<?xml version="1.0" encoding="UTF-8"?><rss version="2.0" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:wfw="http://wellformedweb.org/CommentAPI/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:sy="http://purl.org/rss/1.0/modules/syndication/" xmlns:slash="http://purl.org/rss/1.0/modules/slash/" > <channel> <title>OpenID Foundation</title> <atom:link href="https://openid.net/feed/" rel="self" type="application/rss+xml" /> <link>https://openid.net</link> <description>Helping people assert their identity wherever they choose</description> <lastBuildDate>Mon, 10 Feb 2025 22:07:52 +0000</lastBuildDate> <language>en-US</language> <sy:updatePeriod> hourly </sy:updatePeriod> <sy:updateFrequency> 1 </sy:updateFrequency> <generator>https://wordpress.org/?v=6.7.2</generator> <image> <url>https://openid.net/wp-content/uploads/2022/11/favicon_23-150x150.jpg</url> <title>OpenID Foundation</title> <link>https://openid.net</link> <width>32</width> <height>32</height> </image> <item> <title>Second Implementer’s Draft of OpenID for Verifiable Credential Issuance Specification Approved</title> <link>https://openid.net/second-implementers-draft-openid-for-verifiable-credential-issuance-approved/</link> <dc:creator><![CDATA[Elizabeth Garber]]></dc:creator> <pubDate>Mon, 10 Feb 2025 22:06:42 +0000</pubDate> <category><![CDATA[Implementer's Draft]]></category> <category><![CDATA[News]]></category> <category><![CDATA[OpenID4VC]]></category> <category><![CDATA[Specs]]></category> <category><![CDATA[Working Group]]></category> <category><![CDATA[Specification]]></category> <category><![CDATA[Vote]]></category> <guid isPermaLink="false">https://openid.net/?p=49735</guid> <description><![CDATA[<p>The OpenID Foundation membership has approved the following specification as an OpenID Second Implementer’s Draft: OpenID for Verifiable Credential Issuance An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. This Second Implementer’s Draft is a product of the Digital Credentials Protocols (DCP) working group. The [&#8230;]</p> <p>The post <a href="https://openid.net/second-implementers-draft-openid-for-verifiable-credential-issuance-approved/">Second Implementer’s Draft of OpenID for Verifiable Credential Issuance Specification Approved</a> first appeared on <a href="https://openid.net">OpenID Foundation</a>.</p>]]></description> <content:encoded><![CDATA[<div> <p>The OpenID Foundation membership has approved the following specification as an OpenID Second Implementer’s Draft:</p> <div> <p><a href="https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0-ID2.html"><b>OpenID for Verifiable Credential Issuance</b></a></p> </div> <div> <p>An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. This Second Implementer’s Draft is a product of the <u><a title="https://openid.net/wg/digital-credentials-protocols/" href="https://openid.net/wg/digital-credentials-protocols/" target="_blank" rel="noopener noreferrer" data-auth="NotApplicable" data-linkindex="1">Digital Credentials Protocols (DCP) working group</a></u>.</p> </div> <div> <p>The voting results were:</p> </div> <p>·       Approve – 86 votes</p> <p>·       Object – 1 vote</p> <p>·       Abstain – 17 votes</p> <div> <p>Total votes: 104 (out of 399 members = 26% &gt; 20% quorum requirement)</p> </div> <div> <p>Marie Jordan – OpenID Foundation Secretary</p> </div> </div> <div> </div> <h2><b>About the OpenID Foundation</b></h2> <p>The OpenID Foundation (OIDF) is a global open standards body committed to helping people assert their identity wherever they choose. Founded in 2007, we are a community of technical experts leading the creation of open identity standards that are secure, interoperable, and privacy preserving. The Foundation’s OpenID Connect standard is now used by billions of people across millions of applications. In the last five years, the Financial Grade API has become the standard of choice for Open Banking and Open Data implementations, allowing people to access and share data across entities. Today, the OpenID Foundation’s standards are the connective tissue to enable people to assert their identity and access their data at scale, the scale of the internet, enabling “networks of networks” to interoperate globally. Individuals, companies, governments and non-profits are encouraged to join or participate. Find out more at<a href="http://www.openid.net/"> openid.net</a>.   </p><p>The post <a href="https://openid.net/second-implementers-draft-openid-for-verifiable-credential-issuance-approved/">Second Implementer’s Draft of OpenID for Verifiable Credential Issuance Specification Approved</a> first appeared on <a href="https://openid.net">OpenID Foundation</a>.</p>]]></content:encoded> </item> <item> <title>Public Review Period for Proposed Implementer’s Draft of OpenID4VC High Assurance Interoperability Profile</title> <link>https://openid.net/public-review-period-for-proposed-implementers-draft-openid4vc-haip/</link> <dc:creator><![CDATA[Mike Leszcz]]></dc:creator> <pubDate>Fri, 07 Feb 2025 16:20:13 +0000</pubDate> <category><![CDATA[Implementer's Draft]]></category> <category><![CDATA[News]]></category> <category><![CDATA[OpenID4VC]]></category> <category><![CDATA[Specs]]></category> <category><![CDATA[Working Group]]></category> <category><![CDATA[HAIP]]></category> <category><![CDATA[Specification]]></category> <category><![CDATA[Vote]]></category> <guid isPermaLink="false">https://openid.net/?p=49100</guid> <description><![CDATA[<p>The Digital Credentials Protocols (DCP) working group recommends approval of the following specification as an OpenID Implementer’s Draft: OpenID for OpenID4VC High Assurance Interoperability Profile: https://openid.net/specs/openid4vc-high-assurance-interoperability-profile-1_0-03.html  An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. This note starts the 45-day public review period for the specification draft [&#8230;]</p> <p>The post <a href="https://openid.net/public-review-period-for-proposed-implementers-draft-openid4vc-haip/">Public Review Period for Proposed Implementer’s Draft of OpenID4VC High Assurance Interoperability Profile</a> first appeared on <a href="https://openid.net">OpenID Foundation</a>.</p>]]></description> <content:encoded><![CDATA[<div> <p><span data-olk-copy-source="MessageBody">The </span><a id="OWAe6f1e4a7-fc61-fb01-3074-23033b49c54b" class="x_OWAAutoLink" title="https://openid.net/wg/digital-credentials-protocols/" href="https://openid.net/wg/digital-credentials-protocols/" target="_blank" rel="noopener noreferrer" data-linkindex="0" data-auth="NotApplicable">Digital Credentials Protocols (DCP)</a> working group recommends approval of the following specification as an OpenID Implementer’s Draft:</p> </div> <ul> <li> <div class="x_elementToProof">OpenID for OpenID4VC High Assurance Interoperability Profile<b>: </b><a id="LPlnk" title="https://openid.net/specs/openid4vc-high-assurance-interoperability-profile-1_0-03.html" href="https://openid.net/specs/openid4vc-high-assurance-interoperability-profile-1_0-03.html" target="_blank" rel="noopener noreferrer" data-auth="NotApplicable" data-linkindex="1">https://openid.net/specs/openid4vc-high-assurance-interoperability-profile-1_0-03.html</a> </div> </li> </ul> <div> <p>An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. This note starts the 45-day public review period for the specification draft in accordance with the OpenID Foundation IPR policies and procedures. Unless issues are identified during the review that the working group believes must be addressed by revising the draft, this review period will be followed by a seven-day voting period during which OpenID Foundation members will vote on whether to approve this draft as an OpenID Implementer’s Draft. For the convenience of members, voting will actually begin a week before the start of the official voting period, for members who have completed their reviews by then. This would be the second Implementer’s Draft of the specification.