OpenId Foundation Activities

From IPEN Wiki
Revision as of 22:00, 28 April 2020 by Antoniok (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search



The objective of this page is to provide a high-level view of activities related to privacy standards in the OpenId foundation.

"The OpenID Foundation (OIDF) promotes, protects and nurtures the OpenID community and technologies. The OpenID Foundation is a non-profit international standardization organization of individuals and companies committed to enabling, promoting and protecting OpenID technologies. Formed in June 2007, the foundation serves as a public trust organization representing the open community of developers, vendors, and users. OIDF assists the community by providing needed infrastructure and help in promoting and supporting expanded adoption of OpenID. This entails managing intellectual property and brand marks as well as fostering viral growth and global participation in the proliferation of OpenID."

Current working groups and projects related to privacy standards

Heart WG


The HEART Working Group intends to harmonize and develop a set of privacy and security specifications that would enable an individual to manage the authorization, consent and release of their health related data via RESTful data sharing APIs, and to facilitate the development of interoperable implementations of these specifications by others
List of current working documents / projects are as follows:

  • Health Relationship Trust Profile for OpenID Connect 1.0
  • Health Relationship Trust Profile for OAuth 2.0
  • Health Relationship Trust Profile for User Managed Access 1.0
  • Health Relationship Trust Profile for
  • Fast Healthcare Interoperability Resources (FHIR) OAuth 2.0 Scopes
Web pages

Shared Signals and Events WG


Annabelle Richard (Amazon), Atul Tulshibagwale (Google), Marius Scurtescu (Coinbase)


The goal of the Shared Signals and Events Working Group is to enable the sharing of security events, state changes, and other signals between related and/or dependent systems in order to:

  1.  Manage access to resources and enforce access control restrictions across distributed services operating in a dynamic environment.
  2. Prevent malicious actors from leveraging compromises of accounts, devices, services, endpoints, or other principals or resources to gain unauthorized access to additional systems or resources.
  3. Enable users, administrators, and service providers to coordinate in order to detect and respond to incidents.
Web pages