The OpenID Foundation and the Open Identity Exchange co-hosted an Open Banking Workshop on Tuesday, January 30, 2018 in London. This presentation is an and overview of the OpenID Foundation and provides updates on the OpenID Connect standard and OpenID Certification Program that was presented by Mike Jones (Microsoft), OpenID Foundation Secretary.
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation UpdateOpenIDFoundation
Roland Hedberg with Catalogix and the OpenID Foudation provided an update on OpenID Connect Federation at the OIDF Workshop at Verizon Media on Monday, September 30, 2019 in Sunnyvale, CA.
OpenID Foundation Workshop at EIC 2018 - OpenID Enhanced Authentication Profi...MikeLeszcz
OpenID Foundation Enhanced Authentication Profile (EAP) Working Group update presented by Dr. Michael B. Jones (Microsoft) at the OIDF Workshop at EIC 2018 on May 15, 2018 in Munich.
OIDF Workshop at Verizon Media -- 9/30/2019 -- Continuous Access Evaluation P...OpenIDFoundation
Atul Tulshibagwale with Google provided an an overview of the Continuous Access Evaluation Protocol (CAEP) at the OIDF Workshop at Verizon Media on Monday, September 30, 2019 in Sunnyvale, CA.
OpenID Foundation iGov Working Group Update - October 22, 2018OpenIDFoundation
OpenID Foundation iGov Working Group update presented by Paul Grassi (Easy Dynamics) and Bjorn Hjelm (Verizon) at the OpenID Foundation Workshop at VMware on Monday, October 22, 2018.
OpenID Foundation Research & Education Working Group Update - October 22, 2018OpenIDFoundation
OpenID Foundation Research & Education (R&E) Working Group update presented by Nick Roy (Internet2) at the OpenID Foundation Workshop at VMware on Monday, October 22, 2018.
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation UpdateOpenIDFoundation
Roland Hedberg with Catalogix and the OpenID Foudation provided an update on OpenID Connect Federation at the OIDF Workshop at Verizon Media on Monday, September 30, 2019 in Sunnyvale, CA.
OpenID Foundation Workshop at EIC 2018 - OpenID Enhanced Authentication Profi...MikeLeszcz
OpenID Foundation Enhanced Authentication Profile (EAP) Working Group update presented by Dr. Michael B. Jones (Microsoft) at the OIDF Workshop at EIC 2018 on May 15, 2018 in Munich.
OIDF Workshop at Verizon Media -- 9/30/2019 -- Continuous Access Evaluation P...OpenIDFoundation
Atul Tulshibagwale with Google provided an an overview of the Continuous Access Evaluation Protocol (CAEP) at the OIDF Workshop at Verizon Media on Monday, September 30, 2019 in Sunnyvale, CA.
OpenID Foundation iGov Working Group Update - October 22, 2018OpenIDFoundation
OpenID Foundation iGov Working Group update presented by Paul Grassi (Easy Dynamics) and Bjorn Hjelm (Verizon) at the OpenID Foundation Workshop at VMware on Monday, October 22, 2018.
OpenID Foundation Research & Education Working Group Update - October 22, 2018OpenIDFoundation
OpenID Foundation Research & Education (R&E) Working Group update presented by Nick Roy (Internet2) at the OpenID Foundation Workshop at VMware on Monday, October 22, 2018.
OIDF Workshop at Verizon Media -- 9/30/2019 -- Research & Education Working G...OpenIDFoundation
Roland Hedberg with Catalogix provided an update on the Research & Education (R&E) Working Group at the OIDF Workshop at Verizon Media on Monday, September 30, 2019 in Sunnyvale, CA.
OIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group UpdateOpenIDFoundation
Davide Vaghetti with Consortium GARR provided an update on the OpenID Foundation Research & Education (R&E) Working Group at the OIDF Workshop at Verizon Media on Monday, April 29, 2019.
OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- FAPI Certi...OpenIDFoundation
Dr. Torsten Lodderstedt with yes.com provided an update on OpenID Connect for Identity Assurance at the OIDF Workshop at the 2019 European Identity Conference on Tuesday, May 14, 2019 in Munich.
OIDF Workshop at Verizon Media -- 9/30/2019 -- Browser Changes Impacting Iden...OpenIDFoundation
George Fletcher presented Browser Changes Impacting Identity Flows at the OIDF Workshop at Verizon Media on Monday, September 30, 2019 in Sunnyvale, CA.
OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group UpdateOpenIDFoundation
OpenID Foundation Fast Federation (FastFed) Working Group update presented by Darin McAdams (Amazon) at the OIDF Workshop at Verizon Media on Monday, September 30, 2019 in Sunnyvale, CA.
OpenID Connect 4 SSI is an initiative conducted at OpenID Foundation in liaison with the Decentralized Identity Foundation. It aims at specifying a set of protocols based on OpenID Connect to enable SSI applications.
OpenID Connect is the newest iteration of the OpenID Internet authentication standard that’s been developed in coordination by Google, Facebook, Microsoft and others at the OpenID Foundation.
OpenID Connect performs many of the same tasks as OpenID 1 & 2, but does so in a way that is API-friendly, and usable by native and mobile applications.
OpenID 1 and 2 lend part of their name, but Connect is a complete re-write that is fundamentally better architected for the modern web in a few important ways.
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect for Identity As...OpenIDFoundation
Torsten Lodderstedt with yes.com provided an overview of a proposed OpenID Foundation working group focused on identity assurance at the OIDF Workshop at Verizon Media on Monday, September 30, 2019 in Sunnyvale, CA.
This presentation gives an overview on the work that is going on at OpenID Foundation in Liaison with Decentralized Identity Foundation to enable SSI applications based on OpenID Connect.
OpenID Foundation's Risk Incident and Sharing Communication (RISC) Work Group...MikeLeszcz
Presentation from the OpenID Foundation's Risk Incident and Sharing Communication (RISC) Work Group Data Sharing Agreement Workshop on January 31, 2018.
OpenID Foundation Workshop at EIC 2018 - MODRNA Working Group UpdateMikeLeszcz
OpenID Foundation MODRNA Working Group update presented by Bjorn Hjelm (Verizon) and John Bradley (Yubico) at the OIDF Workshop at EIC 2018 on May 15, 2018 in Munich.
Self-issued OpenID Provider_OpenID Foundation Virtual Workshop Kristina Yasuda
Presentation I gave on Self-Issued OpenID Provider during the second OpenID Foundation Virtual Workshop covering:
1. What is Self-Issued OpenID Provider (SIOP) ?
2. SIOP Requirements (draft)
3. Initial discussion points deep-dive
Self-Issued OpenID Providers are personal OpenID Providers that issue self-signed ID Tokens, enabling portability of the identities among providers
An IAM for Beginner's session presented by Dr. Matthias Tristl, ForgeRock Senior Instructor
Learn more about ForgeRock Access Management:
https://www.forgerock.com/platform/access-management/
Learn more about ForgeRock Identity Management:
https://www.forgerock.com/platform/identity-management/
OpenID Connect 4 SSI aims at specifying a set of protocols based on OpenID Connect to enable SSI applications. The initiative is conducted at OpenID Foundation in liaison with the Decentralized Identity Foundation (DIF). One of the specifications is built up on DID-SIOP in DIDAuth WG in DIF and SIOP v1 in OIDC Core.
OpenID Connect: The new standard for connecting to your Customers, Partners, ...Salesforce Developers
With the proliferation of cloud applications, mobile devices, and the need to connect to external users, IT organizations are increasingly challenged with how to manage and gain transparency into user access to systems and applications. As your organization looks to deploy Identity in the cloud, it’s critical that this is backed by open-standards.
In this webinar, Chuck Mortimore, Pat Patterson, and Ian Glazer will give you a broad overview of how OpenID Connect can help better connect you with your customers, partners, apps, and devices
Key Takeaways
Get introduced to OpenID Connect, learn how it builds on top of OAuth, and discover why it’s an important new standard for your organization
Consume OpenID Connect from popular Identity providers with Social Sign-On
Provide a single, branded Identity to your own users and applications using OpenID Connect
Use OpenID Connect to easily build Identity-enabled mobile applications
Plan for the next generation of connected devices
Intended Audience
This webinar is aimed at a technical audience of administrators, developers, architects and business analysts who are wishing to learn more about Identity and Standards
OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- OpenID Cer...OpenIDFoundation
Michael Jones with Microsoft provided an update on the OpenID Certification Program at the OIDF Workshop at the 2019 European Identity Conference on Tuesday, May 14, 2019 in Munich.
OIDF Workshop at Verizon Media -- 9/30/2019 -- Research & Education Working G...OpenIDFoundation
Roland Hedberg with Catalogix provided an update on the Research & Education (R&E) Working Group at the OIDF Workshop at Verizon Media on Monday, September 30, 2019 in Sunnyvale, CA.
OIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group UpdateOpenIDFoundation
Davide Vaghetti with Consortium GARR provided an update on the OpenID Foundation Research & Education (R&E) Working Group at the OIDF Workshop at Verizon Media on Monday, April 29, 2019.
OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- FAPI Certi...OpenIDFoundation
Dr. Torsten Lodderstedt with yes.com provided an update on OpenID Connect for Identity Assurance at the OIDF Workshop at the 2019 European Identity Conference on Tuesday, May 14, 2019 in Munich.
OIDF Workshop at Verizon Media -- 9/30/2019 -- Browser Changes Impacting Iden...OpenIDFoundation
George Fletcher presented Browser Changes Impacting Identity Flows at the OIDF Workshop at Verizon Media on Monday, September 30, 2019 in Sunnyvale, CA.
OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group UpdateOpenIDFoundation
OpenID Foundation Fast Federation (FastFed) Working Group update presented by Darin McAdams (Amazon) at the OIDF Workshop at Verizon Media on Monday, September 30, 2019 in Sunnyvale, CA.
OpenID Connect 4 SSI is an initiative conducted at OpenID Foundation in liaison with the Decentralized Identity Foundation. It aims at specifying a set of protocols based on OpenID Connect to enable SSI applications.
OpenID Connect is the newest iteration of the OpenID Internet authentication standard that’s been developed in coordination by Google, Facebook, Microsoft and others at the OpenID Foundation.
OpenID Connect performs many of the same tasks as OpenID 1 & 2, but does so in a way that is API-friendly, and usable by native and mobile applications.
OpenID 1 and 2 lend part of their name, but Connect is a complete re-write that is fundamentally better architected for the modern web in a few important ways.
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect for Identity As...OpenIDFoundation
Torsten Lodderstedt with yes.com provided an overview of a proposed OpenID Foundation working group focused on identity assurance at the OIDF Workshop at Verizon Media on Monday, September 30, 2019 in Sunnyvale, CA.
This presentation gives an overview on the work that is going on at OpenID Foundation in Liaison with Decentralized Identity Foundation to enable SSI applications based on OpenID Connect.
OpenID Foundation's Risk Incident and Sharing Communication (RISC) Work Group...MikeLeszcz
Presentation from the OpenID Foundation's Risk Incident and Sharing Communication (RISC) Work Group Data Sharing Agreement Workshop on January 31, 2018.
OpenID Foundation Workshop at EIC 2018 - MODRNA Working Group UpdateMikeLeszcz
OpenID Foundation MODRNA Working Group update presented by Bjorn Hjelm (Verizon) and John Bradley (Yubico) at the OIDF Workshop at EIC 2018 on May 15, 2018 in Munich.
Self-issued OpenID Provider_OpenID Foundation Virtual Workshop Kristina Yasuda
Presentation I gave on Self-Issued OpenID Provider during the second OpenID Foundation Virtual Workshop covering:
1. What is Self-Issued OpenID Provider (SIOP) ?
2. SIOP Requirements (draft)
3. Initial discussion points deep-dive
Self-Issued OpenID Providers are personal OpenID Providers that issue self-signed ID Tokens, enabling portability of the identities among providers
An IAM for Beginner's session presented by Dr. Matthias Tristl, ForgeRock Senior Instructor
Learn more about ForgeRock Access Management:
https://www.forgerock.com/platform/access-management/
Learn more about ForgeRock Identity Management:
https://www.forgerock.com/platform/identity-management/
OpenID Connect 4 SSI aims at specifying a set of protocols based on OpenID Connect to enable SSI applications. The initiative is conducted at OpenID Foundation in liaison with the Decentralized Identity Foundation (DIF). One of the specifications is built up on DID-SIOP in DIDAuth WG in DIF and SIOP v1 in OIDC Core.
OpenID Connect: The new standard for connecting to your Customers, Partners, ...Salesforce Developers
With the proliferation of cloud applications, mobile devices, and the need to connect to external users, IT organizations are increasingly challenged with how to manage and gain transparency into user access to systems and applications. As your organization looks to deploy Identity in the cloud, it’s critical that this is backed by open-standards.
