OpenID Foundation
Main
- OpenID Foundation Publishes “Open Banking and Open Data: Ready to Cross Borders?” 2023-02-06 OpenID
More than 50 open data, digital identity and API security technologists globally contributed to this whitepaper to answer the following questions:
- What are the differences and similarities between different open data ecosystems?
- Is global interoperability between different ecosystems possible?
- Who will be driving this movement and what are the use cases motivating them? How will users benefit?
- How could cross-border use cases work and what “good might look like”? What are the architecture and governance requirements?
- What can you do if you believe this is the right direction for Open Banking and Open Data?
- OpenID Foundation Publishes “The Global Open Health Movement: Empowering People and Saving Lives by Unlocking Data” Whitepaper 2022-07-22 OpenID
The whitepaper offers an overview of the global health sector privacy and security landscape and introduces similar work from outside the health domain with health experts. One key hypothesis we will test is that existing Open Banking and other Open Data standards, like FAPI, could help the health community deliver on their Open Health goals more quickly.
- OpenID for Verifiable Credentials 2022-05-12 OpenID
The goal of this whitepaper is to inform and educate the readers about the work on the OpenID for Verifiable Credentials (OpenID4VC) specifications family. It addresses use-cases referred to as Self-Sovereign Identity, Decentralized Identity, or User-Centric Identity.
- OpenID Foundation Publishes Whitepaper on Open Banking 2022-03-18 OpenID
The OpenID Foundation is pleased to share its new whitepaper, “Open Banking, Open Data and Financial-Grade APIs”. The paper documents the international movement towards Open Banking, Open Finance, and secure, consent driven access to all user data. It describes the OpenID Foundation and in particular the Financial-Grade API (FAPI) Working Group’s experience with Open Banking ecosystems internationally.
- The 7 Laws of Identity Standards 2021-04-10 OpenID
- A identity standard’s adoption is driven by its value of the reliability, repeatability and security of its implementations.
- A standard’s value can be measured by the number of instances of certified technical conformance extant in the market.
- Certified technical conformance is necessary but insufficient for global adoption.
- Adoption at scale requires widespread awareness, ongoing technical improvement and a open and authoritative reference source.
- When Libraries/Directories/ Registries act as authoritative sources they amplify awareness, extend adoption and promote certification.
- Certified technical conformance importantly complements legal compliance and together optimize interoperability.
- Interoperability enhances security, contains costs and drives profitability.
Organization
- How OpenID Standards are Enabling Secure & Interoperable Digital Identity Ecosystems 2022-05-11 OpenID
- Okta Joins the OpenID Foundation Board to Further Advance Open Identity Standards 2021-12-10 OpenID
“OpenID Connect is one of the most adopted identity standards, providing essential functionality to core solutions across the industry,” said Vittorio Bertocci, Principal Architect, Auth0.
- The OpenID Foundation Welcomes Visa to the Board of Directors 2021-12-07 OpenID
Visa’s leadership in global payments and identity services as well as their longstanding commitment to standards will be of great value as we tailor our strategy to this moment.
- Passing the Torch at the OpenID Foundation 2021-04-28 Mike Jones
Today marks an important milestone in the life of the OpenID Foundation and the worldwide digital identity community. Following Don Thibeau’s decade of exemplary service to the OpenID Foundation as its Executive Director, today we welcomed Gail Hodges as our new Executive Director.
- 2021 OpenID Foundation Board Update 2021-02-09 OpenID
Nat Sakimura and John Bradley were re-elected to new two-year terms as community member representatives. Nat and John’s well-known technical expertise and global thought leadership ensures continuity across working groups and as the Foundation transitions to new leadership in 2021.
Standards Development
- Proof-of-possession (pop) AMR method added to OpenID Enhanced Authentication Profile spec 2021-10-13 Mike Jones
I’ve defined an Authentication Method Reference (AMR) value called “pop” to indicate that Proof-of-possession of a key was performed. Unlike the existing “hwk” (hardware key) and “swk” (software key) methods […] Among other use cases, this AMR method is applicable whenever a WebAuthn or FIDO authenticator are used.
Shared Signals Working Group
The Shared Signals working group is providing data sharing schemas, privacy recommendations and protocols to share security event information to thwart attackers from leveraging compromised accounts from one Service Provider to gain access to accounts on other Service Providers and enable users and providers to coordinate to securely restore accounts following a compromise.
