OpenID Connect Certification and Open Identity Exchange Registration Pilot Use-Case Overview
The pilot launch of the OIXnet registry in April 2015 will focus on the OpenID Connect self-certification and registration use-case.
The OpenID Connect protocol has quickly gained widespread adoption enabling easy-to-use login and API access for both web and native applications. During its development, extensive interoperability testing was performed on a voluntary basis to ensure that different implementations would actually work together. Now that the OpenID Connect protocol is final, the OpenID Foundation is working to ensure even better interoperability by creating a self-certification program for OpenID Connect implementations, with early participants including Forgerock, Google, Microsoft, Nomura Research Institute, PayPal, and Ping Identity. The OpenID Conformance Test SuiteTM developed by Roland Hedberg of Umeå University with EU funding, enables organizations to certify their implementations to the OpenID Foundation. The OpenID Foundation will list the certifications at the OIXnet trust registry to provide the transparency, liability protections and discoverability for global interoperability.
|Download the OpenID Certification & Registration Launch Plan|
- Organization seeks to test their OpenID Connect (OIDC) service(s) for conformance.
- Organization reviews the OpenID Connect Self-Certification FAQ that includes details on testing (technical), self-certification (legal) and registration (business). The FAQ specifies that only members in good standing can self-certify and register at OIXnet for the first two phases.
- Organization tests their service(s) using the OpenID Connect Conformance Test SuiteTM until successful.
- Upon successful completion, organization signs the Certification of Conformance to OpenID Connect Conformance Profile and submits required test results to OpenID Foundation for approval.
- OpenID Foundation confirms membership status (for initial pilot phases), ensure agreement has been signed and all test results have been submitted. OpenID Foundation notifies organization of acceptance or denial. Accepted self-certifications are then submitted to Open Identity Exchange for registration at the OIXnet registry.
- Open Identity Exchange ensures all required enrollment and testing results have been submitted. Open Identity Exchange notifies OpenID Foundation of both accepted and denied submissions. Accepted submissions are published to the OIXnet registry at oixnet.org.
Phase 1 – Early Adopters Pilot
- Early adopters: Forgerock, Google, Microsoft, Nomura Research Institute, PayPal, and Ping Identity
- Symantec providing secure, scalable and multi-tenant platforms for testing, certification and registration
- FAQ, Terms of Service and registrations published at oidf.net and oixnet.org
- Launch and announcement at RSA Conference on April 22nd in San Francisco
Phase 2 – Members Only Pilot
- Self-certification costs published at oidf.net on June 2015
- Limited to OpenID Foundation members-in-good-standing
Phase 3 – General Availability
- General availability for non-members on January 2016
- OpenID Foundation may register other certifications for OpenID Connect profiles