Presentation is loading. Please wait.

Presentation is loading. Please wait.

OpenID Certification June 7, 2016 Michael B. Jones Identity Standards Architect – Microsoft.

Published byMarybeth Chambers Modified over 8 years ago

Similar presentations

Presentation on theme: "OpenID Certification June 7, 2016 Michael B. Jones Identity Standards Architect – Microsoft."— Presentation transcript:

1 OpenID Certification June 7, 2016 Michael B. Jones Identity Standards Architect – Microsoft

2 What is OpenID Certification? OpenID Certification enables OpenID Connect implementations to be certified as meeting the requirements of defined conformance profiles An OpenID Certification has two components: – Technical evidence of conformance resulting from testing – Legal statement of conformance Certified implementations can use the “OpenID Certified” logo

3 What value does certification provide? Technical: – Certification testing gives confidence that things will “just work” – No custom code required to integrate with implementation – Better for all parties – Relying parties explicitly asking identity providers to get certified Business: – Enhances reputation of organization and implementation – Shows that organization is taking interop seriously – Customers may choose certified implementations over others

4 What can be certified now? Five conformance profiles of OpenID Provider implementations defined: – Basic OpenID Provider – Implicit OpenID Provider – Hybrid OpenID Provider – OpenID Provider Publishing Configuration Information – Dynamic OpenID Provider

5 Who has achieved OpenID Certification? Certifications listed at http://openid.net/certification/ http://openid.net/certification/ 90 profiles certified for 28 implementations by 26 organizations Recent additions: – Spark Platform, NEC, SecureAuth, Clareity Security, University of Chicago (for Shibboleth overlay!), Auth0, and Okta Each entry in table a link to zip file containing test logs and signed legal statement of conformance – Test results available for public inspection

6 How does OpenID Certification work? Organization decides what profiles it wants to certify to – For instance, “Basic”, “Config”, and “Dynamic” Runs conformance tests publicly available at http://op.certification.openid.net/ http://op.certification.openid.net/ Once all tests for a profile pass, organization submits certification request to OpenID Foundation containing: – Logs from all tests for the profile – Signed legal declaration that implementation conforms to the profile OpenID Foundation verifies application is complete and grants certification OIDF lists certification at http://openid.net/certification/ and registers it in OIXnet at http://oixnet.org/openid-certifications/http://openid.net/certification/http://oixnet.org/openid-certifications/

7 Use of Self-Certification OpenID Certification uses self-certification – Party seeking certification does the testing – (rather than paying a 3rd party to do the testing) Simpler, quicker, less expensive, more scalable than 3rd party certification Results are nonetheless trustworthy because – Testing logs are made available for public scrutiny – Organization puts its reputation on the line by making a public declaration that its implementation conforms to the profile being certified to

8 Example Testing Screen

9 Log from a Conformance Test

10 Certification of Conformance Legal statement by certifier stating: – Who is certifying – What software – When tested – Profile tested Commits reputation of certifying organization to validity of results

11 My Favorite Comment on OpenID Certification Eve Maler – VP of Innovation at ForgeRock – “You made it as simple as possible so every interaction added value” High praise!

12 How does certification relate to interop testing? OpenID Connect held 5 rounds of interop testing – see http://osis.idcommons.net/ http://osis.idcommons.net/ – Each round improved implementations and specs – By the numbers: 20 implementations, 195 members of interop list, > 1000 messages exchanged With interop testing, by design, participants can ignore parts of the specs Certification raises the bar: – Defines set of conformance profiles that certified implementations meet – Assures interop across full feature sets in profiles

13 Can I use the certification site for interop testing? Yes – please do! The OpenID Foundation is committed to keeping the conformance test sites up and available for free to all Many projects using conformance testing for regression testing – Once everything passes, you’re ready for certification! Test software is open source Python using Apache 2.0 license – Some projects have deployed private instances for internal testing

14 What’s next for OpenID Certification? Scope of OpenID Certification expanding RP certification nearing launch – Please get involved testing the tests! Additional OpenID Provider profiles are also planned: – Refresh Token Behaviors – OP-Initiated Login – Front-Channel Logout – Self-Issued – etc.

15 Call to Action Certify your OpenID Connect OP implementations now! Help us test the RP tests! Join the OpenID Foundation and/or the OpenID Connect working group

16 Where can I learn more? Certification instructions and current results: – http://openid.net/certification/ http://openid.net/certification/ Frequently asked questions: – http://openid.net/certification/faq/ http://openid.net/certification/faq/ My blog: – http://self-issued.info/ http://self-issued.info/ Or drop me an e-mail: – mbj@microsoft.com mbj@microsoft.com

Download ppt "OpenID Certification June 7, 2016 Michael B. Jones Identity Standards Architect – Microsoft."

