Identity standards group expands certification program

Those that issue user credentials, and those that accept them, now have access to OpenID Connect certification
Written by John Fontana, Contributor

In its efforts to maximize interoperability, trust and security among adopters of OpenID Connect identity protocols, the OpenID Foundation revealed this week newly certified tools that support acceptance of standardized credentials issued by another entity.

Ping Identity, Janrain and Nomura Research Institute became the initial companies to complete self-certification testing on their Relying Party (RP) servers and services thus ensuring interoperability among OpenID Connect (OIDC) implementations. RPs accept end-user identities issued by other entities known as OpenID Providers (OP).

The OpenID Foundation also announced a number of RP Libraries for various OIDC conformance profiles that have passed self-certification, including libraries from Karlsruher Institut für Technologie/SCC, Brock Allen, Dominick Baier, Thierry Habart, Roland Hedberg, Nov Matake, Filip Skokan, and Hans Zandbelt.

OIDC is an authentication protocol and a cornerstone for scalable, standardized identity-based access controls across cloud services, mobile apps, enterprise and other resources.

The OpenID Foundation made the certification announcement at this week's RSA Conference.

"The OpenID Connect and Relying Party (RP) self-certification process really opens doors to creating an internet ecosystem that people can trust when doing business online," said Don Thibeau, executive director of the OpenID Foundation. "Organizations and tech professionals now have a list of technologies that have been verified and can be trusted to conform to industry standards and ensure more secure transactions."

The new certification program, which is available to select participants but will be generally available shortly, is the second half of an OpenID self-certification plan that began in 2015.

That year, the OpenID Foundation introduced self-certification testing for its OPs, those entities that issue identities. Earlier this year, Symantec and Verizon became the latest certified OPs. This latest round of self-certification testing is for RPs. The addition of RP certification now covers the complete identity transaction.

"The certification represents a commitment to our current and future customers, as well as our implementation partners and the developer community, that we see OpenID Connect as a principal protocol used in identity federation moving forward," said Brian Campbell, a distinguished engineer at Ping Identity.

OIDC is built on top of OAuth 2.0, an identity framework standard blessed by the Internet Engineering Task Force (IETF).

From a very high level, OAuth is about granting access, while OIDC is about authentication. The two open identity standards are designed so they can work separately, but when paired they strengthen access control and data security. OIDC was formerly standardized in 2014.

The two identity pieces use standards such as Representational State Transfer (REST) and JavaScript Object Notation (JSON), which are developer friendly and eliminate the need for enterprises to open ports on their firewalls.

Editorial standards