In this webinar, Chuck Mortimore, Pat Patterson, and Ian Glazer will give you a broad overview of how OpenID Connect can help better connect you with your customers, partners, apps, and devices
Key Takeaways
Get introduced to OpenID Connect, learn how it builds on top of OAuth, and discover why it’s an important new standard for your organization
Consume OpenID Connect from popular Identity providers with Social Sign-On
Provide a single, branded Identity to your own users and applications using OpenID Connect
Use OpenID Connect to easily build Identity-enabled mobile applications
Plan for the next generation of connected devices
Intended Audience
This webinar is aimed at a technical audience of administrators, developers, architects and business analysts who are wishing to learn more about Identity and Standards
OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- OpenID Cer...OpenIDFoundation
Michael Jones with Microsoft provided an update on the OpenID Certification Program at the OIDF Workshop at the 2019 European Identity Conference on Tuesday, May 14, 2019 in Munich.
OpenID Foundation Certification Program Update - October 22, 2018OpenIDFoundation
OpenID Foundation Certification Program update presented by Michael Jones (Microsoft) at the OpenID Foundation Workshop at VMware on Monday, October 22, 2018.
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Certification Program U...OpenIDFoundation
Michael Jones with Microsoft provided an update on the OpenID Certification Program at the OIDF Workshop at Verizon Media on Monday, September 30, 2019 in Sunnyvale, CA.
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...Torsten Lodderstedt
This deck gives an overview of OpenID 4 Verifiable Credentials and shows how the specs can be tailored to the needs of a certain category of projects/ecosystems.
Red Hat Summit - OpenShift Identity Management and ComplianceMarc Boorshtein
Our presentation from Red Hat Summit on OpenShift, Identity Management and Compliance. We talk about how to apply DevOps to identity management in OpenShift and make everyone happy.
This presentation was given by guest lecturer Jordon Holt of ORCID, Inc., during the second session of the NISO Spring training series "Working with Scholarly APIs." Session Two, ORCID, was moderated by Phill Jones of MoreBrains Cooperative and held on May 5, 2022.
[WSO2Con EU 2018] Identity APIs is the New BlackWSO2
This presentation explores how Identity APIs have evolved over the time to cater the consumer and enterprise requirements, and real-world scenarios where tough identity challenges have been successfully tackled by using them.
OAuth and OpenID Connect for PSD2 and Third-Party AccessNordic APIs
Not only banks struggle with third-party systems needing access to their APIs. In this talk though, Daniel will discuss how this can be done in the banking sector according to the Payment Services Directive (PSD2) and also in other sectors where trust of third-parties is also of great importance.
Authentication options for Open edX: focus on OAuth and OpenIDFrederik Questier
F. Questier, Authentication options for Open edX: focus on OAuth and OpenID, presentation for the Erasmus+ MarMOOC project, Universidade de Vigo, Spain, 04/04/2018
Similar to OpenID Foundation/Open Banking Workshop - OpenID Foundation Overview (20)
OpenID Foundation Workshop at EIC 2018 - Introduction to the FAPI Read & Writ...MikeLeszcz
Introduction to the FAPI Read & Write OAuth Profile presentation given by Nat Sakimura, OpenID Foundation Chairman, at the OpenID Foundation Workshop at EIC 2018 on May 15, 2018 in Munich.
Client Initiated Backchannel Authentication Profile Overview presented by Dave Tonge with moneyhub. This was presented on Wednesday, March 21, 2018 at the OpenID Foundation/Open Banking Workshop hosted by Microsoft in London.
OpenID Foundation/Open Banking Workshop - Open Banking UpdateMikeLeszcz
The OpenID Foundation and the Open Identity Exchange co-hosted an Open Banking Workshop on Tuesday, January 30, 2018 in London. This presentation is an update on the Open Banking initiative that was presented by members of the Open Banking Implementation Entity (OBIE).
Banking is Now More Open: Open Banking UpdateMikeLeszcz
Update on Open Banking initiative by Chris Michael , Head of Technology, Open Banking. Chris presented this at the “OpenID/Open Banking Workshop: The Implications for the Banking Industry” in London on November 6, 2017.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Enhancing Performance with Globus and the Science DMZGlobus
ESnet has led the way in helping national facilities—and many other institutions in the research community—configure Science DMZs and troubleshoot network issues to maximize data transfer performance. In this talk we will present a summary of approaches and tips for getting the most out of your network infrastructure using Globus Connect Server.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
3. OpenID Foundation
• Authors of OAuth, JWT, JWS, OpenID Connect, trust frameworks,
and certification methods and marks. Expertise
• Intellectual Property Rights regime ensures royalty free, mutual
non-assertion covenant of use by everyone. Open
• Industry sustaining sponsorship by Google, KDDI, Microsoft, NRI,
Oracle, PayPal, PingIdentity, Symantec, Verizon and more… Ecosystem
The OpenID Foundation is a non-profit international standard organization of individuals and
companies committed to enabling, promoting, and protecting OpenID technologies. Since
2007, the foundation has served as a public trust in representing the open community of
developers, vendors, and users.
