I’m thrilled to report that the OpenID Connect specifications have now been published as ISO/IEC standards. They are:
- ISO/IEC 26131:2024 — Information technology — OpenID connect — OpenID connect core 1.0 incorporating errata set 2
- ISO/IEC 26132:2024 — Information technology — OpenID connect — OpenID connect discovery 1.0 incorporating errata set 2
- ISO/IEC 26133:2024 — Information technology — OpenID connect — OpenID connect dynamic client registration 1.0 incorporating errata set 2
- ISO/IEC 26134:2024 — Information technology — OpenID connect — OpenID connect RP-initiated logout 1.0
- ISO/IEC 26135:2024 — Information technology — OpenID connect — OpenID connect session management 1.0
- ISO/IEC 26136:2024 — Information technology — OpenID connect — OpenID connect front-channel logout 1.0
- ISO/IEC 26137:2024 — Information technology — OpenID connect — OpenID connect back-channel logout 1.0 incorporating errata set 1
- ISO/IEC 26138:2024 — Information technology — OpenID connect — OAuth 2.0 multiple response type encoding practices
- ISO/IEC 26139:2024 — Information technology — OpenID connect — OAuth 2.0 form post response mode
I submitted the OpenID Connect specifications for publication by ISO as Publicly Available Specifications (PAS) for the OpenID Foundation in December 2023. Following the ISO approval vote, they are now published. This should foster even broader adoption of OpenID Connect by enabling deployments in jurisdictions around the world that have legal requirements to use specifications from standards bodies recognized by international treaties, of which ISO is one.
Before submitting the specifications, the OpenID Connect working group diligently worked through the process of applying errata corrections to the specifications, so that the ISO versions would have all known corrections incorporated.
Having successfully gone through the ISO PAS submission process once, the OpenID Foundation now plans to submit additional families of final specifications for publication by ISO. These include the FAPI 1.0 specifications, and once they’re final, the eKYC-IDA specifications and FAPI 2.0 specifications.
Thanks to all who helped us achieve this significant accomplishment!
Mike Jones
The OpenID Connect specifications are available for free on the openid.net website. Furthermore, the OpenID Foundation retains change control over them. We have not ceded control to ISO. The locations where they are and will remain freely available are:
https://openid.net/specs/openid-connect-core-1_0.html
https://openid.net/specs/openid-connect-discovery-1_0.html
https://openid.net/specs/openid-connect-registration-1_0.html
https://openid.net/specs/openid-connect-rpinitiated-1_0.html
https://openid.net/specs/openid-connect-session-1_0.html
https://openid.net/specs/openid-connect-frontchannel-1_0.html
https://openid.net/specs/openid-connect-backchannel-1_0.html
https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html
https://openid.net/specs/oauth-v2-form-post-response-mode-1_0.html