Banking and Open Data implementations, allowing people to access and share data across entities. Today, the OpenID Foundation’s standards are the connective tissue to enable people to assert their identity and access their data at scale, the scale of the internet, enabling “networks of networks” to interoperate globally. Individuals, companies, governments and non-profits are encouraged to join or participate. Find out more at<a href="http://www.openid.net/"> openid.net</a>. <h2>About Peers Consulting + Technology</h2> Peers Consulting & Technology is the fastest-growing business and technology consulting firm in Latin America. Its work is focused on business and digital journeys, offering customized approaches that range from strategic analysis to implementation. Certified by institutions such as FIA, ISG, Financial Times, Glassdoor, and Great Place to Work, it boasts a highly qualified multidisciplinary team. With more than 300 professionals, the company works closely and inquisitively to tackle the challenges faced by large national and international companies, as well as leading organizations in the nonprofit sector. A partner in building the future of its clients, Peers Consulting has expertise in a wide range of areas and industries, including banking and finance, supply chain, digital, organizational strategy, M&A, healthcare, insurance, education, ESG, and more. The firm collaborates with industry-leading companies such as C&A, Alpargatas, Grupo Boticário, Porto Seguro, and companies recently acquired by the largest private equity funds operating in the country.The post <a href="https://openid.net/opin-joins-oidf-board-via-peers-consulting-technology/">OPIN joins OIDF Board via Peers Consulting + Technology</a> first appeared on <a href="https://openid.net">OpenID Foundation</a>.]]></content:encoded> </item> <item> <title>Notice of a Security Vulnerability</title> <link>https://openid.net/notice-of-a-security-vulnerability/</link> <dc:creator><![CDATA[Serj Hallam]]></dc:creator> <pubDate>Tue, 25 Feb 2025 20:57:40 +0000</pubDate> <category><![CDATA[Blogs]]></category> <category><![CDATA[News]]></category> <category><![CDATA[Security]]></category> <category><![CDATA[Vulnerability]]></category> <guid isPermaLink="false">https://openid.net/?p=50062</guid> <description><![CDATA[The OpenID Foundation is committed to maintaining the highest security standards in identity protocols and takes security research seriously. As our specifications move towards final, we engage security researchers to conduct a rigorous security analysis and identify any vulnerabilities in the specifications. During a formal analysis of OpenID Federation, a security vulnerability was discovered relating […] The post <a href="https://openid.net/notice-of-a-security-vulnerability/">Notice of a Security Vulnerability</a> first appeared on <a href="https://openid.net">OpenID Foundation</a>.]]></description> <content:encoded><![CDATA[The OpenID Foundation is committed to maintaining the highest security standards in identity protocols and takes security research seriously. As our specifications move towards final, we engage security researchers to conduct a rigorous security analysis and identify any vulnerabilities in the specifications. During a formal analysis of OpenID Federation, a security vulnerability was discovered relating to ambiguities in the audience values of JWTs sent to authorization servers. This vulnerability also impacts other OpenID specifications and OAuth specifications. Corrective actions have already been taken and incorporated into OpenID Foundation specifications and certification tests to address the potential issue. Corrective actions are under way for the affected OAuth specifications as well. In parallel, we have been working closely with relevant stakeholders to ensure robust mitigation strategies are in place across the implementer and standards communities. At this time, we are not aware of any known compromises that occurred resulting from this potential attack vector. Some ecosystems that were previously vulnerable have updated their deployments to address the vulnerability. Our focus is on ensuring that all implementers are well-equipped with the guidance needed to secure their deployments effectively. Our sincere thanks to the University of Stuttgart security researchers Dr. Ralf Küsters, Tim Würtele, and Pedram Hosseyni for their due diligence that led to the identification of this security vulnerability. This discovery is an example of the value of security analysis, partnerships, and community collaboration. Further details on this security vulnerability can be found here: <a href="https://openid.net/wp-content/uploads/2025/01/OIDF-Responsible-Disclosure-Notice-on-Security-Vulnerability-for-private_key_jwt.pdf">https://openid.net/wp-content/uploads/2025/01/OIDF-Responsible-Disclosure-Notice-on-Security-Vulnerability-for-private_key_jwt.pdf</a>. Questions relating to your own implementation can be directed to <a href="mailto:certification@oidf.org">certification@oidf.org</a>. The vulnerability has been assigned CVE numbers: <ul> <li><a href="https://www.cve.org/CVERecord?id=CVE-2025-27370">CVE-2025-27370</a> for OpenID Foundation private_key_jwt as defined in OpenID Connect</li> <li><a href="https://www.cve.org/CVERecord?id=CVE-2025-27371">CVE-2025-27371</a> for IETF OAuth2 JWT client authentication assertions as defined in RFC 7521/7523</li> </ul> <h2>About the OpenID Foundation</h2> The OpenID Foundation (OIDF) is a global open standards body committed to helping people assert their identity wherever they choose. Founded in 2007, we are a community of technical experts leading the creation of open identity standards that are secure, interoperable, and privacy preserving. The Foundation’s OpenID Connect standard is now used by billions of people across millions of applications. In the last five years, the Financial Grade API has become the standard of choice for Open Banking and Open Data implementations, allowing people to access and share data across entities. Today, the OpenID Foundation’s standards are the connective tissue to enable people to assert their identity and access their data at scale, the scale of the internet, enabling “networks of networks” to interoperate globally. Individuals, companies, governments and non-profits are encouraged to join or participate. Find out more at<a href="http://www.openid.net/"> openid.net</a>.  The post <a href="https://openid.net/notice-of-a-security-vulnerability/">Notice of a Security Vulnerability</a> first appeared on <a href="https://openid.net">OpenID Foundation</a>.]]></content:encoded> </item> </channel> </rss>