The OpenID Foundation has approved the Fourth Implementer’s Draft of the OpenID Federation Specification. This is a major step towards having the specification become final.
The previous Implementer’s Draft was in 2021. A lot has happened since then, largely motivated by feedback from actual implementations and deployments. Some highlights of progress made in the spec since then are:
- Changed name from OpenID Connect Federation to OpenID Federation, since Federation can be used for trust establishment for any protocol (including OpenID Connect).
- Introduced distinct Federation endpoints.
- Clearly defined and consistently used the terms Entity Statement, Entity Configuration, and Subordinate Statement.
- Clearly defined which claims can occur in which kinds of Entity Statements.
- Clearly defined Entity Types and the Federation Entity entity type.
- Enhanced description of Trust Mark issuance and usage.
- Defined relationship between metadata and metadata policy.
- Clearly defined interactions between policy operators.
- Defined where constraints may occur.
- Tightened descriptions of Automatic Registration and Explicit Registration.
- Added Historical Keys.
- Defined and used
trust_chain
JWS Header Parameter. - Allowed Trust Chains to start with non-Trust Anchors.
- Clarified use of client authentication.
- Used OAuth Protected Resource Metadata.
- Consistent error handling.
- Added General-Purpose JWT Claims section.
- Comprehensive use of content types and media types.
- IANA registration of parameters, claims, and media types.
- Added and improved many diagrams.
- Substantial rewrites for increased consistency and clarity.
- Added Giuseppe De Marco and Vladimir Dzhuvinov as editors.
As a preview of coming attractions, I’ll note that profiles of OpenID Federation are being written describing how it being used in wallet ecosystems and how it is being used in open finance ecosystems. And we’re creating a list of implementations. Watch this space for future announcements.
Special thanks to all the implementers and deployers who provided feedback to get us to this point!