Similar presentations

Yahoo! OpenID and OAuth 1 Allen Tom Yahoo! Membership Architect OpenID Foundation Board

Yahoo! OpenID and OAuth 1 Allen Tom Yahoo! Membership Architect OpenID Foundation Board
Module: 201 Create and Manage Your Agent Account.

Module: 201 Create and Manage Your Agent Account.
Module: 301 Set Up Issuer Accounts on NMHIX. It is recommended that all issuers using NMHIX should take this course.

Module: 301 Set Up Issuer Accounts on NMHIX. It is recommended that all issuers using NMHIX should take this course.
WELCOME TO THE MCCLOUD SERVICES CUSTOMER WEB PORTAL TUTORIAL.

WELCOME TO THE MCCLOUD SERVICES CUSTOMER WEB PORTAL TUTORIAL.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
OpenID Connect Update and Discussion Mountain View Summit – September 12, 2011 Mike Jones – Microsoft John Bradley – Independent Nat Sakimura – Nomura.

OpenID Connect Update and Discussion Mountain View Summit – September 12, 2011 Mike Jones – Microsoft John Bradley – Independent Nat Sakimura – Nomura.
Analysis of oneM2M Certification Model TST 15 Source: Sookhyun Jeon, TTA, Meeting Date: 2015-02-03.

Analysis of oneM2M Certification Model TST 15 Source: Sookhyun Jeon, TTA, Meeting Date:
OpenID Connect Working Group April 6, 2015 Mike Jones Identity Standards Architect – Microsoft.

OpenID Connect Working Group April 6, 2015 Mike Jones Identity Standards Architect – Microsoft.
WELCOME TO THE AHIA CONNECTED COMMUNITY! HEALTHCARE INTERNAL AUDIT'S PROFESSIONAL THOUGHT LEADERSHIP COMMUNITY.

WELCOME TO THE AHIA CONNECTED COMMUNITY! HEALTHCARE INTERNAL AUDIT'S PROFESSIONAL THOUGHT LEADERSHIP COMMUNITY.
Site License Online Application Demo. Agenda Licensing Portal1 License Draw Down – All User4 License Draw Down – Super Users5 Contract Administration.

Site License Online Application Demo. Agenda Licensing Portal1 License Draw Down – All User4 License Draw Down – Super Users5 Contract Administration.
Partner Network Portal Anna Jones :: July 2006 Partner Training Webinar Communications Sector.

Partner Network Portal Anna Jones :: July 2006 Partner Training Webinar Communications Sector.
Friends of Welcoming Goal: Provide tools and support that help increase understanding and positive interactions between US and foreign born around the.

Friends of Welcoming Goal: Provide tools and support that help increase understanding and positive interactions between US and foreign born around the.
SNIA/SSIF KMIP Interoperability Proposal. What is the proposal? Host a KMIP interoperability program which includes: – Publishing a set of interoperability.

SNIA/SSIF KMIP Interoperability Proposal. What is the proposal? Host a KMIP interoperability program which includes: – Publishing a set of interoperability.
Identity Management Report By Jean Carreon and Marlon Gonzales.

Identity Management Report By Jean Carreon and Marlon Gonzales.
Enforcement mechanisms for distributed authorization across domains in UMA – aka “UMA trust” Eve Maler | 22 Aug 2012 draft.

Enforcement mechanisms for distributed authorization across domains in UMA – aka “UMA trust” Eve Maler | 22 Aug 2012 draft.
An Overview of Single Sign-On, Federation, Its Benefits, and Basic Procedures for Integrating Applications.

An Overview of Single Sign-On, Federation, Its Benefits, and Basic Procedures for Integrating Applications.
Observations from the OAuth Feature Survey Mike Jones March 14, 2013 IETF 86.

Observations from the OAuth Feature Survey Mike Jones March 14, 2013 IETF 86.
Claims-Based Identity Solution Architect Briefing zoli.herczeg.ro Taken from David Chappel’s work at TechEd Berlin 2009.

Claims-Based Identity Solution Architect Briefing zoli.herczeg.ro Taken from David Chappel’s work at TechEd Berlin 2009.
Hubnet Training One Health Network South East Asia Network Overview | Public and Members-only Pages; Communicating and Publishing using Blogs and News.

Hubnet Training One Health Network South East Asia Network Overview | Public and Members-only Pages; Communicating and Publishing using Blogs and News.
PestPac Software Customer Portal. Customer Portal Website Training The Customer Portal provides your customers with access to their account information.

PestPac Software Customer Portal. Customer Portal Website Training The Customer Portal provides your customers with access to their account information.

Similar presentations

Ads by Google