Current Working Groups


AB/Connect WG

The AB/Connect working group is a combined working group of the Artifact Binding (AB) Working Group and the Connect Working Group aimed at producing the OAuth 2.0 based “OpenID Connect” specifications.


Enhanced Authentication Profile (EAP) WG

The purpose of this working group is to develop a security and privacy profile of the OpenID Connect specifications that enable users to authenticate to OpenID Providers using strong authentication specifications. The resulting profile will enable use of IETF Token Binding specifications with OpenID Connect and integration with FIDO relying parties and/or other strong authentication technologies.


eKYC & IDA WG

The?eKYC and Identity Assurance (eKYC & IDA) WG?is developing extensions to OpenID Connect that will standardise the communication of assured identity information, i.e. verified claims and information about how the verification was done and how the respective claims are maintained.


Financial-grade API (FAPI)?WG

The goal of FAPI is to provide JSON data schemas, security and privacy recommendations and protocols to:

  • enable applications to utilize the data stored in the financial account,
  • enable applications to interact with the financial account, and
  • enable users to control the security and privacy settings.

FastFed?WG

The purpose of this Working Group is to develop a meta-data document?specification, APIs, and workflow to enable an administrator to federate an?identity provider and a hosted application that supports one or more of?OpenID Connect, SAML, and SCIM and enable configuration changes to be?communicated between the identity provider and hosted application.


HEART WG

The HEART Working Group intends to harmonize and develop a set of privacy and security specifications that enable an individual to control the authorization of access to RESTful health-related data sharing APIs, and to facilitate the development of interoperable implementations of these specifications by others


International Government Assurance Profile (iGov) WG

The purpose of this working group is to develop a security and privacy profile of the OpenID Connect specifications that allow users to authenticate and share consented attribute information with public sector services across the globe. The resulting profile will enable standardized integration with public sector relying parties in multiple jurisdictions. The profile will be applicable to, but not exclusively targeted at, identity broker-based implementations.


MODRNA WG

The MODRNA (Mobile Operator Discovery, Registration & autheNticAtion) WG will develop a profile of OpenID Connect intended to be appropriate for use by mobile network operators (MNOs) providing identity services to RPs and for RPs in consuming those services as well as any other party wishing to be interoperable with this profile.

Additionally, it will identify and make recommendations for additional standards items.


Research & Education (R&E) WG

The purpose of this working group is to develop a set of profiles for the OpenID Connect specifications to ease the adoption of OpenID Connect in the Research and Education (R&E) sector. The profiles will take into account existing practices of federated identity management in the R&E sector, current international standards to represent users that belong to R&E institutions, as well as the existing international trust fabric based on R&E identity federations and multi-lateral trust exchange. The working group will also actively look for the engagement of the R&E international community.


Shared Signal & Events WG

The goal of Shared Signals & Events is to provide data sharing schemas, privacy recommendations and protocols to:

  • Share information about important security events in order to thwart attackers from leveraging compromised accounts from one Service Provider to gain access to accounts on other Service Providers (mobile or web application developers and owners).
  • Enable users and providers to coordinate in order to securely restore accounts following a compromise.

Internet accounts that use email addresses or phone numbers as the primary identifier for the account will be the initial focus.