Latest Blogs
Blogs about the OpenID Foundation and the Identity industry
Verifiable credentials: a valuable tool in the fight against rising ID fraud?
US Financial institutions face a critical challenge. Suspicious account records are on the rise despite innovations in identity and verification (ID&V) technologies. Can widespread adoption of High Assurance Identity Verification by financial institutions be the answer? Banks need to establish a reasonable belief of a customer’s identity during account opening,
OIDF offers standards roadmap for GENIUS Act
The OpenID Foundation has submitted a comprehensive response to the US Department of the Treasury’s Request for Comment on “Innovative Methods to Detect Illicit Activity Involving Digital Assets” (TREAS-DO-2025-0070-0001), issued under the GENIUS Act. As a technical standards body with deep expertise in APIs and digital identity, the OpenID Foundation welcomes
OIDF submits comments on CFPB Data Rights Rule
The OpenID Foundation (OIDF) has submitted comments to the Consumer Financial Protection Bureau (CFPB) regarding the reconsideration of Rule 1033 on personal financial data rights. The OpenID Foundation brings expertise from working with open banking implementations across 12 global ecosystems. This submission represents the Foundation’s third response to this regulation,
OIDF submits comments on Utah’s state-endorsed digital identity RFI
The OpenID Foundation has submitted its comments on Utah’s Request for Information (RFI #AE26-1) regarding the State-Endorsed Digital Identity (SEDI) program. This submission reflects the OpenID Foundation’s ongoing commitment to supporting governments worldwide as they develop digital identity frameworks that prioritize security, privacy, and interoperability. Gail Hodges, Executive Director of the
Top firms test interoperability of final SSF and CAEP
The OpenID Foundation and hosting partner FIDO Alliance brought together implementers of the newly finalized Shared Signals Framework (SSF) and Continuous Access Evaluation Profile (CAEP) specifications to demonstrate interoperability at the Authenticate 2025 conference in Carlsbad, California, earlier this month (October 13-15, 2025). The Shared Signals Framework (SSF) and Continuous
OpenID Connect Core 1.0 now published as ITU standard
We’re pleased to announce that Recommendation X.1285, incorporating the OpenID Connect Core 1.0 – errata set 2 specification, has been officially published by the International Telecommunication Union. Following the formal adoption in April 2025, which we announced in May, the specification is now publicly available. This publication marks a significant
Second Implementer’s Draft of OpenID Connect Native SSO for Mobile Apps Approved
The OpenID Foundation membership has approved the following as an OpenID Implementer’s Draft: OpenID Connect Native SSO for Mobile Apps 1.0: https://openid.net/specs/openid-connect-native-sso-1_0-ID2.html An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. This Implementer’s Draft is the product of the OpenID AB/Connect
OIDF applauds new FIDO and Shared Signals whitepaper
The OpenID Foundation welcomes the publication of a new whitepaper from the FIDO Alliance that examines how FIDO authentication and the Shared Signals Framework (SSF) work together to address enterprise security challenges. We recognize the significant effort by the FIDO Enterprise Deployment Working Group to illustrate how aligned our specifications
OpenID Foundation Applauds Western Balkans Digital ID Plan
Joint Statement on Achieving Interoperable Digital ID Wallets and Trust Services at the 6th Western Balkans Digital Summit The Western Balkan governments welcomed regional experts, ministers, European Union representatives, the World Bank, and the OpenID Foundation, amongst other global experts, to take part in the 6th Western Balkans
New whitepaper tackles AI agent identity challenges
The OpenID Foundation has today released a critical new whitepaper addressing one of the most pressing challenges facing organizations deploying AI agents – how to securely authenticate and authorize these autonomous systems while maintaining proper governance and accountability. Identity Management for Agentic AI: The new frontier of authorization, authentication, and
OIDF Announces New Investment to Expand Conformance Services
The OpenID Foundation Board has approved the development of a new service to enable stronger partnership with “managing entities” and “accredited laboratories” that wish to deploy the OpenID Foundation tests and best practices within a wider ecosystem conformance service. This additional service is scheduled for launch in Q2 2026, and
OIDF Supports National Strategy on Fraud and Scam Prevention
Today, the Aspen Institute Financial Security Program launched a groundbreaking National Strategy on Fraud and Scam Prevention. The OpenID Foundation was delighted to participate as a task force member, contributing to the effort alongside more than 80 cross-sector partners. This represents the first time such a broad collection of leaders
FAPI 2.0 Message Signing Final Specification Approved
The OpenID Foundation membership has approved the following as an OpenID Final Specification: FAPI 2.0 Message Signing: https://openid.net/specs/fapi-message-signing-2_0-final.html A Final Specification provides intellectual property protections to implementers of the specification and is not subject to further revision. This Final Specification is the product of the OpenID FAPI Working Group.
Australian Digital Trust Community Group responds to Productivity Commission’s Digital Technology Report
Supporting Australia’s Digital Trust Ecosystem The OpenID Foundation’s Australian Digital Trust Community Group (ADT CG) has submitted comments to Australia’s Productivity Commission on its Interim Report covering data and digital technology policy, demonstrating the Foundation’s commitment to supporting policy development in Australia through expert technical guidance and industry collaboration. The
OIDF supports Japanese regulator on phishing defence
The OpenID Foundation continues to support government partners, with the OpenID Foundation’s Chairman Nat Sakimura recently leading the organization’s expert guidance to Japan’s Financial Services Agency (FSA) on strengthening cybersecurity defences for securities and trading companies facing sophisticated phishing attacks. Japanese financial firms have been experiencing increasingly sophisticated phishing and
OpenID for Verifiable Credential Issuance 1.0 Final Specification Approved
The OpenID Foundation membership has approved the following as an OpenID Final Specification: OpenID for Verifiable Credential Issuance 1.0: https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0-final.html A Final Specification provides intellectual property protections to implementers of the specification and is not subject to further revision. This Final Specification is the product of the OpenID DCP Working Group.
PRESS RELEASE: OpenID Foundation finalizes global standards for real-time identity security
Industry wide adoption of standardized security event sharing now possible. Three specifications to enable instant security coordination across all connected systems worldwide. This crucial development will make Zero Trust architectures achievable at global scale. San Ramon, CA, 16 September 2025 – The OpenID Foundation (OIDF), a global leader in
How SSF/CAEP and STIX/TAXII Secure Different Fronts
By Shared Signals Framework WG Contributor, Apoorva Deshpande, Okta In the realm of cybersecurity, there are two critical sets of frameworks that serve distinct yet vital roles in how organizations share and act upon security information – the Shared Signals Framework (SSF), with its Continuous Access Evaluation Protocol (CAEP), and
Three Shared Signals Final Specifications Approved
The OpenID Foundation membership has approved the following three specifications as an OpenID Final Specifications: OpenID Shared Signals Framework: https://openid.net/specs/openid-sharedsignals-framework-1_0-final.html OpenID CAEP: https://openid.net/specs/openid-caep-1_0-final.html OpenID RISC: https://openid.net/specs/openid-risc-1_0-final.html A Final Specification provides intellectual property protections to implementers of the specification and is not subject to further revision. These three Final Specifications are
OIDF receives security analysis of OpenID for Verifiable Presentations
The OpenID Foundation is pleased to announce the completion of a comprehensive security analysis of OpenID for Verifiable Presentations (OpenID4VP) when used over the Digital Credentials API (DC API). This represents the first security analysis of OpenID4VP and DC API together, which allowed potential security vulnerabilities to be detected and