~mike-jones-self-iss | Bookmarks (6)

I gave the following presentation on work in the OpenID Connect working group at the Monday, October 28, 2024 OpenID Workshop at Microsoft: OpenID Connect Working Group Update (PowerPoint) (PDF) I also gave this invited “101” session presentation at the Internet Identity Workshop (IIW) on Tuesday, October 29, 2024: Introduction to OpenID Connect (PowerPoint) (PDF) […]

I’m pleased to report that the “OAuth 2.0 Protected Resource Metadata” specification has been approved by the IESG and is now in the RFC Editor queue. The version approved by the IESG and sent to the RFC Editor is: https://www.ietf.org/archive/id/draft-ietf-oauth-resource-metadata-13.html It joins OAuth 2.0 Security Best Current Practice and JWT Response for OAuth Token Introspection, […]

I’m thrilled to report that the OpenID Connect specifications have now been published as ISO/IEC standards. They are: ISO/IEC 26131:2024 — Information technology — OpenID connect — OpenID connect core 1.0 incorporating errata set 2 ISO/IEC 26132:2024 — Information technology — OpenID connect — OpenID connect discovery 1.0 incorporating errata set 2 ISO/IEC 26133:2024 — […]

Aaron Parecki and I published a new version the “OAuth 2.0 Protected Resource Metadata” specification that addresses the review comments received since the IETF Last Call. Per the history entries, the changes were: Added metadata values declaring support for DPoP and mutual-TLS client certificate-bound access tokens. Added missing word caught during IANA review. Addressed ART, […]

Orie Steele and I have updated the “Fully-Specified Algorithms for JOSE and COSE” specification to incorporate feedback from IETF 120 in Vancouver. Specifically, the registrations for fully-specified Elliptic Curve Diffie-Hellman (ECDH) algorithms in draft 03 were removed, along with the previously proposed fully-specified ECDH algorithm identifiers, while continuing to describe how to create fully-specified ECDH […]

The OpenID Foundation has approved the Fourth Implementer’s Draft of the OpenID Federation Specification. This is a major step towards having the specification become final. The previous Implementer’s Draft was in 2021. A lot has happened since then, largely motivated by feedback from actual implementations and deployments. Some highlights of progress made in the spec […]