</p> </div> <div> <p>The relevant dates are:</p> </div> <div> <ul> <li>Implementer&#8217;s Draft public review period: Friday, February 7, 2025 to Monday, March 24, 2025 (45 days)</li> </ul> </div> <div> <ul> <li>Implementer&#8217;s Draft vote announcement: Tuesday, March 11, 2025</li> </ul> </div> <div> <ul> <li>Implementer&#8217;s Draft early voting opens: Tuesday, March 18, 2025 *</li> </ul> </div> <div> <ul> <li>Implementer&#8217;s Draft official voting period: Tuesday, March 25, 2025 to Tuesday, April 1, 2025</li> </ul> </div> <div> <p>&nbsp;</p> </div> <div> <p>* Note: Early voting before the start of the formal voting period will be allowed. The Digital Credentials Protocols (DCP) working group page is <a id="OWAa36451f4-eaef-f4d2-ceec-15a982db4ab0" class="x_OWAAutoLink" title="https://openid.net/wg/digital-credentials-protocols/" href="https://openid.net/wg/digital-credentials-protocols/" target="_blank" rel="noopener noreferrer" data-linkindex="2" data-auth="NotApplicable">https://openid.net/wg/digital-credentials-protocols/</a>. Information on joining the OpenID Foundation can be found at <a id="OWA26ec44a4-3411-d764-d354-db29c3733a88" class="x_OWAAutoLink" title="https://openid.net/foundation/members/registration" href="https://openid.net/foundation/members/registration" target="_blank" rel="noopener noreferrer" data-linkindex="3" data-auth="NotApplicable">https://openid.net/foundation/members/registration</a>. If you’re not a current OpenID Foundation member, please consider joining to participate in the approval vote. You can send feedback on the specification in a way that enables the working group to act upon it by (1) signing the Contribution Agreement at <a id="OWA419bdb86-c6c0-8e97-2fc3-c0ed5d690be4" class="x_OWAAutoLink" title="https://openid.net/intellectual-property/" href="https://openid.net/intellectual-property/" target="_blank" rel="noopener noreferrer" data-linkindex="4" data-auth="NotApplicable">https://openid.net/intellectual-property/</a> to join the working group (at a minimum, please specify that you are joining the “DCP” working group or select “All Work Groups” on your Contribution Agreement), (2) joining the working group mailing list at <a id="OWAaea0c4ab-98f4-3a0b-a9e4-e612ab7b3f8d" class="x_OWAAutoLink" title="mailto:openid-specs-digital-credentials-protocols@lists.openid.net" href="mailto:openid-specs-digital-credentials-protocols@lists.openid.net" data-linkindex="5">openid-specs-digital-credentials-protocols@lists.openid.net</a>, and (3) sending your feedback to the list.</p> </div> <div> <p>-Marie Jordan, OpenID Foundation Secretary</p> </div> <h2><b><br />About the OpenID Foundation</b></h2> <p>The OpenID Foundation (OIDF) is a global open standards body committed to helping people assert their identity wherever they choose. Founded in 2007, we are a community of technical experts leading the creation of open identity standards that are secure, interoperable, and privacy preserving. The Foundation’s OpenID Connect standard is now used by billions of people across millions of applications. In the last five years, the Financial Grade API has become the standard of choice for Open Banking and Open Data implementations, allowing people to access and share data across entities. Today, the OpenID Foundation’s standards are the connective tissue to enable people to assert their identity and access their data at scale, the scale of the internet, enabling “networks of networks” to interoperate globally. Individuals, companies, governments and non-profits are encouraged to join or participate. Find out more at<a href="http://www.openid.net/"> openid.net</a>.   </p><p>The post <a href="https://openid.net/public-review-period-for-proposed-implementers-draft-openid4vc-haip/">Public Review Period for Proposed Implementer’s Draft of OpenID4VC High Assurance Interoperability Profile</a> first appeared on <a href="https://openid.net">OpenID Foundation</a>.</p>]]></content:encoded> </item> <item> <title>AuthZEN community to host interoperability session at the Gartner IAM Summit</title> <link>https://openid.net/authzen-at-gartner-iam/</link> <dc:creator><![CDATA[Elizabeth Garber]]></dc:creator> <pubDate>Mon, 03 Feb 2025 19:27:53 +0000</pubDate> <category><![CDATA[Authorization]]></category> <category><![CDATA[Interops]]></category> <category><![CDATA[News]]></category> <category><![CDATA[Technology Events]]></category> <category><![CDATA[Working Group]]></category> <category><![CDATA[AuthZEN]]></category> <category><![CDATA[Interoperability]]></category> <guid isPermaLink="false">https://openid.net/?p=49617</guid> <description><![CDATA[<p>  AuthZEN Co-chairs David Brossard and Omri Gazitt presenting at Gartner IAM in Dallas, December 2024 As part of its return to the Gartner Identity and Access Management (IAM) Summit in London, March 24th-25th 2025, the OpenID Foundation is excited to share that it will also be hosting its latest  interoperability session for the OpenID [&#8230;]</p> <p>The post <a href="https://openid.net/authzen-at-gartner-iam/">AuthZEN community to host interoperability session at the Gartner IAM Summit</a> first appeared on <a href="https://openid.net">OpenID Foundation</a>.</p>]]></description> <content:encoded><![CDATA[<h2> </h2> <h6><img fetchpriority="high" decoding="async" class="aligncenter wp-image-49630 size-large" src="https://openid.net/wp-content/uploads/2025/02/gartner-iam-2024-og-db-1024x768.jpg" alt="" width="800" height="600" srcset="https://openid.net/wp-content/uploads/2025/02/gartner-iam-2024-og-db-1024x768.jpg 1024w, https://openid.net/wp-content/uploads/2025/02/gartner-iam-2024-og-db-300x225.jpg 300w, https://openid.net/wp-content/uploads/2025/02/gartner-iam-2024-og-db-768x576.jpg 768w, https://openid.net/wp-content/uploads/2025/02/gartner-iam-2024-og-db-1536x1152.jpg 1536w, https://openid.net/wp-content/uploads/2025/02/gartner-iam-2024-og-db-2048x1536.jpg 2048w" sizes="(max-width: 800px) 100vw, 800px" /></h6> <h6><em>AuthZEN Co-chairs David Brossard and Omri Gazitt presenting at Gartner IAM in Dallas, December 2024</em></h6> <p><span style="font-weight: 400;">As part of its return to the Gartner Identity and Access Management (IAM) Summit in London, March 24th-25th 2025, the OpenID Foundation is excited to share that it will also be hosting its latest  interoperability session for the </span><a href="https://openid.net/wg/authzen/"><span style="font-weight: 400;">OpenID AuthZEN community</span></a><span style="font-weight: 400;">. This builds on the momentum that the OpenID Foundation has garnered at two previous Gartner IAM Summits for the Shared Signals Framework community.</span></p> <p><span style="font-weight: 400;">The sessions will be led by </span><a href="https://www.linkedin.com/in/ogazitt/"><span style="font-weight: 400;">Omri Gazitt, co-chair of the AuthZEN Working Group and co-founder/CEO of Aserto</span></a><span style="font-weight: 400;">, who will also be co-presenting a talk on </span><a href="https://www.gartner.com/en/conferences/emea/identity-access-management-uk/sessions/detail/3792722-Executive-Story-AuthZEN-the-OpenID-Connect-of-Authorization" class="broken_link"><i><span style="font-weight: 400;">AuthZEN: the &#8220;OpenID Connect&#8221; of Authorization</span></i></a><span style="font-weight: 400;"> on Tuesday, 25th March at 11:15am until 11:45am (GMT). </span></p> <p><span style="font-weight: 400;">Omri notes “AuthZEN is gaining momentum as the long-awaited interoperability standard for unifying the fragmented fine-grained authorization space. This is a great opportunity for implementers to showcase their progress, and for the wider industry to see how interoperability is moving forward.” </span></p> <h2><span style="font-weight: 400;">OIDF calls for participants to demonstrate their AuthZEN implementations at the global event in London this March</span></h2> <p><span style="font-weight: 400;">The OpenID Foundation’s AuthZEN Working Group is inviting participation from implementers.</span></p> <p><span style="font-weight: 400;">For this interoperability showcase, the AuthZEN WG is introducing a new interoperability scenario with API gateways as Policy Enforcement Points (PEPs), and is prioritizing their participation.</span></p> <p><span style="font-weight: 400;">In addition, the WG has defined an interoperability scenario for Identity Providers that can act as PEPs as part of the authentication process, and can enrich access tokens utilizing the newly introduced AuthZEN Resource Search API.</span></p> <p><span style="font-weight: 400;">Demonstration slots will be given to implementations based on their maturity, availability, and membership of the OpenID Foundation. </span></p> <p><span style="font-weight: 400;">Five free registration passes for the Gartner IAM Summit will be awarded to representatives of member organisations demonstrating significant interoperability success. </span></p> <p><span style="font-weight: 400;">To learn more about the event or to register your implementation for testing, please contact <a href="mailto:omri@aserto.com?subject=Gartner%20Interop">Omri Gazitt</a></span><span style="font-weight: 400;">.