I gave the presentation “The Journey to OpenID Federation 1.0 and the Road Ahead” at the 4th International Workshop on Trends in Digital Identity (TDI 2026) in Verona, Italy. My talk abstract was:
The OpenID Federation 1.0 specification was completed in February 2026 after a 9½ year journey, starting with the challenge from Lucy Lynch to Roland Hedberg at the TNC 2016 conference “If there is someone who should be able to bring the eduGAIN identity federation into the new world of OpenID Connect, it is you.” It enables establishing trust among parties in a federation without them having to have a bi-lateral relationship. It establishes a protocol-independent framework for trust establishment that can be employed with any protocol and ecosystem.
Along the road, there have been 9 interop events, from which the authors used feedback from developers and deployers to improve the specification. Early deployments, especially in Italy, provided real-world experience. A security analysis identified an actionable vulnerability not just in OpenID Federation, but also in OAuth, OpenID Connect, and FAPI.
The road ahead includes continued adoption and developing extensions needed for particular use cases and protocols. Those include extensions used by the Italian EUDI Wallet deployment and open finance deployments in Australia. I am confident that the inherent benefits of the scalable and modular OpenID Federation framework will continue to win adherents the world over.
It was an honor to discuss this topic in Italy and with researchers from FBK, who were among the first to deploy OpenID Federation in production and at scale.
See the presentation deck I used (pptx) (pdf).
Thanks to the FBK Center for Cybersecurity for the dynamic and enjoyable conference!
Leave a Reply
You must be logged in to post a comment.