Attribute Exchange Security Alert
A group of security researchers identified a flaw in how some OpenID relying parties implement Attribute Exchange (AX). See below for information on the suggested fix. The researchers determined that...
View ArticleCovert Redirect
“Covert Redirect”, publicized in May, 2014, is an instance of attackers using open redirectors – a well-known threat, with well-known means of prevention. The OpenID Connect protocol mandates strict...
View ArticleIndustry Leaders Lead: Google Asks Developers to Migrate from OpenID 2.0 to...
In 2015, waves of disruption are coursing through the Internet identity ecosystem as standard development organizations, companies and governments look to bolster the security and privacy of the...
View ArticleIntroducing RISC: Working together to protect users
According to a recent Gallup poll, more people are worried about their online accounts being hacked than having their home broken into.With more and more of our digital lives accessible online,...
View ArticlePreventing Mix-Up Attacks with OpenID Connect
Recently the OAuth community has been concerned with some attack vectors around mixed up clients, particularly when dynamic client registration and discovery are used with user-selected OpenID...
View ArticlePublic Review Period for “Financial API – Part 1: Read Only API Security...
OpenID Foundation’s Financial API (FAPI) Working Group has advised the foundation to start the public review period for consideration as an Implementer’s Draft for the specification: Financial API –...
View ArticlePublic Review Period for “Financial API – Part 2: Read and Write API Security...
OpenID Foundation’s Financial API (FAPI) Working Group recommends approval of the following specification as OpenID Implementer’s Draft: Financial API – Part 2: Read and Write API Security Profile,...
View Article