</span></p> <h2><span style="font-weight: 400;">About the OpenID Foundation</span></h2> <p><span style="font-weight: 400;">The OpenID Foundation (OIDF) is a global open standards body committed to helping people assert their identity wherever they choose. Founded in 2007, we are a community of technical experts leading the creation of open identity standards that are secure, interoperable, and privacy preserving. The Foundation’s OpenID Connect standard is now used by billions of people across millions of applications. In the last five years, the Financial Grade API has become the standard of choice for Open Banking and Open Data implementations, allowing people to access and share data across entities. Today, the OpenID Foundation’s standards are the connective tissue to enable people to assert their identity and access their data at scale, the scale of the internet, enabling “networks of networks” to interoperate globally. Individuals, companies, governments and non-profits are encouraged to join or participate. Find out more at</span><a href="http://www.openid.net/"><span style="font-weight: 400;"> openid.net</span></a><span style="font-weight: 400;">.</span></p><p>The post <a href="https://openid.net/authzen-at-gartner-iam/">AuthZEN community to host interoperability session at the Gartner IAM Summit</a> first appeared on <a href="https://openid.net">OpenID Foundation</a>.</p>]]></content:encoded> </item> <item> <title>Shared Signal WG returns to Gartner IAM for interoperability</title> <link>https://openid.net/shared-signal-wg-returns-to-gartner-iam-for-interoperability/</link> <dc:creator><![CDATA[Serj Hallam]]></dc:creator> <pubDate>Tue, 28 Jan 2025 07:00:18 +0000</pubDate> <category><![CDATA[News]]></category> <category><![CDATA[Technology Events]]></category> <category><![CDATA[Working Group]]></category> <category><![CDATA[Events]]></category> <category><![CDATA[Interoperability]]></category> <category><![CDATA[Shared Signals]]></category> <guid isPermaLink="false">https://openid.net/?p=49474</guid> <description><![CDATA[<p>Call for participants: Demonstrate your SSF and CAEP implementations at the Gartner IAM Summit in London this March. The OpenID Foundation is excited to announce its return to the Gartner Identity and Access Management (IAM) Summit in London, March 24th-25th 2025, to host another interoperability session. This marks the third time the OpenID Foundation has [&#8230;]</p> <p>The post <a href="https://openid.net/shared-signal-wg-returns-to-gartner-iam-for-interoperability/">Shared Signal WG returns to Gartner IAM for interoperability</a> first appeared on <a href="https://openid.net">OpenID Foundation</a>.</p>]]></description> <content:encoded><![CDATA[<h2><span style="font-weight: 400;">Call for participants: Demonstrate your SSF and CAEP implementations at the Gartner IAM Summit in London this March.</span></h2> <p><span style="font-weight: 400;">The OpenID Foundation is excited to announce its return to the Gartner Identity and Access Management (IAM) Summit in London, March 24</span><span style="font-weight: 400;">th</span><span style="font-weight: 400;">-25</span><span style="font-weight: 400;">th</span><span style="font-weight: 400;"> 2025, to host another interoperability session. This marks the third time the OpenID Foundation has been invited to this influential gathering of industry leaders to showcase the evolution and adoption of interoperable solutions within the identity ecosystem. </span></p> <p><span style="font-weight: 400;">Having hosted interoperability sessions at two previous Gartner IAM Summits (in </span><a href="https://openid.net/shared-signals-enhanced-security-for-all/"><span style="font-weight: 400;">London</span></a><span style="font-weight: 400;"> and </span><a href="https://openid.net/shared-signals-interoperability-at-gartner-iam/"><span style="font-weight: 400;">Texas</span></a><span style="font-weight: 400;">), this year’s presence promises to push boundaries once again. </span></p> <p><span style="font-weight: 400;">The sessions will be led by </span><a href="https://www.linkedin.com/in/tulshi/"><span style="font-weight: 400;">Atul Tulshibagwale, Corporate Board Member of the OpenID Foundation and CTO of SGNL</span></a><span style="font-weight: 400;">, who will also be presenting a talk on </span><a href="https://www.gartner.com/en/conferences/emea/identity-access-management-uk/sessions/detail/3792684-Executive-Story-Building-a-Trust-Fabric-With-the-OpenID-Shared-Signals-Framework" class="broken_link"><i><span style="font-weight: 400;">Building a Trust Fabric with the OpenID Shared Signals Framework</span></i></a><span style="font-weight: 400;"> on Monday, 24</span><span style="font-weight: 400;">th</span><span style="font-weight: 400;"> March at 11:45am until 12:15pm (GMT). </span></p> <p><span style="font-weight: 400;">He noted, “Interoperability is the cornerstone of secure, scalable, and user-centric identity solutions. These interoperability sessions play a valuable role not only to validate the technical capabilities of implementations, but also to foster vital collaboration among innovators in this space.”</span></p> <h2><span style="font-weight: 400;">Invitation to Participate</span></h2> <p><span style="font-weight: 400;">OpenID Foundation’s Shared Signals Working Group (SSWG) is once again inviting participation from implementers. As always, the OpenID Foundation welcomes those who have previously participated and demonstrated interoperability, but new entrants are also being sought. These are organizations with newer implementations seeking to showcase their solutions and achieve interoperability certification for the first time.</span></p> <p><span style="font-weight: 400;">To accommodate this diversity, the SSWG has designed rules to encourage participation from newcomers while continuing to highlight the strengths of more established solutions. These include:</span></p> <ul> <li style="font-weight: 400;"><b>Conformance Tests</b><span style="font-weight: 400;">: All participants must pass the OpenID Foundation’s conformance tests, which assess key features such as transmitter configuration metadata discovery, stream operations (read, create, update, delete), push delivery, and trigger verification. </span> <ul> <li style="font-weight: 400;"><span style="font-weight: 400;">Transmitters and Receivers must support the SSF verification event-type and at least one additional event type, such as CAEP session revocation, CAEP credentials change, or CAEP risk level change</span></li> </ul> </li> <li style="font-weight: 400;"><b>Interoperability Tests</b><span style="font-weight: 400;">: Conformant implementations must successfully test with at least one other conformant implementation to achieve ‘interoperable’ status. This involves mutual certification of successful pairwise testing.</span></li> </ul> <p><span style="font-weight: 400;">Interoperable implementations will also be categorized as follows:</span></p> <ul> <li style="font-weight: 400;"><span style="font-weight: 400;">Available now &#8211; publicly documented, currently available solutions.</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Available soon &#8211; publicly documented solutions with near-term availability.</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">In development &#8211; solutions not yet publicly documented or available.</span></li> </ul> <p><span style="font-weight: 400;">There will be 15 demonstration slots, divided into three sessions of five slots each. These will be given to implementations based on their maturity, availability, and membership of the OpenID Foundation. </span></p> <h2><span style="font-weight: 400;">Additional incentive to participate </span></h2> <p><span style="font-weight: 400;">The OpenID Foundation will award five free registration passes for the Gartner IAM Summit to representatives of member organisations, giving them ‘speaker’ status. These will be awarded to OpenID Foundation members with new implementations and those demonstrating significant interoperability success. </span></p> <p><span style="font-weight: 400;">Other attendees can purchase full conference passes to participate in the event.</span></p> <p><span style="font-weight: 400;">To learn more about the event or to register your implementation for testing, please contact </span><a href="mailto:atul@sgnl.ai"><span style="font-weight: 400;">Atul Tulshibagwale</span></a><span style="font-weight: 400;">. The full rules can be found here: <a href="https://openid.net/wp-content/uploads/2025/01/Program-Rules-London-2025-CAEP-Interop-at-Gartner-IAM-Summit-1-1.docx">Program Rules &#8211; London 2025 CAEP Interop at Gartner IAM Summit (1)</a></span><span style="font-weight: 400;">.