A few weeks ago at the RSA Conference 2015, the OpenID Foundation announced the launch of its OpenID Connect Certification, an important program that enables organizations to certify that their OpenID Connect implementations conform to specified profiles of the OpenID Connect standard.
We are pleased to announce that Symantec is hosting this self-certification process and providing the technical infrastructure and security to scale the new initiatives.
The OpenID Foundation’s Goals
Along with other industry leaders, Symantec is a proud member of the OpenID Foundation, a non-profit standardization organization represented by an open community of developers, vendors and users committed to enabling and promoting OpenID technologies.
The goal of the OpenID Foundation is to create a widely available, secure, interoperable digital identity so users can take advantage of cloud-based services and applications on the device of their choice. Each user’s digital identity will be interoperable across different platforms and vendors. Instead of having users deal with different credentials issued for every site they visit, the desired model is to allow users to use trusted credentials they already have across different sites.
We feel it’s a big step in the right direction for both enterprises and users.
OpenID Connect Certification Overview
Let’s learn more about the new OpenID Connect Certification program.
OpenID Connect is an interoperable, secure and mobile-ready authentication protocol. Since its finalization at last year’s RSA 2014 conference, OpenID Connect has been widely adopted. OpendID Connect lets developers authenticate their users across various websites and apps without having to own and manage passwords.
The new OpenID certification program is a tool to ensure that implementations by different parties will successfully interoperate. Google, Microsoft, ForgeRock, Ping Identity, Nomura Research Institute, and PayPal are some of the other industry leaders who will participate in the new certification process.
Based on self-certification, the OpenID Connect Certification program is a formal declaration by an organization that a product or service meets the requirements of specified conformance profiles of the OpenID Connect standard.
The overall Self-Certification Process is outlined below:
- Vendors must pass a series of self-administered conformance tests for profiles.
- Once the tests are completed, the organization signs and submits a Certification of Conformance to the OpenID Foundation. The organization attests that it successfully completed the software tests and asserts that its deployment conforms to the designated OpenID Connect profile.
- After the required materials are submitted, the self-certifications are published. The certifications are then registered by the OpenID Foundation at the Open Identity Exchange’s publically accessible identity registry, known as OIXnet, which was also launched at RSA Conference 2015.
With the rapid adoption of OpenID Connect, this lightweight certification process allows participating vendors to come together to build a more secure and trusted Internet identity ecosystem.
And the benefits from a user’s standpoint?
From a user’s perspective, this process removes the often difficult burden of identity creation and authentication by facilitating an easy-to-use and secure method that is interoperable across multiple web sites. This program and certification process can potentially augment online transactions at higher volumes, velocity, and variety.
The OIXnet -- a Global Registry for Trust Frameworks
The news of the recently launched OIXnet is also another big win for our industry. It shows that industry leaders – from diverse verticals -- have come together to support both the new OpenID Connect and OIXnet Registry initiatives. Symantec is a founding board member and executive committee member of the OIX. Both the OIX Registry and the OpenID Connect test suite will be hosted by Symantec to ensure the security of the trust framework resources and certifications.
As a leader in global threat intelligence and cybersecurity, Symantec is uniquely positioned to share actionable intelligence for both enterprises and consumers. The selection of Symantec to host the OIX Registry and the OpenID Connect test suite further augments our commitment to advancing the industry.
Overall, at Symantec we’re excited to support these new initiatives and look forward to promoting the adoption of these global standards.