OpenID Connect Editor's Drafts

Below are links to the HTML versions of the editor's drafts of the specifications and implementer's guides:

Editor's Drafts of Specifications with Implementer's Draft Status

• OpenID Federation - Defines how parties within a federation can establish trust with one another
• Self-Issued OpenID Provider V2 - Enables End-users to use OpenID Providers (OPs) that they control
• OpenID for Verifiable Presentations - This specification defines a mechanism on top of OAuth 2.0 to allow presentation of claims in the form of verifiable credentials as part of the protocol flow
• OpenID Connect Native SSO for Mobile Apps - Enables native applications by the same vendor to share login information

Editor's Drafts of Final Specifications without Errata Updates

• Core - Defines the core OpenID Connect functionality: authentication built on top of OAuth 2.0 and the use of Claims to communicate information about the End-User
• Discovery - Defines how RPs dynamically discover information about OpenID Providers
• Dynamic Registration - Defines how RPs dynamically register with OpenID Providers
• OAuth 2.0 Multiple Response Types - Defines several specific new OAuth 2.0 response types
• OAuth 2.0 Form Post Response Mode - Defines how to return OAuth 2.0 Authorization Response parameters (including OpenID Connect Authentication Response parameters) using HTML form values that are auto-submitted by the User Agent using HTTP POST
• OpenID 2.0 to OpenID Connect Migration - Defines how to migrate from OpenID 2.0 to OpenID Connect
• OpenID Connect RP-Initiated Logout - Defines how a Relying Party requests that an OpenID Provider log out the End-User
• Session Management - Defines how to manage OpenID Connect sessions, including postMessage-based logout functionality
• Front-Channel Logout - Defines a front-channel logout mechanism that does not use an OP iframe on RP pages
• Back-Channel Logout - Defines a logout mechanism that uses direct back-channel communication between the OP and RPs being logged out
• OpenID Connect Core Error Code unmet_authentication_requirements - Defines the unmet_authentication_requirements authentication response error code
• Initiating User Registration via OpenID Connect - Defines the prompt=create authentication request parameter

Editor's Drafts of Other Working Group Specifications

• OpenID Federation Extended Subordinate Listing – Extends OpenID Federation to facilitate listings of large numbers of subordinates
• OpenID Connect Claims Aggregation - Enables RPs to request and Claims Providers to return aggregated claims through OPs
• OpenID Connect UserInfo Verifiable Credentials - Enables UserInfo responses as Verifiable Credentials
• OpenID for Verifiable Presentations over BLE - This document defines how Bluetooth Low Energy (BLE) can be used to request the presentation of verifiable credentials using the request and response syntax as defined by OpenID 4 Verifiable Presentations.
• Security and Trust in OpenID for Verifiable Credentials - This specification describes the trust architecture in OpenID for Verifiable Credentials (VCs), outlines security considerations and requirements for the components in an ecosystem, and provides an informal security analysis of the OpenID 4 VC protocols.

Editor's Drafts of Implementer's Guides

• Basic Client Implementer's Guide - (Implementer's Guide) Simple subset of the Core functionality for a web-based Relying Party using the OAuth code flow
• Implicit Client Implementer's Guide - (Implementer's Guide) Simple subset of the Core functionality for a web-based Relying Party using the OAuth implicit flow

Repositories

Many working group specifications are in the Bitbucket repository at https://bitbucket.org/openid/connect, including the OpenID Connect specs themselves. However, some newer specifications reside in repositories under https://github.com/openid. These include:

• OpenID Federation at https://github.com/openid/federation
• OpenID for Verifiable Presentation at https://github.com/openid/OpenID4VP
• SIOPv2 at https://github.com/openid/SIOPv2
• OpenID Federation Extended Subordinate Listing at https://github.com/openid/federation-extended-listing

Note that the following instructions are for using the Bitbucket repository.

Issue Tracking

To submit an issue to the specifications, use the following syntax in the issue title:

<SpecAbbrev> - <Section.Number> <Descritpion>.

For example, to submit a comment on section 4.3.2 of the Core spec, write the title as

Core - 4.3.2 This is the title for the issue

The <Component> values in the issue tracker are currently:

• All
• Core
• Discovery
• Registration
• Session
• Responses
• FrontChannel
• BackChannel
• Basic
• Implicit

Working with the Repository

This working repository uses Git for version control. The server is at bitbucket.org.

To work on the repository, you need to do the following:

1. Fill in the Contribution Agreement so that you join "OpenID AB/Connect Working Group."
2. (If you do not already have one, create a Bitbucket account).

Then start working with the repository as:

1. Clone the repository. (The command to use is on https://bitbucket.org/openid/connect/src/master.)

Make sure that:

• You only do one edit per commit.
• You include the <command> and <issue number> in the commit message (see below).

For more details, see: http://confluence.atlassian.com/display/BITBUCKET/Bitbucket+101

Commit Messages

When making a commit, use the following syntax for the commit messages so that the issues are linked to the commit:

<command> <issue id> 

For example:

  Fix #45 - Typo fixed

<command> can be one of the followings:

close/closed/closes/closing/fix/fixed/fixes    # resolves the issue
reopen/reopens/reopening                       # reopens the issue
addresses/re/references/ref/refs/see           # adds a link to the changeset as a comment for the issue

The <issue id> SHOULD be specified as #45 etc.