</span></p> <h2><span style="font-weight: 400;">About the OpenID Foundation</span></h2> <p><span style="font-weight: 400;">The OpenID Foundation (OIDF) is a global open standards body committed to helping people assert their identity wherever they choose. Founded in 2007, we are a community of technical experts leading the creation of open identity standards that are secure, interoperable, and privacy preserving. The Foundation’s OpenID Connect standard is now used by billions of people across millions of applications. In the last five years, the Financial Grade API has become the standard of choice for Open Banking and Open Data implementations, allowing people to access and share data across entities. Today, the OpenID Foundation’s standards are the connective tissue to enable people to assert their identity and access their data at scale, the scale of the internet, enabling “networks of networks” to interoperate globally. Individuals, companies, governments and non-profits are encouraged to join or participate. Find out more at</span><a href="http://www.openid.net/"><span style="font-weight: 400;"> openid.net</span></a><span style="font-weight: 400;">.   </span></p><p>The post <a href="https://openid.net/shared-signal-wg-returns-to-gartner-iam-for-interoperability/">Shared Signal WG returns to Gartner IAM for interoperability</a> first appeared on <a href="https://openid.net">OpenID Foundation</a>.</p>]]></content:encoded> </item> <item> <title>Notice of Vote for Proposed FAPI 2.0 Security Profile and Attacker Model Final Specifications</title> <link>https://openid.net/notice-of-vote-for-proposed-fapi-2-0-security-profile-and-attacker-model-final-specifications/</link> <dc:creator><![CDATA[Elizabeth Garber]]></dc:creator> <pubDate>Fri, 24 Jan 2025 21:54:49 +0000</pubDate> <category><![CDATA[FAPI]]></category> <category><![CDATA[Final Specification]]></category> <category><![CDATA[News]]></category> <category><![CDATA[Specs]]></category> <category><![CDATA[Working Group]]></category> <category><![CDATA[FAPI 2.0]]></category> <category><![CDATA[FAPI Security Profile]]></category> <category><![CDATA[Specification]]></category> <category><![CDATA[Vote]]></category> <guid isPermaLink="false">https://openid.net/?p=49432</guid> <description><![CDATA[<p>The official voting period will be between Saturday, February 8, 2025 and Saturday, February 15, 2025 (12:00pm PT), once the 60 day review of the specifications has been completed. For the convenience of members who have completed their reviews by then, voting will actually begin on Saturday, February 1, 2025. The FAPI working group page: [&#8230;]</p> <p>The post <a href="https://openid.net/notice-of-vote-for-proposed-fapi-2-0-security-profile-and-attacker-model-final-specifications/">Notice of Vote for Proposed FAPI 2.0 Security Profile and Attacker Model Final Specifications</a> first appeared on <a href="https://openid.net">OpenID Foundation</a>.</p>]]></description> <content:encoded><![CDATA[<div> <p><span data-olk-copy-source="MessageBody">The official voting period will be between Saturday, February 8, 2025 and Saturday, February 15, 2025 (12:00pm PT), once the </span><u><a title="https://openid.net/public-review-for-proposed-final-fapi-2-0-specifications/" href="https://openid.net/public-review-for-proposed-final-fapi-2-0-specifications/" target="_blank" rel="noopener noreferrer" data-auth="NotApplicable" data-linkindex="0">60 day review</a></u> of the specifications has been completed. For the convenience of members who have completed their reviews by then, voting will actually begin on Saturday, February 1, 2025.</p> </div> <div> <p>The FAPI working group page: <u><a title="https://openid.net/wg/fapi/" href="https://openid.net/wg/fapi/" target="_blank" rel="noopener noreferrer" data-auth="NotApplicable" data-linkindex="1">https://openid.net/wg/fapi/</a></u>. If you’re not already an OpenID Foundation member, or if your membership has expired, please consider joining to participate in the approval vote. Information on joining the OpenID Foundation can be found at <u><a title="https://openid.net/foundation/members/registration" href="https://openid.net/foundation/members/registration" target="_blank" rel="noopener noreferrer" data-auth="NotApplicable" data-linkindex="2">https://openid.net/foundation/members/registration</a></u>.</p> </div> <div> <p>The vote will be conducted at <a title="https://openid.net/foundation/members/polls/352" href="https://openid.net/foundation/members/polls/352" target="_blank" rel="noopener noreferrer" data-auth="NotApplicable" data-linkindex="3">https://openid.net/foundation/members/polls/352</a>.</p> </div> <div> <p>Marie Jordan – OpenID Foundation Secretary</p> </div><p>The post <a href="https://openid.net/notice-of-vote-for-proposed-fapi-2-0-security-profile-and-attacker-model-final-specifications/">Notice of Vote for Proposed FAPI 2.0 Security Profile and Attacker Model Final Specifications</a> first appeared on <a href="https://openid.net">OpenID Foundation</a>.</p>]]></content:encoded> </item> <item> <title>Notice of Vote for Proposed Second Implementer’s Draft of OpenID for Verifiable Credential Issuance Specification</title> <link>https://openid.net/notice-of-vote-for-proposed-second-implementers-draft-openid4vci-specification/</link> <dc:creator><![CDATA[Mike Leszcz]]></dc:creator> <pubDate>Tue, 21 Jan 2025 19:49:34 +0000</pubDate> <category><![CDATA[Implementer's Draft]]></category> <category><![CDATA[News]]></category> <category><![CDATA[OpenID4VC]]></category> <category><![CDATA[Specs]]></category> <category><![CDATA[Working Group]]></category> <category><![CDATA[Specification]]></category> <category><![CDATA[Vote]]></category> <guid isPermaLink="false">https://openid.net/?p=49335</guid> <description><![CDATA[<p>The official voting period will be between Monday, February 3, 2025 and Monday, February 10, 2025 (12:00pm  PT), once the 45 day review of the specification has been completed. For the convenience of members who have completed their reviews by then, voting will actually begin on Monday, January 27, 2025. The Digital Credentials Protocols (DCP) working group [&#8230;]</p> <p>The post <a href="https://openid.net/notice-of-vote-for-proposed-second-implementers-draft-openid4vci-specification/">Notice of Vote for Proposed Second Implementer’s Draft of OpenID for Verifiable Credential Issuance Specification</a> first appeared on <a href="https://openid.net">OpenID Foundation</a>.</p>]]></description> <content:encoded><![CDATA[<p>The official voting period will be between Monday, February 3, 2025 and Monday, February 10, 2025 (12:00pm  PT), once the <a href="https://openid.net/public-review-period-for-proposed-second-implementers-draft-of-openid-for-verifiable-credential-issuance/" class="broken_link">45 day review</a> of the specification has been completed. For the convenience of members who have completed their reviews by then, voting will actually begin on Monday, January 27, 2025.</p> <p>The Digital Credentials Protocols (DCP) working group page is  <a href="https://openid.net/wg/digital-credentials-protocols/">https://openid.net/wg/digital-credentials-protocols/</a>. If you’re not already an OpenID Foundation member, or if your membership has expired, please consider joining to participate in the approval vote. Information on joining the OpenID Foundation can be found at <a href="https://openid.net/foundation/members/registration">https://openid.net/foundation/members/registration</a>.</p> <p>The vote will be conducted at <a href="https://openid.net/foundation/members/polls/349">https://openid.net/foundation/members/polls/349</a>.</p> <p>Marie Jordan – OpenID Foundation Secretary</p><p>The post <a href="https://openid.net/notice-of-vote-for-proposed-second-implementers-draft-openid4vci-specification/">Notice of Vote for Proposed Second Implementer’s Draft of OpenID for Verifiable Credential Issuance Specification</a> first appeared on <a href="https://openid.net">OpenID Foundation</a>.</p>]]></content:encoded> </item> <item> <title>OIDF Feedback on NIST&#8217;s Attribute Validation Services</title> <link>https://openid.net/oidf-feedback-on-nists-attribute-validation-services/</link> <dc:creator><![CDATA[Elizabeth Garber]]></dc:creator> <pubDate>Tue, 14 Jan 2025 15:14:01 +0000</pubDate> <category><![CDATA[Blogs]]></category> <category><![CDATA[Government]]></category> <category><![CDATA[News]]></category> <category><![CDATA[Security]]></category> <guid isPermaLink="false">https://openid.net/?p=49254</guid> <description><![CDATA[<p>The National Institute of Standards and Technology (NIST) recently released a draft report entitled Attribute Validation Services for Identity Management, which seeks to provide a comprehensive framework for agencies considering implementing Attribute Validation Services (AVS) services.  