Latest Blogs
Blogs about the OpenID Foundation and the Identity industry
OIDF Supports National Strategy on Fraud and Scam Prevention
Today, the Aspen Institute Financial Security Program launched a groundbreaking National Strategy on Fraud and Scam Prevention. The OpenID Foundation was delighted to participate as a task force member, contributing to the effort alongside more than 80 cross-sector partners. This represents the first time such a broad collection of leaders
FAPI 2.0 Message Signing Final Specification Approved
The OpenID Foundation membership has approved the following as an OpenID Final Specification: FAPI 2.0 Message Signing: https://openid.net/specs/fapi-message-signing-2_0-final.html A Final Specification provides intellectual property protections to implementers of the specification and is not subject to further revision. This Final Specification is the product of the OpenID FAPI Working Group.
Australian Digital Trust Community Group responds to Productivity Commission’s Digital Technology Report
Supporting Australia’s Digital Trust Ecosystem The OpenID Foundation’s Australian Digital Trust Community Group (ADT CG) has submitted comments to Australia’s Productivity Commission on its Interim Report covering data and digital technology policy, demonstrating the Foundation’s commitment to supporting policy development in Australia through expert technical guidance and industry collaboration. The
OIDF supports Japanese regulator on phishing defence
The OpenID Foundation continues to support government partners, with the OpenID Foundation’s Chairman Nat Sakimura recently leading the organization’s expert guidance to Japan’s Financial Services Agency (FSA) on strengthening cybersecurity defences for securities and trading companies facing sophisticated phishing attacks. Japanese financial firms have been experiencing increasingly sophisticated phishing and
OpenID for Verifiable Credential Issuance 1.0 Final Specification Approved
The OpenID Foundation membership has approved the following as an OpenID Final Specification: OpenID for Verifiable Credential Issuance 1.0: https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0-final.html A Final Specification provides intellectual property protections to implementers of the specification and is not subject to further revision. This Final Specification is the product of the OpenID DCP Working Group.
PRESS RELEASE: OpenID Foundation finalizes global standards for real-time identity security
Industry wide adoption of standardized security event sharing now possible. Three specifications to enable instant security coordination across all connected systems worldwide. This crucial development will make Zero Trust architectures achievable at global scale. San Ramon, CA, 16 September 2025 – The OpenID Foundation (OIDF), a global leader in
How SSF/CAEP and STIX/TAXII Secure Different Fronts
By Shared Signals Framework WG Contributor, Apoorva Deshpande, Okta In the realm of cybersecurity, there are two critical sets of frameworks that serve distinct yet vital roles in how organizations share and act upon security information – the Shared Signals Framework (SSF), with its Continuous Access Evaluation Protocol (CAEP), and
Three Shared Signals Final Specifications Approved
The OpenID Foundation membership has approved the following three specifications as an OpenID Final Specifications: OpenID Shared Signals Framework: https://openid.net/specs/openid-sharedsignals-framework-1_0-final.html OpenID CAEP: https://openid.net/specs/openid-caep-1_0-final.html OpenID RISC: https://openid.net/specs/openid-risc-1_0-final.html A Final Specification provides intellectual property protections to implementers of the specification and is not subject to further revision. These three Final Specifications are
OIDF receives security analysis of OpenID for Verifiable Presentations
The OpenID Foundation is pleased to announce the completion of a comprehensive security analysis of OpenID for Verifiable Presentations (OpenID4VP) when used over the Digital Credentials API (DC API). This represents the first security analysis of OpenID4VP and DC API together, which allowed potential security vulnerabilities to be detected and
Errata Corrections to JWT Secured Authorization Response Mode for OAuth 2.0 (JARM) Approved
Errata to the following specification have been approved by a vote of the OpenID Foundation members: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM) – This specification was created to bring some of the security features defined as part of OpenID Connect to OAuth 2.0 An Errata version of a specification incorporates corrections
Adoption now and ahead: mDL Day ‘Voices of the Future’ panel
On July 14, 2025, OpenID Foundation’s Executive Director Gail Hodges was delighted to moderate the ‘Voices from the Future’ panel at the Federal Mobile Driver’s License (mDL) Industry Day | GSA, which included leaders from five US States and the American Association of Motor Vehicle Administrators (AAMVA) on the use
Shared Signals interop event at Authenticate 2025: Call for participation
The OpenID Foundation is excited to announce the first interoperability event testing against the soon-to-be-final Shared Signals Framework (SSF) specification at Authenticate 2025. This event will demonstrate interoperability on the final specification, after the membership votes on it as being ‘final’ by end of August), as per OIDF Process Document.
OpenID Foundation demonstrates real-world interoperability of new Digital Identity Issuance Standards
Gail Hodges, Executive Director OpenID Foundation Today the OIDF is proud to announce that the OpenID for Verifiable Credential Issuance (OpenID4VCI) specification has proven interoperability through the pairwise testing of seven issuers and five wallets providers from around the world. The clear evidence of interoperability is a meaningful and timely
OIDF launches Ecosystems Support Community Group
The OpenID Foundation has launched a new Ecosystems Support Community Group (ESCG) to help public and private sector ecosystem leaders understand the key architectures, decisions, and best practices at the forefront of open banking/open data and digital identity adoption globally. Context The ESCG arrives at a critical time when 90+
UN’s DPI Day: Elizabeth Garber on standards as safeguards
The OpenID Foundation’s Strategy and Marketing Director, Elizabeth Garber, attended DPI (Digital Public Infrastructure) Day as a member of the 2025 DPI Safeguards Working Group, which operates within the United Nations Development Programme and the Office for Digital and Emerging Technologies. Her extensive background with multi-stakeholder communities like SIDI Hub,
Strengthening cloud identity through open standards
The OpenID Foundation’s perspective on secure digital infrastructure The blog post released today by the Cybersecurity and Infrastructure Security Agency (CISA) Securing Core Cloud Identity Infrastructure: Addressing Advanced Threats through Public-Private Collaboration outlines vulnerabilities in cloud identity infrastructure and the urgent need to address these challenges. We applaud CISA’s call
Notice of Vote to Approve Proposed Errata Corrections to JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)
This is a notice of an upcoming vote to approve proposed errata corrections to JWT Secured Authorization Response Mode for OAuth 2.0 (JARM). The official voting period will be between Monday, July 28, 2025 and Monday, August 4, 2025, once the 45 day review of the specification has been completed. For
OpenID for Verifiable Presentations 1.0 Final Specification Approved
The OpenID Foundation membership has approved the following specification as an OpenID Final Specification: · OpenID for Verifiable Presentations 1.0: https://openid.net/specs/openid-4-verifiable-presentations-1_0-final.html A Final Specification provides intellectual property protections to implementers of the specification and is not subject to further revision. This OpenID for Verifiable Presentations Final Specification is a product of the OpenID
FAPI 2.0 Security Profile and FAPI 2.0 Message Signing: Final Conformance Tests and Certifications Now Available
The OpenID Foundation is pleased to announce the availability of conformance tests and certifications for the final versions of the FAPI 2.0 Security Profile and FAPI 2.0 Message Signing specifications for both authorization servers and OAuth clients. FAPI 2.0 Security Profile was approved as a Final specification in February 2025,
OpenID Foundation and CSC partner to strengthen ID ecosystem
The OpenID Foundation is excited to announce a new collaboration agreement with the Cloud Signature Consortium (CSC), marking a significant step forward in the standardization of digital credentials and cloud based signatures. The OpenID Foundation leads the global community in creating identity standards that are secure, interoperable and privacy-preserving, while