Today the OpenID Foundation introduced OpenID Connect Certification – a program that enables organizations to certify that their OpenID Connect implementations conform to specified profiles of the OpenID Connect standard. The certification program is a tool to ensure that implementations by different parties will successfully interoperate.
OpenID Connect is a secure, mobile-ready, privacy-enhancing open identity standard. It has been widely adopted since its finalization last year during the 2014 RSA Conference.
The OpenID Certification program provides important assurances to the global community of developers that the Internet identity services that certifying organizations have deployed reliably conform to the OpenID Connect standard. The goal is that OpenID Certified implementations will “just work” with one another.
Google, Microsoft, ForgeRock, Ping Identity, Nomura Research Institute, and PayPal are the first industry leaders to participate in the OpenID Connect Certification program and certify that their implementations conform to one or more of the profiles of OpenID Connect standard.
Overview of OpenID Connect Certification Program Process
The OpenID Connect Certification program is based on self-certification – a formal public declaration by an entity that its specific identified deployment of a product or service meets the requirements of specified conformance profiles of the OpenID Connect standard, as demonstrated by passing a set of self-administered conformance tests for those profiles. With self-certification, the organization implementing an OpenID Connect deployment tests its own deployment via the OpenID Connect Conformance Test Suite™ software and verifies that it conforms to one or more defined OpenID Connect profiles. Once the tests for a profile are successfully completed, the organization signs and submits to the OpenID Foundation a Certification of Conformance attesting that it successfully completed the software tests, and asserting that its deployment conforms to the designated OpenID Connect profile. Following submission of the required materials, the self-certifications are published. These certifications are also registered by the OpenID Foundation at the Open Identity Exchange’s publically accessible identity registry, known as OIXnet.
The OpenID Foundation is taking a phased approach to rolling out the OpenID Connect Certification program. The initial phase is now complete, launching with the certification of OpenID Connect identity providers by Google, Microsoft, ForgeRock, Ping Identity, Nomura Research Institute, and PayPal. The next phase will add relying party certification and make self-certification available to all OIDF members in good standing starting in May 2015. The planned third phase in the roadmap will make the OpenID Connect Certification program generally available in January 2016.
The OpenID Certification testing suite is open source software that was developed in cooperation with Umeå University in Sweden, with its development also partially supported by the European Union GÉANT project under a grant to promote interoperability of digital identity systems.