AVS are critical for identity proofing, fraud prevention, and ensuring equal access to digital resources,  within  government services. They [&#8230;]</p> <p>The post <a href="https://openid.net/oidf-feedback-on-nists-attribute-validation-services/">OIDF Feedback on NIST’s Attribute Validation Services</a> first appeared on <a href="https://openid.net">OpenID Foundation</a>.</p>]]></description> <content:encoded><![CDATA[<p><span style="font-weight: 400;">The </span><a href="https://www.nist.gov/"><span style="font-weight: 400;">National Institute of Standards and Technology</span></a><span style="font-weight: 400;"> (NIST) recently released a draft report entitled </span><a href="https://csrc.nist.gov/pubs/ir/8480/ipd"><span style="font-weight: 400;">Attribute Validation Services for Identity Management</span></a><span style="font-weight: 400;">, which seeks to provide a comprehensive framework for agencies considering implementing Attribute Validation Services (AVS) services. </span></p> <p><span style="font-weight: 400;">AVS are critical for identity proofing, fraud prevention, and ensuring equal access to digital resources,  within  government services. They are also incorporated by a number of other sectors, such as banking and healthcare, which see the value they bring. NIST has, therefore, invited comments from external organizations to help ensure the framework is as robust as it can possibly be.</span></p> <p><span style="font-weight: 400;">The OpenID Foundation commends NIST for its significant investment in this work, which strongly aligns with the OpenID Foundation’s own mission to promote open standards for secure, user-centric identity systems. </span></p> <p><span style="font-weight: 400;">Welcoming the opportunity to contribute, the OpenID Foundation collated input from its diverse membership, offering targeted suggestions and broader reflections to help refine the draft. Below, the feedback to NIST has been summarized into seven key themes, as well as additional areas for consideration.</span></p> <h2><b>1. Reassessing ‘user-controlled’ terminology in wallet-based architectures</b></h2> <p><span style="font-weight: 400;">NIST&#8217;s report refers to User-Controlled Verification Architectures (UCVA) and asserts that they grant users greater control over their personal data. While UCVAs provide advantages over some API-based architectures, the term ‘user-controlled’ can misrepresent the reality. End users are not entirely autonomous; their control is influenced by credential issuers, wallet providers, and platform operators. </span></p> <p><span style="font-weight: 400;">The recommendation from the OpenID Foundation is for the use of language that is more representative. For example, ‘wallet-based architectures aim to enable user-centric data management.’ </span></p> <p><span style="font-weight: 400;">Additionally, there is much focus on UCVA architecture having the potential to overcome limitations around an individual’s access and control over their own information in a way that enables secure online and in-person data sharing, while preserving privacy and reducing fraud. The OpenID Foundation has recommended that the report acknowledge that secure, in-person, and online data sharing is not exclusive to UCVAs, citing </span><a href="https://openid.net/developers/how-connect-works/"><span style="font-weight: 400;">OpenID Connect</span></a><span style="font-weight: 400;"> as an example.</span></p> <h2><b>2. Highlighting the value of shared signals</b></h2> <p><span style="font-weight: 400;">In its feedback, the OpenID Foundation has advocated for a section on shared signals, a critical mechanism for real-time notifications and lifecycle management in identity systems. These signals can be used in multiple scenarios, enabling proactive communication, such as notifying when a credential is revoked, an attribute is updated, or fraud is suspected. </span></p> <p><span style="font-weight: 400;">In fact, much work has already been done to develop standards that that would enrich AVS architectures, enhancing interoperability and real-time risk management. The OpenID Foundation recommends that AVS, and relying parties (RP), monitor the developments of such groups, like the </span><a href="https://openid.net/wg/sharedsignals/"><span style="font-weight: 400;">OpenID Foundation’s Shared Signals Working Group</span></a><span style="font-weight: 400;">, for specifications that will vastly benefit these processes. </span></p> <h2><b>3. Ensuring rigorous entity validation</b></h2> <p><span style="font-weight: 400;">A robust AVS ecosystem must ensure that requesting entities are not only legitimate, but are verifiably those entities. The OpenID Foundation suggests leveraging standards-based mechanisms to authenticate the legitimacy of Relying Parties (RPs). Additionally, considerations should be made for inclusivity, such as supporting QR code verification for individuals without digital wallets, as seen in systems like the </span><a href="https://refugeemalaysia.org/adding-qr-code-in-unhcr-documents/"><span style="font-weight: 400;">UNHCR refugee QR codes</span></a><span style="font-weight: 400;">.</span></p> <h2><b>4. Clarifying roles and governance</b></h2> <p><span style="font-weight: 400;">The report conflates roles and responsibilities of potential implementing entities. The OpenID Foundation suggests expanding the governance section to clarify:</span></p> <ul> <li style="font-weight: 400;" aria-level="1"><span style="font-weight: 400;">The importance of selecting interoperable standards.</span></li> <li style="font-weight: 400;" aria-level="1"><span style="font-weight: 400;">The role of certifying and maintaining conformance to these standards.</span></li> </ul> <p><span style="font-weight: 400;">Trust frameworks must ensure interoperability, privacy, and security outcomes through protocol design, not solely through policy.</span></p> <h2><b>5. Addressing Metadata Risks and Management</b></h2> <p><span style="font-weight: 400;">Metadata plays a pivotal role in identity ecosystems, but the report underemphasizes its privacy and security implications. The OpenID Foundation recommends expanding guidance to include:</span></p> <ul> <li style="font-weight: 400;" aria-level="1"><span style="font-weight: 400;">Risks of metadata leakage, especially from issuance and presentation processes.</span></li> <li style="font-weight: 400;" aria-level="1"><span style="font-weight: 400;">Standards for metadata attributes that dictate how data quality and authorization metadata are managed.</span></li> <li style="font-weight: 400;" aria-level="1"><span style="font-weight: 400;">Mitigations against misuse of metadata by wallet providers or platform operators.</span></li> </ul> <h2><b>6. Facilitating cross-border interoperability</b></h2> <p><span style="font-weight: 400;">Although the report focuses on US-centric use cases, cross-border scenarios merit inclusion. For instance, in cases where US-issued mobile driver’s licenses (mDLs) might need verification by international banks or law enforcement. </span></p> <p><span style="font-weight: 400;">AVS that take into consideration trust frameworks and standards that facilitate interoperability with foreign entities, could prove extremely valuable. The OpenID Foundation has recommended that a separate section is included to cover cross-border interactions, the required trust, issuance and presentation needs for foreign attributes and identity documents.</span></p> <h2><b>7. Enhancing data retention and destruction policies</b></h2> <p><span style="font-weight: 400;">Data retention policies should balance agency requirements with individual rights. Even post-mortem data management demands thoughtful consideration. OIDF encourages NIST to monitor ongoing work in the </span><a href="https://openid.net/cg/death-and-the-digital-estate/"><span style="font-weight: 400;">DADE (Death and the Digital Estate) Community Group</span></a><span style="font-weight: 400;">, which addresses some of these challenges.</span></p> <h1><b>Further Recommendations</b></h1> <p>The OpenID Foundation recommends some additional considerations to strengthen the AVS guidance.