The adoption of the new OpenID Connect Relying Party (RP) Certification has exceeded our expectations – especially the surprising number of early adopters who tested a wide variety of implementations. The tests were improved at an accelerating rate, with many organizations actively “testing the tests”. All of the OpenID Foundation’s success metrics – the volume, velocity, and variety of RP Certifications – exceeded our expectations. RP Certification moved faster than OpenID Provider (OP) Certification did when it was implemented.
It takes a lot of work to make something simple. OP Certification broke new ground by devising a simple, scalable, trustworthy self-certification program. Devising a low cost, highly effective RP Certification test suite likewise was a work by many hands, led by Roland Hedberg. We’re thrilled to see that hard work result in the early adoption!
RP Certification is a next step of the OpenID Certification program, adding depth and breadth to our ongoing efforts to make interoperability easier and make identity systems more secure. This is especially true for companies like Janrain and Ping Identity, who manage complex ecosystems in which certification testing complements developing new implementations. The result; higher-quality, and more secure code. These market leaders understand that using standard protocols when integrating with partners reduces costs and complexity and produces more trustworthy outcomes that benefit all stakeholders.
The eleven organizations and individuals who submitted the first RP Certifications are Ping Identity (two implementations), Janrain, Karlsruher Institut für Technologie/SCC, Nomura Research Institute, Brock Allen, Dominick Baier, Thierry Habart, Roland Hedberg, Nov Matake, Filip Skokan, and Hans Zandbelt. See their certifications at http://openid.net/certification/.
Meanwhile, the adoption of OP Certification continues apace. OpenID Foundation stalwarts like Symantec and Verizon were certified at the beginning of 2017. Market leaders like Red Hat, Yahoo! Japan, Okta, NTT, NEC, and Auth0 brought global coverage and new communities to OpenID Connect adoption in the last year.
There are now 155 certifications of 51 implementations listed, with more being added weekly. To date, 34 of the certifications are for Relying Parties, representing 12 different implementations. Each new certification and implementation makes it easier for those that follow.
The foundation is taking yet another step by featuring certified implementations at http://openid.net/developers/certified/, making it easier for those deploying OpenID Connect to find and use certified software. This adds value to implementers, deployers, and the community at large.
Eric Schreiner, Senior Product Manager of Platform at Janrain, said of their RP Certification experience, “We used the certification tests as an integral part of our development process for our OpenID Connect Relying Party code. Coding and certification testing were interleaved, with the tests providing real-time insights into the intent of the specifications, helping inform the code we wrote and improve the service we deliver.”
Brian Campbell, Distinguished Engineer at Ping Identity, shared this perspective, “The certification represents a commitment to our current and future customers, as well as our implementation partners and the developer community that we see OpenID Connect as a principal protocol used in identity federation moving forward. The certification process has allowed us to tighten up our implementation and improve on the already solid interoperability of our offerings in the OpenID ecosystem.”
"It is important for us to be able to make sure that an implementation conforms to the standard. For this purpose, certification testing is an indispensable tool. It is the central tool for us to build trust," added Nat Sakimura, Research Fellow at Nomura Research Institute.
“We were surprised by how many individuals and organizations invested resources to be among the first to certify their Relying Party implementations. Our investment in expanding OpenID Certification is providing demonstrable new value to our members. In fact, many of our members now use private instances of the test suite internally as QA/QC tools,” said Don Thibeau, Executive Director of the OpenID Foundation.