This post is by Mike Jones from Mike Jones: self-issued
Click here to view on the original site: Original Post
The OpenID Connect Federation 1.0 specification is being developed to enable large-scale federations to be deployed using OpenID Connect. It enables trust among federation participants to be established through signed statements made by federation operators about federation participants.
The design of this specification builds upon the experiences gained in operating large-scale SAML 2.0 federations, and indeed, is authored by people having practical experience with these federations. The primary authors are Roland Hedberg and Andreas Åkre Solberg, with additional contributions by Samuel Gulliksson, John Bradley, and myself, as well as members of the OpenID Connect working group, which is the home of the specification.
A key innovation that differentiates OpenID Connect federations from most SAML 2.0 federations is that OpenID Connect federation employs heirarchal metadata, where participants directly publish statements about themselves, versus the aggregated metadata approach used by many SAML 2.0 federations, where federation operator publishes a single file concatenating all the metadata for all the federation participants.
The specification was just updated so that the latest version can be discussed at a SURFnet OpenID Connect “Wisdom of the Crowd” session today.
The latest version of specification is available at:
This URL always points to the latest published version:
Please review and/or implement this important specification and send your feedback to the OpenID Connect working group!