</p> <h2><b>Emerging standards and community work</b></h2> <p><span style="font-weight: 400;">The OpenID Foundation is keen for NIST to take into account several valuable initiatives that are underway and that could positively influence the evolution of AVS. They include </span></p> <ul> <li style="font-weight: 400;" aria-level="1"><span style="font-weight: 400;">The Shared Signals Framework, set for finalization in Q1 2025, offering critical specifications for lifecycle management.</span></li> <li style="font-weight: 400;" aria-level="1"><span style="font-weight: 400;">OpenID for Verifiable Credential Issuance (OID4VCI), advancing towards finalization, and will standardize credential workflows.</span></li> <li style="font-weight: 400;" aria-level="1"><span style="font-weight: 400;">The DADE Community Group, which explores managing digital identities and assets posthumously.</span></li> </ul> <h2><b>Convergence across identity standards</b></h2> <p><span style="font-weight: 400;">NIST should anticipate potential conflicts among parallel identity standards developed by other agencies and private sectors, such as the </span><a href="https://www.dhs.gov/science-and-technology"><span style="font-weight: 400;">Department of Homeland Security</span></a><span style="font-weight: 400;"> or the </span><a href="https://www.tsa.gov/"><span style="font-weight: 400;">Transportation Security Administration</span></a><span style="font-weight: 400;"> wallet reviews, and the </span><a href="https://www.aamva.org/topics/mobile-driver-license"><span style="font-weight: 400;">AAMVA’s mDL</span></a><span style="font-weight: 400;"> guidelines.</span></p> <p><span style="font-weight: 400;">A coordinated approach should be undertaken to mitigate incompatibilities and foster streamlined adoption across federal, state, and private systems.</span></p> <h2><b>End-user experience design</b></h2> <p><span style="font-weight: 400;">The NIST report largely focuses on organizational perspectives. However, prioritizing user-centric designs can significantly improve public engagement with government services. Solutions should be intuitive, inclusive, and designed to accommodate diverse populations, including those without digital access.</span></p> <h1><b>Final Thoughts</b></h1> <p><span style="font-weight: 400;">We applaud NIST for acknowledging the contributions of our standards and specifications, such as OpenID Connect and the FAPI security profiles. Moving forward, we encourage NIST to:</span></p> <ul> <li style="font-weight: 400;" aria-level="1"><span style="font-weight: 400;">Deepen collaboration on Shared Signals and OpenID for Identity Assurance.</span></li> <li style="font-weight: 400;" aria-level="1"><span style="font-weight: 400;">Engage with ongoing efforts in OpenID Federation to refine AVS governance and interoperability frameworks.</span></li> </ul> <p><span style="font-weight: 400;">By leveraging open standards and fostering collaboration, we can collectively advance identity management systems that are secure, equitable, and user-focused. The OpenID Foundation remains committed to supporting NIST and other stakeholders in achieving this vision.</span></p> <h1><b>About the OpenID Foundation</b></h1> <p><span style="font-weight: 400;">The OpenID Foundation (OIDF) is a global open standards body committed to helping people assert their identity wherever they choose. Founded in 2007, we are a community of technical experts leading the creation of open identity standards that are secure, interoperable, and privacy-preserving. The Foundation’s OpenID Connect standard is now used by billions of people across millions of applications. In the last five years, the Financial Grade API has become the standard of choice for Open Banking and Open Data implementations, allowing people to access and share data across entities. Today, the OpenID Foundation’s standards are the connective tissue to enable people to assert their identity and access their data at scale, the scale of the internet, enabling “networks of networks” to interoperate globally. Individuals, companies, governments and non-profits are encouraged to join or participate. Find out more at</span><a href="http://www.openid.net/"><span style="font-weight: 400;"> openid.net</span></a><span style="font-weight: 400;">.   </span></p><p>The post <a href="https://openid.net/oidf-feedback-on-nists-attribute-validation-services/">OIDF Feedback on NIST’s Attribute Validation Services</a> first appeared on <a href="https://openid.net">OpenID Foundation</a>.</p>]]></content:encoded> </item> <item> <title>2025 OpenID Foundation Board of Directors</title> <link>https://openid.net/2025-openid-board-of-directors/</link> <dc:creator><![CDATA[Elizabeth Garber]]></dc:creator> <pubDate>Tue, 14 Jan 2025 14:36:34 +0000</pubDate> <category><![CDATA[Blogs]]></category> <category><![CDATA[News]]></category> <category><![CDATA[Board of Directors]]></category> <category><![CDATA[Election]]></category> <guid isPermaLink="false">https://openid.net/?p=49251</guid> <description><![CDATA[<p>by Gail Hodges, Executive Director I want to sincerely thank all OpenID Foundation members who voted in the 2025 elections for representatives to the OpenID Foundation Board of Directors. Per the Foundation’s Bylaws and as of December 1, 2024, there were two Corporate Representative and two Community Representative seats up for election in 2025.  Corporate [&#8230;]</p> <p>The post <a href="https://openid.net/2025-openid-board-of-directors/">2025 OpenID Foundation Board of Directors</a> first appeared on <a href="https://openid.net">OpenID Foundation</a>.</p>]]></description> <content:encoded><![CDATA[<div> <p><em>by Gail Hodges, Executive Director</em></p> <p><span data-olk-copy-source="MessageBody">I want to sincerely thank all OpenID Foundation members who voted in the 2025 elections for representatives to the OpenID Foundation <a href="https://openid.net/foundation/board/">Board of Directors</a>.</span></p> </div> <div> <p>Per the Foundation’s Bylaws and as of December 1, 2024, there were two Corporate Representative and two Community Representative seats up for election in 2025. </p> </div> <div> <h2>Corporate Representatives</h2> </div> <div> <p><img decoding="async" class="wp-image-45803 size-thumbnail" src="https://openid.net/wp-content/uploads/2024/01/Atul-T-headshot-150x150.png" alt="" width="150" height="150" srcset="https://openid.net/wp-content/uploads/2024/01/Atul-T-headshot-150x150.png 150w, https://openid.net/wp-content/uploads/2024/01/Atul-T-headshot.png 250w" sizes="(max-width: 150px) 100vw, 150px" /> <img decoding="async" class="alignnone wp-image-48090 size-thumbnail" src="https://openid.net/wp-content/uploads/2024/10/thumbnail_M-Verstege-150x150.png" alt="" width="150" height="150" srcset="https://openid.net/wp-content/uploads/2024/10/thumbnail_M-Verstege-150x150.png 150w, https://openid.net/wp-content/uploads/2024/10/thumbnail_M-Verstege.png 250w" sizes="(max-width: 150px) 100vw, 150px" /></p> <p>First, I am very pleased to welcome <a href="https://www.linkedin.com/in/tulshi/" target="_blank" rel="noopener">Atul Tulshibagwale</a> and <a href="https://www.linkedin.com/in/mark-verstege-1ba3502a/" target="_blank" rel="noopener">Mark Verstege</a> back to the board of directors again in 2025 as the Corporate Representatives. Each year Corporate members of the Foundation elect up to two members to represent them on the board for one-year terms with all Corporate members in good standing eligible to nominate and vote for candidates. Both Atul and Mark are very active in the Foundation, and will bring great perspectives to the Board.</p> <p data-wp-editing="1">For instance, Atul continues to co-chair the Shared Signals WG, and coordinated two Gartner interop events for the WG this year to great effect. The Shared Signals WG is also entering a new phase, with the formation of a Shared Signals Special Topic Group to help accelerate Shared Signals adoption.  </p> <p data-wp-editing="1">Mark is firm supporter of the value of OIDF standards to support ecosystems in meeting their goals, and he sees the value of bringing ecosystem leaders closer together. Mark has been a key supporter of the newly formed Ecosystem Community Group to help ecosystems develop and share best practices.