7. What is OpenID Connect?
§ Simple identity layer on top of OAuth 2.0
§ Enables relying parties to verify identity of end-user
§ Enables relying parties to obtain basic profile info
§ REST/JSON interfaces → low barrier to entry
§ See http://openid.net/connect/
8. You’re Probably Already Using OpenID Connect!
§ If you log in at AOL, Deutsche Telekom, France Connect,
Google, Microsoft, mixi, NEC, NTT, Salesforce, Softbank,
Symantec, Verizon, or Yahoo! Japan or have an Android phone,
you’re already using OpenID Connect
o Many other sites and apps large and small also use it
9. OpenID Connect Range
§ Spans use cases, scenarios
o Internet, Enterprise, Mobile, Cloud
§ Spans security & privacy requirements
o From non-sensitive information to highly secure
§ Spans sophistication of claims usage
o From basic default claims to specific requested claims to collecting
claims from multiple sources
§ Maximizes simplicity of implementations
o Uses existing IETF specs: OAuth 2.0, JWT, etc.
o Lets you build only the pieces you need
14. More OpenID Connect Specifications
§ OAuth 2.0 Form Post Response Mode
o Defines how to return OAuth 2.0 Authorization Response parameters
(including OpenID Connect Authentication Response parameters)
using HTML form values that are auto-submitted by the User Agent
using HTTP POST
o A “form post” binding, like SAML and WS-Federation
• An alternative to fragment encoding
o http://openid.net/specs/oauth-v2-form-post-response-mode-1_0.html
o Completed April 2015
o In production use by Microsoft, Ping Identity, others
15. OpenID Connect Federation (work in progress)
§ OpenID Connect Federation specification
o http://openid.net/specs/openid-connect-federation-1_0.html
o Created by federation expert Roland Hedberg
§ Enables establishment and maintenance of multi-party
federations using OpenID Connect
§ Defines hierarchical JSON-based metadata structures for
federation participants
§ Being prototyped by European federations, including NORDUnet
16. Session Management / Logout (work in progress)
§ Three approaches being pursued by the working group:
o Session Management
• http://openid.net/specs/openid-connect-session-1_0.html
• Uses HTML5 postMessage to send state changes between OP and RP iframes
o Front-Channel Logout
• http://openid.net/specs/openid-connect-frontchannel-1_0.html
• Uses HTTP GET to load image or iframe, triggering logout
• Similar to options in SAML, WS-Federation
o Back-Channel Logout
• http://openid.net/specs/openid-connect-backchannel-1_0.html
• Server-to-communication not using the browser
• Can be used by native applications, which have no active browser
§ All support multiple logged-in sessions from OP at RP
§ Unfortunately, no one approach best for all use cases
§ All became Implementer’s Drafts in March 2017
17. Related Work in Other Working Groups
§ International Government Profile (iGov) Working Group
o Developing OpenID Connect profile for government & high-value
commercial applications
§ Enhanced Authentication Profile (EAP) Working Group
o Enables Token Bound ID Tokens
o Enables integration with FIDO and other phishing-resistant
authentication solutions
§ Financial API (FAPI) Working Group
o Defining JSON schemas, security and privacy recommendations, and
protocols to:
• enable applications to utilize the data stored in the financial account,
• enable applications to interact with the financial account, and
• enable users to control the security and privacy settings.
18. What is OpenID Certification?
§ OpenID Certification enables OpenID Connect implementations
to be certified as meeting the requirements of defined
conformance profiles
§ An OpenID Certification has two components:
o Technical evidence of conformance resulting from testing
o Legal statement of conformance
§ Certified implementations can
use the “OpenID Certified” logo
19. What value does certification provide?
§ Technical:
o Certification testing gives confidence that things will “just work”
o No custom code required to integrate with implementation
o Better for all parties
o Relying parties explicitly asking identity providers to get certified
§ Business:
o Enhances reputation of organization and implementation
o Shows that organization is taking interop seriously
o Customers may choose certified implementations over others
20. Current Conformance Profiles
§ Five conformance profiles of OpenID Providers:
o Basic OpenID Provider
o Implicit OpenID Provider
o Hybrid OpenID Provider
o OpenID Provider Publishing Configuration Information
o Dynamic OpenID Provider
§ Five corresponding conformance profiles of OpenID RPs:
