[Openid-specs-ab] Adoption of openid-connect-federation-1_0

Nat Sakimura sakimura at gmail.com
Sat Jul 23 16:36:15 UTC 2016


Dear Connect WG members:


I am happy to announce the adoption of "OpenID Connect Profile for
SCIM Services" by the OpenID Connect working group.  The specification
is available at these locations:

*       http://openid.net/specs/openid-connect-federation-1_0-00.html
- Initial draft

*       http://openid.net/specs/openid-connect-federation-1_0.html -
Current stable draft

*       http://openid.bitbucket.org/openid-connect-federation-1_0.html
- Current working draft

The abstract of the specification is:
The OpenID Connect standard specifies how a Relying Party (RP) can
discover metadata about an OpenID Provider (OP), and then register to
obtain client credentials. During registration, the RP provides
metadata about its services. There is no automated mechanism for the
OP or the RP to verify the information exchanged during this process.
All the information is self-asserted.

This document describes how a trusted third party can enhance the
security between the OP and RP by providing additional integrity about
their respective metadata. Using this approach, an attacker would have
to obtain the private keys of the trusted third party, which would
mitigate the risk of a compromised SSL connection.

Nat Sakimura
OpenID Connect Working Group Chair

-- 

Nat Sakimura

Chairman of the Board, OpenID Foundation
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20160723/3428c61f/attachment.html>


More information about the Openid-specs-ab mailing list