</p> </div> <div> <h2>Community Representatives</h2> <p><img loading="lazy" decoding="async" class="alignnone wp-image-2688 size-thumbnail" src="https://openid.net/wp-content/uploads/2023/03/nat-150x150.png" alt="" width="150" height="150" srcset="https://openid.net/wp-content/uploads/2023/03/nat-150x150.png 150w, https://openid.net/wp-content/uploads/2023/03/nat.png 250w" sizes="(max-width: 150px) 100vw, 150px" /><img loading="lazy" decoding="async" class="alignnone wp-image-778 size-thumbnail" src="https://openid.net/wp-content/uploads/2023/01/image-3-150x150.png" alt="" width="150" height="150" srcset="https://openid.net/wp-content/uploads/2023/01/image-3-150x150.png 150w, https://openid.net/wp-content/uploads/2023/01/image-3.png 250w" sizes="(max-width: 150px) 100vw, 150px" /></p> </div> <div> <p>Second, I am delighted to welcome back <a href="https://www.linkedin.com/in/natsakimura/" target="_blank" rel="noopener">Nat Sakimura</a> and <a href="https://www.linkedin.com/in/ve7jtb/" target="_blank" rel="noopener">John Bradley</a> who were re-elected to two-year terms as Community Representatives. Their long-time leadership and service to the Foundation is sincerely appreciated and valued. This is especially true in 2025 as the Foundation expands its reach into new ecosystem as well as continues to evolve to support new groups and projects.  </p> <p>As noted, four individual members represent the membership and the community at large on the board, with offset-terms. George Fletcher and Mike Jones have one year remaining on their two-year terms and I look forward to their continued contributions in 2025.</p> </div> <div> <p>Thank you kindly to Sebastian Rohr for nominating himself in 2025 as a Community Representative and for his continued contributions to the Foundation.</p> </div> <div> <p>Please join me in thanking Nat, John, Atul, and Mark, as well as all of the Foundation’s board of directors, for their service and contributions to the Foundation and the community at large. And thank you to all Foundation members for your continued investment of time and membership that drives and supports the Foundation.</p> </div> <div> <p>Gail Hodges<br />Executive Director<br />OpenID Foundation</p> </div> <h2><b>About the OpenID Foundation</b></h2> <p><span style="font-weight: 400;">The OpenID Foundation (OIDF) is a global open standards body committed to helping people assert their identity wherever they choose. Founded in 2007, we are a community of technical experts leading the creation of open identity standards that are secure, interoperable, and privacy-preserving. The Foundation’s OpenID Connect standard is now used by billions of people across millions of applications. In the last five years, the Financial Grade API has become the standard of choice for Open Banking and Open Data implementations, allowing people to access and share data across entities. Today, the OpenID Foundation’s standards are the connective tissue to enable people to assert their identity and access their data at scale, the scale of the internet, enabling “networks of networks” to interoperate globally. Individuals, companies, governments and non-profits are encouraged to join or participate. Find out more at</span><a href="http://www.openid.net/"><span style="font-weight: 400;"> openid.net</span></a><span style="font-weight: 400;">.   </span></p><p>The post <a href="https://openid.net/2025-openid-board-of-directors/">2025 OpenID Foundation Board of Directors</a> first appeared on <a href="https://openid.net">OpenID Foundation</a>.</p>]]></content:encoded> </item> <item> <title>Strengthening cybersecurity measures – the OpenID Foundation’s recommendations on ENISA’s guidance for the NIS2 Directive</title> <link>https://openid.net/strengthening-cybersecurity-measures-oidf-recommendations-enisa-nis2/</link> <dc:creator><![CDATA[Elizabeth Garber]]></dc:creator> <pubDate>Tue, 07 Jan 2025 20:29:08 +0000</pubDate> <category><![CDATA[Blogs]]></category> <category><![CDATA[Government]]></category> <category><![CDATA[News]]></category> <category><![CDATA[Security]]></category> <guid isPermaLink="false">https://openid.net/?p=49173</guid> <description><![CDATA[<p>As the European Union continues to strengthen its cybersecurity framework, the NIS2 Directive serves as a pivotal measure to protect critical infrastructure and essential services across member states.  Committed to advancing secure and interoperable digital identity standards, the OpenID Foundation welcomes the opportunity to contribute to this critical initiative and has provided comments on ENISA’s [&#8230;]</p> <p>The post <a href="https://openid.net/strengthening-cybersecurity-measures-oidf-recommendations-enisa-nis2/">Strengthening cybersecurity measures – the OpenID Foundation’s recommendations on ENISA’s guidance for the NIS2 Directive</a> first appeared on <a href="https://openid.net">OpenID Foundation</a>.</p>]]></description> <content:encoded><![CDATA[<p><span style="font-weight: 400;">As the European Union continues to strengthen its cybersecurity framework, the NIS2 Directive serves as a pivotal measure to protect critical infrastructure and essential services across member states. </span></p> <p><span style="font-weight: 400;">Committed to advancing secure and interoperable digital identity standards, the OpenID Foundation welcomes the opportunity to contribute to this critical initiative and has provided comments on ENISA’s </span><a href="https://www.enisa.europa.eu/publications/implementation-guidance-on-nis-2-security-measures" class="broken_link"><span style="font-weight: 400;">draft technical guidance for the cybersecurity measures of the NIS2 Directive</span></a><span style="font-weight: 400;">.</span></p> <p><span style="font-weight: 400;">Below, we highlight </span><b>key themes and recommendations</b><span style="font-weight: 400;"> from our review.</span></p> <h3><b>Taking compliance monitoring beyond paper-based processes</b></h3> <p><span style="font-weight: 400;">ENISA’s guidance on compliance monitoring emphasizes regular reviews and reporting to management bodies. However, we believe this framework can be strengthened to incorporate empirical testing and global standards-based approaches. </span></p> <p><span style="font-weight: 400;">Compliance monitoring should, for example, evaluate and certify implementations against relevant global standards. Certification ensures systems are built on a robust foundation and remain aligned with evolving requirements.</span></p> <p><span style="font-weight: 400;">Processes also need to be more empirical.</span> <span style="font-weight: 400;">Paper-based compliance captures the intent of a solution but can fail to capture changes in deployed systems and can also lag evolving adversarial tactics. Real-time monitoring and periodic recertification are critical to address these gaps.</span></p> <p><span style="font-weight: 400;">The OpenID Foundation’s recommendations are to incorporate steps to evaluate applicable global standards, test implementations for conformity to standards, certify compliance, and maintain real-time reporting to highlight non-conformant implementations.</span></p> <h3><b>Ensuring robust independent security reviews</b></h3> <p><span style="font-weight: 400;">Independent reviews are vital for assessing security practices. The OpenID Foundation emphasizes the importance of aligning such reviews with global standards. </span></p> <p><span style="font-weight: 400;">When it comes to certification and self-certification, implementations of security protocols, such as OpenID Connect and FAPI, should undergo technical conformance testing and certification. This ensures interoperability and security across ecosystems.</span></p> <p><span style="font-weight: 400;">Continuous testing also needs to be considered. Cloud-based and dynamic environments require ongoing testing to detect implementation issues in real-time.</span></p> <p><span style="font-weight: 400;">The OpenID Foundation recommends that steps be taken to document technical certifications and ensure real-time conformance testing as part of the review process.</span></p> <h3><b>Expanding the scope of security testing </b></h3> <p><span style="font-weight: 400;">The guidance outlines a range of security tests, but omits protocol conformance testing. This is a critical measure for detecting implementation errors in security protocols.</span></p> <p><span style="font-weight: 400;">The OpenID Foundation recommends revising the guidance to include protocol conformance testing alongside vulnerability assessments, penetration testing, and other methodologies. Additionally, OIDF emphasizes the importance of certification in ensuring secure implementations.</span></p> <h3><b>Network security addressing interoperability challenges</b></h3> <p><span style="font-weight: 400;">Modern systems increasingly rely on external integrations and APIs, creating a complex web of dependencies. ENISA’s guidance on network security should address these realities. All endpoints, especially those involving external integrations, should be regularly tested and certified for conformance.