o Basic Relying Party
o Implicit Relying Party
o Hybrid Relying Party
o Relying Party Publishing Configuration Information
o Dynamic Relying Party
21. Who has achieved OP Certification?
• OpenID Provider certifications at
http://openid.net/certification/
#OPs
• 174 profiles certified for
57 implementations by
49 organizations
• Recent additions:
• Auth0, CA, Classmethod,
Cloudentity, Connect2id, Curity,
Hanscan, Identity Automation,
KSIGN, Library of Congress, Mvine,
NRI, NTT, OpenAthens, Optimal Idm,
ProSiebenSat.1, Michael Schwartz,
Filip Skokan, WSO2
• Each entry link to zip file with test
logs and signed legal statement
• Test results available for public
inspection
22. Who has achieved RP Certification?
• Relying Party certifications at
http://openid.net/certification/#RPs
• 44 profiles certified for
18 implementations by
16 organizations
• Recent additions:
• Brock Allen, Damien Bowden,
F5 Networks, Janrain, Karlsruher
Institut für Technologie, Tom
Jones, KSIGN, Manfred Steyer,
NRI, ZmartZone IAM
23. How does OpenID Certification work?
§ Organization decides what profiles it wants to certify to
o For instance, “Basic OP”, “Config OP”, and “Dynamic OP”
§ Runs conformance tests publicly available at
http://op.certification.openid.net/ or
http://rp.certification.openid.net/
§ Once all tests for a profile pass, organization submits
certification request to OpenID Foundation containing:
o Logs from all tests for the profile
o Signed legal declaration that implementation conforms to the profile
§ Organization pays certification fee (for profiles not in pilot
mode)
§ OIDF verifies application is complete and grants certification
§ OIDF lists certification at http://openid.net/certification/ and
registers it in OIXnet at http://oixnet.org/openid-certifications/
24. What does certification cost?
§ Not a profit center for the OpenID Foundation
o Fees there to help cover costs of operating certification program
§ Member price
o $200 per new deployment
§ Non-member price
o $999 per new deployment
o $499 per new deployment of an already-certified implementation
§ Covers as many profiles as you submit within calendar year
§ New profiles in pilot mode are available to members for free
§ Costs described at http://openid.net/certification/fees/
25. What’s next for OpenID Certification?
§ Additional OpenID Connect profiles being developed:
o Form Post Response Mode
o Refresh Token Behaviors
o Session Management, Front-Channel Logout, Back-Channel Logout
o OP-Initiated Login
§ Additional documentation being produced
o By Roland Hedberg and Hans Zandbelt
§ Certification for additional specifications is anticipated:
o E.g., HEART, MODRNA, iGov, EAP, FAPI, etc.
26. OpenID Certification Call to Action
§ Certify your OpenID Connect implementations
§ Help us test the soon-to-come new profiles
§ Join the OpenID Foundation
§ Join the OpenID Connect and other working groups
27. OpenID Connect & Certification Resources
§ OpenID Connect
o http://openid.net/connect/
§ Frequently Asked Questions
o http://openid.net/connect/faq/
§ Working Group Mailing List
o http://lists.openid.net/mailman/listinfo/openid-specs-ab
§ OpenID Certification Program
o http://openid.net/certification/
§ Certified OpenID Connect Implementations Featured for Developers
o http://openid.net/developers/certified/
§ Mike Jones’, Nat Sakimura’s, and John Bradley’s Blogs
o http://self-issued.info/
o http://nat.sakimura.org/
o http://www.thread-safe.com/
28. Discussion
§ How are you using OpenID specifications?
§ What would you like the OpenID Foundation and its working
groups to know?
30. ID Token
§ JWT representing logged-in session
§ Claims:
o iss – Issuer
o sub – Identifier for subject (user)
o aud – Audience for ID Token
o iat – Time token was issued
o exp – Expiration time
o nonce – Mitigates replay attacks
31. Claims Requests
§ Basic requests made using OAuth scopes:
o openid – Declares request is for OpenID Connect
o profile – Requests default profile info
o email – Requests email address & verification status
o address – Requests postal address
o phone – Requests phone number & verification status
o offline_access – Requests Refresh Token issuance
§ Requests for individual claims can be made using JSON
“claims” request parameter
35. Certification of Conformance
• Legal statement by certifier
stating:
• Who is certifying
• What software
• When tested
• Profile tested
• Commits reputation of
certifying organization to
validity of results