- OpenID RISC Profile Specification 1.0 - draft 02 2022-04-05 OpenID This document defines the Risk Incident Sharing and Coordination (RISC) Event Types based on the Shared Signals and Events (SSE) Framework. Event Types are introduced and defined in Security Event Token (SET).
- Shared Signals: An Open Standard for Webhooks 2021-08-24 OpenID The OpenID Foundation formed the “Shared Signals and Events” (SSE) Working Group as a combination of the previous OpenID RISC working group and an informal industry group that was focused on standardizing Google’s CAEP proposal. These represented two distinct applications of the same underlying mechanism of managing asynchronous streams of events. Therefore the SSE Framework is now proposed to be a standard for managing such streams of events for any application, not just CAEP and RISC. In effect, it is a standard for generalized Webhooks.
- Security Event Tokens, Subject Identifiers, and SSE/CAEP/RISC Java implementation 2021-05-06 Matt Domsch Matt presented an overview of the OpenID Foundation Shared Signals and Events Working Group, and his implementation of the object model in an open source Java library at https://github.com/sailpoint-oss/openid-sse-model/
- OpenID SSE Model - Security Event Tokens, Subject Identifiers, and SSE/CAEP/RISC Java implementation 2021-04-21 Domsch
- Security Event Tokens – RFC 8417\n$5 Matt Domsch, VP & Engineering Fellow
- Subject Identifiers – Internet Draft RFC
- Shared Signals & Events – OpenID Foundation WG
- Includes RISC, CAEP, and Oauth event profiles
GAIN
- How GAIN Happens, Slowly Then All at Once 2022-06-03 OpenID
GAIN is marked by a cross sector, crowd sourced, open, global due diligence. GAIN’s self organized participants are actively seeking evidence that disconfirms the GAIN hypothesis.
- Protocols, Standards, Alliances: How to Re-GAIN the Future Internet from the Big Platforms 2022-05-13 Kuppinger Cole
just like trade unions helped the working class during the industrial revolution to fight for their rights. In this panel session, we will discuss about the enablers of such a different approach and the requirements to actually be successfull.
- Introducing the Global Assured Identity Network (GAIN) Proof of Concept Community Group 2022-03-02 OpenID
The OpenID Foundation is pleased to announce the launch of the Global Assured Identity Network (GAIN) Proof of Concept Community Group, which aims to test the technical hypotheses underlying the “GAIN Digital Trust” white paper.
- Global Assured Identity Network White Paper 2021-09-20 OpenID
The Global Assured Identity Network White Paper was the centerpiece of the OpenID Foundation’s Chairman Nat Sakimura’s keynote at the European Identity Conference just a few days ago. His presentation can be found at https://nat.sakimura.org/2021/09/14/announcing-gain/. Nat describes GAIN as an overlay network on top of the Internet with all its participants identity proofed. One key benefit of the approach proposed in the white paper is that the standards required to enable this network already exist: OpenID Connect and eKYC/IDA.
The White Paper was a “no logo, pro bono, open source” collaboration of over 150 co-authors including many members of the OpenID Foundation. It’s well on its way to achieving its goal of generating a community wide discussion on the business, technical and legal requirements for pragmatic international interoperability.
- EIC Speaker Spotlight: Nat Sakimura 2021-08-24 Introducing Gain • OpenID Foundation
if you look at the the cost structure of the financial industry a lot of cost Is towards anti-money laundering and related activities and that actually is identity problem […] we should try to solve the use case with a user centricity in mind
Kim Cameron Award
- Kim Cameron Award Winner Reflects on EIC 2022-07-05 Rachelle Sellung
In a matter of a few days, I heard many inspiring presentations, had many interesting conversations, and met many wonderful people in this field at the Conference. It has already led to multiple conversations of working together regarding future stakeholder research that will hopefully be useful and support the identity community.
- 2022 OpenID Foundation Kim Cameron Award Recipients Announced 2022-04-29 OpenID
This was the first IIW without Kim Cameron. This was a very fitting announcement.The OpenID Foundation is pleased to announce the first cohort of awardees for inaugural launch of the Kim Cameron Award Program. We first must thank the many well-qualified applicants who presented compelling interest in user-centric identity.
- Announcing the 2022 OpenID Foundation Kim Cameron Scholarship 2022-04-08 OpenID
Scholarship recipients will be studying, researching, interning or working in a field relevant to one or more OpenID Foundation working groups and consistent with Foundation’s Mission. The scholarship recipients will also be invited to participate in Foundation breakout meetings at the European Identity Conference and Identiverse which will provide exposure to both the Foundation’s business as well as leading technologists.