OAuth 2.0 JWT Bearer Token Profiles Specification Draft -04
Draft 04 of the OAuth 2.0 JWT Bearer Token Profiles Specification has been published. This version tracks changes in the OAuth 2.0 Assertion Profile and SAML 2.0 Bearer Assertion Profiles for OAuth 2.0 specifications made in response to working group last call comments, as announced by Brian Campbell. Changes made were: Merged in changes between...
OAuth 2.0 Bearer Token Specification Draft -19
Draft 19 of the OAuth 2.0 Bearer Token Specification has been published. It addresses DISCUSS issues and COMMENTs raised for which resolutions have been agreed to. No normative changes were made. Changes made were: Use ABNF from RFC 5234. Added sentence “The Bearer authentication scheme is intended primarily for server authentication using the WWW-Authenticate and...
OpenID Connect has won the 2012 European Identity Award
I’m thrilled to report that OpenID Connect has won the 2012 European Identity Award for Best Innovation/New Standard. I appreciate the recognition of what we’ve achieved to date with OpenID Connect and its potential to significantly change digital identity for the better. As Dave Kearns wrote in the OpenID Foundation announcement about the award: I’m...
April 10, 2012 OpenID Connect Update Release
The OpenID Connect working group has released an update to the OpenID Connect specifications that continues incorporating significant developer feedback received, while maintaining as much compatibility with the implementer’s drafts as possible. The Connect specs have also been updated to track updates to the OAuth and JOSE specs, which they use. The primary normative changes...
OAuth 2.0 Bearer Token Specification Draft -18
Draft 18 of the OAuth 2.0 Bearer Token Specification has been published. It contains the following changes:
Changed example bearer token value from vF9dft4qmT to mF_9.B5f-4.1JqM.
Added example access token response returning a Bearer token.
The draf...
OAuth 2.0 Bearer Token Specification Draft -17
Draft 17 of the OAuth 2.0 Bearer Token Specification has been published. This version changes the RFCs referenced for certificate chain verification. The wording was proposed by Alexey Melnikov as part of the Gen-ART review. It contains the following changes: Restore RFC 2818 reference for server identity verification and add RFC 5280 reference for certificate...
OpenID Connect Interop in Progress
The Third OpenID Connect Interop is currently under way – this time based upon approved Implementer’s Drafts. Currently 7 implementations are being tested, with I believe more to be added. The interop is designed to enable people to test the implementations they’ve built against other implementations and verify that specific features that they’ve built are...
OpenID Connect Implementer’s Drafts Approved
The OpenID Foundation members have overwhelmingly voted to approve the OpenID Connect specifications as Implementer’s Drafts. This is an important milestone in the process of completing the OpenID Connect specifications. Implementer’s Drafts are stable versions of specifications intended for trial implementations and deployments that provide specific IPR protections to those using them. Implementers and deployers...
Vote to Approve OpenID Connect Implementer’s Drafts Under Way
The vote to approve six OpenID Connect specification drafts as OpenID Foundation Implementer’s Drafts is under way. To vote, go to https://openid.net/foundation/members/polls/62 and log in using your OpenID by the morning of Wednesday, February 15th...
OAuth 2.0 Bearer Token Specification Draft -16
Draft 16 of the OAuth 2.0 Bearer Token Specification has been published. This version contains a proposed resolution to the auth-param syntax issue that has been reviewed by Julian Reschke, Mark Nottingham, and the OAuth WG chairs. It also addresses the Gen-ART review comments by Alexey Melnikov. It contains the following changes: Use the HTTPbis...
OpenID Connect Implementer’s Draft Review
OpenID Connect is a simple identity layer built on top of OAuth 2.0. It enables clients to verify the identity of and to obtain basic profile information about an end-user. It uses RESTful protocols and JSON data structures to provide a low barrier to entry. The design philosophy behind OpenID Connect is “make simple things...
OAuth 2.0 Bearer Token Specification Draft -15
Draft 15 of the OAuth 2.0 Bearer Token Specification has been published. It contains the following changes: Clarified that form-encoded content must consist entirely of ASCII characters. Added TLS version requirements. Applied editorial improvements suggested by Mark Nottingham during the APPS area review. The draft is available at: http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-15 An HTML-formatted version is available at:...