</span></p> <p><span style="font-weight: 400;">Furthermore, integrating shared signals frameworks can enhance real-time risk detection and response, particularly in scenarios involving session or credential lifecycle changes.</span></p> <p><span style="font-weight: 400;">The OpenID Foundation recommends adding provisions for endpoint testing and integration of shared signal protocols for dynamic decision-making and enhanced security.</span></p> <h3><b>Strengthening policies and implementation for access control</b></h3> <p><span style="font-weight: 400;">The guidance on access control would benefit from additional considerations. The incorporation of data classification and risk appetite into access control decisions will help ensure that controls are tailored to the sensitivity and criticality of assets. Another consideration is enabling real-time revocation of access rights based on signals indicating changes in risk.</span></p> <p><span style="font-weight: 400;">The OpenID Foundation recommends including references to asset classification and shared signals frameworks to enhance access control policies.</span></p> <h2><b>Clarifying the scope of authentication and authorization</b></h2> <p><span style="font-weight: 400;">While the guidance addresses authentication, it often extends into areas of authorization without explicitly acknowledging the distinction. Clear terminology is essential to avoid misunderstandings. A starting point would be to rename the section to ‘Authentication and Authorization’ to reflect its broader scope.</span></p> <p><span style="font-weight: 400;">Further, specifying secure protocols like OpenID Connect, FAPI, and Shared Signals Framework would help ensure implementations can effectively mitigate specific security risks.</span></p> <p><span style="font-weight: 400;">The OpenID Foundation recommends renaming the section and providing detailed examples of secure authentication and authorization practices, including conformance testing.</span></p> <h3><b>Secure communication protocols for privileged and administrative accounts</b></h3> <p><span style="font-weight: 400;">Managing privileged accounts is a high-risk area that requires stringent controls, but the current guidance simply calls for policies for managing privileged accounts as part of access control.</span></p> <p><span style="font-weight: 400;">The OpenID Foundation recommends referencing secure communication protocols for privileged account management. The need for rigorous authentication measures, linking to broader authentication requirements and the use of secure communication protocols, should also be highlighted clearly for implementers.</span></p> <h3><b>More accountability in identity management</b></h3> <p><span style="font-weight: 400;">Guidance around identity management highlights that organizations should maintain an inventory of user and privileged identities. However, more comprehensive identity management procedures and technology are needed to ensure risk is minimized and that there is clear accountability.</span></p> <p><span style="font-weight: 400;">The OpenID Foundation recommends clarifying the term ‘service identities’ and providing examples. Details on the privileges associated with each identity should also be included, and identity lifecycle processes should be documented to ensure ongoing accountability.</span></p> <h2><b>Why global standards matter</b></h2> <p><span style="font-weight: 400;">The OpenID Foundation commends ENISA for its comprehensive guidance and commitment to improving cybersecurity across the EU and urges further alignment with global standards.</span></p> <p><span style="font-weight: 400;">Standards, such as </span><a href="https://openid.net/specs/openid-connect-core-1_0.html"><span style="font-weight: 400;">OpenID Connect</span></a><span style="font-weight: 400;"> and </span><a href="https://openid.net/wg/fapi/specifications/"><span style="font-weight: 400;">FAPI</span></a><span style="font-weight: 400;">, ensure security, interoperability, and scalability across digital identity ecosystems. By incorporating them, ENISA can further enhance the effectiveness of cybersecurity measures, reduce fragmentation across EU member states, and foster trust and collaboration among stakeholders.</span></p> <p><span style="font-weight: 400;">The OpenID Foundation remains committed to supporting ENISA and the broader cybersecurity community through open standards and constructive dialogue. We welcome the opportunity for follow-up discussions and stand ready to provide further input as needed.</span></p> <h2><b>About the OpenID Foundation</b></h2> <p><span style="font-weight: 400;">The OpenID Foundation (OIDF) is a global open standards body committed to helping people assert their identity wherever they choose. Founded in 2007, we are a community of technical experts leading the creation of open identity standards that are secure, interoperable, and privacy-preserving. The Foundation’s OpenID Connect standard is now used by billions of people across millions of applications. In the last five years, the Financial Grade API has become the standard of choice for Open Banking and Open Data implementations, allowing people to access and share data across entities. Today, the OpenID Foundation’s standards are the connective tissue to enable people to assert their identity and access their data at scale, the scale of the internet, enabling “networks of networks” to interoperate globally. Individuals, companies, governments and non-profits are encouraged to join or participate. Find out more at</span><a href="http://www.openid.net/"><span style="font-weight: 400;"> openid.net</span></a><span style="font-weight: 400;">.   </span></p><p>The post <a href="https://openid.net/strengthening-cybersecurity-measures-oidf-recommendations-enisa-nis2/">Strengthening cybersecurity measures – the OpenID Foundation’s recommendations on ENISA’s guidance for the NIS2 Directive</a> first appeared on <a href="https://openid.net">OpenID Foundation</a>.</p>]]></content:encoded> </item> <item> <title>Third OpenID4VP Implementer’s Draft Approved</title> <link>https://openid.net/third-openid4vp-implementers-draft-approved/</link> <dc:creator><![CDATA[Mike Leszcz]]></dc:creator> <pubDate>Tue, 24 Dec 2024 20:40:10 +0000</pubDate> <category><![CDATA[News]]></category> <category><![CDATA[Specs]]></category> <category><![CDATA[Working Group]]></category> <category><![CDATA[Implementer's Draft]]></category> <category><![CDATA[openid4vp]]></category> <category><![CDATA[Specification]]></category> <category><![CDATA[Vote]]></category> <guid isPermaLink="false">https://openid.net/?p=49107</guid> <description><![CDATA[<p>The OpenID Foundation membership has approved the following specification as an OpenID Implementer’s Draft:   OpenID for Verifiable Presentations: https://openid.net/specs/openid-4-verifiable-presentations-1_0-ID3.html An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. This Implementer’s Draft is a product of the AB/Connect working group.   The voting results were: Approve – 91 [&#8230;]</p> <p>The post <a href="https://openid.net/third-openid4vp-implementers-draft-approved/">Third OpenID4VP Implementer’s Draft Approved</a> first appeared on <a href="https://openid.net">OpenID Foundation</a>.</p>]]></description> <content:encoded><![CDATA[<div data-olk-copy-source="MessageBody">The OpenID Foundation membership has approved the following specification as an OpenID Implementer’s Draft:</div> <div aria-hidden="true"> </div> <div><b>OpenID for Verifiable Presentations: </b><a href="https://openid.net/specs/openid-4-verifiable-presentations-1_0-ID3.html">https://openid.net/specs/openid-4-verifiable-presentations-1_0-ID3.html</a></div> <div>An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. This Implementer’s Draft is a product of the <u>AB/Connect working group</u>.</div> <div aria-hidden="true"> </div> <div>The voting results were:</div> <ul> <li> <div class="x_elementToProof">Approve – 91 votes</div> </li> <li> <div>Object &#8211; 3 votes</div> </li> <li> <div class="x_elementToProof">Abstain – 19 votes</div> </li> </ul> <div class="x_elementToProof">Total votes: 113 (out of 414 members = 27 % &gt; 20 % quorum requirement)</div> <div>Marie Jordan – OpenID Foundation Secretary</div> <div class="x_elementToProof"> </div><p>The post <a href="https://openid.net/third-openid4vp-implementers-draft-approved/">Third OpenID4VP Implementer’s Draft Approved</a> first appeared on <a href="https://openid.net">OpenID Foundation</a>.</p>]]></content:encoded> </item> </channel> </rss>