OpenID logoI’m pleased to report that the Final 1.1 OpenID Federation specifications have been published. These meet the demand for cleanly separating the protocol-independent OpenID Federation functionality from the protocol-specific OpenID Federation functionality for OpenID Connect.

As I described when these specs were first published, the OpenID Federation 1.0 specification contains two kinds of functionality:

  1. Protocol-independent federation functionality used for establishing trust and applying policies in multilateral federations, and
  2. Protocol-specific federation functionality that can be used by OpenID Connect and OAuth 2.0 deployments to apply the protocol-independent federation functionality.

At the urging of implementers and working group members, we created new specifications splitting the two kinds of functionality apart. They are:

  1. OpenID Federation 1.1 (protocol-independent)
  2. OpenID Federation for OpenID Connect 1.1 (protocol-specific)

Together, they are equivalent to OpenID Federation 1.0, by design. No functionality is added or removed from that present in 1.0. Rather, it’s factored into protocol-independent and protocol-specific specifications. You can use the 1.0 and 1.1 specs interchangeably. We also intentionally kept the 1.1 section numbers aligned with 1.0 to make them easier to use together.

Reading every line of the 1.0 spec to perform the split had the additional benefit of identifying editorial improvements to apply to the 1.0 spec before it became final. I intentionally started the split while 1.0 is still in the 60-day review to become final exactly so improvements identified could be applied both to the original and the split specs. OpenID Federation 1.0 draft 48 applied those improvements.

As background for this work, several people had suggested splitting the two apart into separate specifications – particularly once the core federation functionality started being used with protocols other than OpenID Connect, such as with digital credentials. There was a discussion about this possibility at the Internet Identity Workshop in the Fall of 2024. During the April 2025 Federation Interop event at SUNET, there was consensus to do the split after finishing OpenID Federation 1.0. And now it’s done!

This split is intended make the OpenID Federation functionality easier to navigate and apply. Enjoy implementing and deploying!

Thanks to the SIROS Foundation for sponsoring my work on creating the 1.1 Federation specs!