I3:OpenID Identity Provider Features
From OSIS Open Source Identity Systems
Feature-OpenID Provider support for OpenID 1.1
| list help copy as XML edit |
| OpenID Identity Provider OpenID Provider support for OpenID 1.1 - Maturity: Established (I2 ) | |||
|---|---|---|---|
| Use OpenID at relying party site using OpenID 1.1 protocol | Works (provided OpenID is a legal OpenID 1.1 ID) | Doesn't work | |
Tests
Feature-OpenID Provider support for OpenID 2.0
| list help copy as XML edit |
| OpenID Identity Provider OpenID Provider support for OpenID 2.0 - Maturity: Established (I2 ) | |||
|---|---|---|---|
| Use OpenID at relying party site using OpenID 2.0 protocol | Works | Doesn't work | |
Tests
Feature-OpenID Provider support for Simple Registration
| list help copy as XML edit |
| OpenID Identity Provider OpenID Provider support for Simple Registration - Maturity: Established (I2 ) | |||
|---|---|---|---|
| Use OpenID at site employing Simple Registration protocol | Simple registration data provided or message displayed by OP saying not supported | Data not provided, failure, or exception | |
Tests
Feature-OpenID Provider support for Attribute Exchange
| list help copy as XML edit |
| OpenID Identity Provider OpenID Provider support for Attribute Exchange - Maturity: Established (I2 ) | |||
|---|---|---|---|
| Use OpenID at site employing Attribute Exchange protocol | Attribute exchange data provided or message displayed by OP saying not supported | Data not provided, failure, or exception | |
Tests
Feature-OpenID Provider support for PAPE
| list help copy as XML edit |
| OpenID Identity Provider OpenID Provider support for PAPE - Maturity: Established (I2 ) | |||
|---|---|---|---|
| Use OpenID at site employing PAPE protocol | Correct PAPE response provided or message displayed by OP saying not supported | No PAPE response provided, failure, or exception | |
Tests
Feature-Provides Phishing-Resistant Authentication
| list help copy as XML edit |
| OpenID Identity Provider Provides Phishing-Resistant Authentication - Maturity: Established (I2 ) | |||
|---|---|---|---|
| Use OpenID at site employing PAPE to request phishing-resistant authentication | Correct PAPE response provided or message displayed by OP saying not supported | No PAPE response provided, failure, or exception | |
Tests
Feature-Provides Multi-Factor Authentication
| list help copy as XML edit |
| OpenID Identity Provider Provides Multi-Factor Authentication - Maturity: Established (I2 ) | |||
|---|---|---|---|
| Use OpenID at site employing PAPE to request multi-factor authentication | Correct PAPE response provided or message displayed by OP saying not supported | No PAPE response provided, failure, or exception | |
Tests
Feature-Provides Multi-Factor-Physical Authentication
| list help copy as XML edit |
| OpenID Identity Provider Provides Multi-Factor-Physical Authentication - Maturity: Established (I2 ) | |||
|---|---|---|---|
| Use OpenID at site employing PAPE to request multi-factor-physical authentication | Correct PAPE response provided or message displayed by OP saying not supported | No PAPE response provided, failure, or exception | |
Tests
Feature-Issues OpenID InfoCards
| list help copy as XML edit |
| OpenID Identity Provider Issues OpenID InfoCards - Maturity: Established (I2 ) | |||
|---|---|---|---|
| As per https://openidcards.sxip.com/spec/openid-infocards.html | Use OpenID at site employing OpenID InfoCard protocol | OpenID sent as an InfoCard claim | Failure or exception |
Tests
Feature-Issues URL-based OpenIDs
| list help copy as XML edit |
| OpenID Identity Provider Issues URL-based OpenIDs - Maturity: Established (I2 ) | |||
|---|---|---|---|
| Use URL-based OpenID (starting with http or https) at a relying party | Accepted | Failure or exception | |
Tests
Feature-Issues i-name-based OpenIDs
| list help copy as XML edit |
| OpenID Identity Provider Issues i-name-based OpenIDs - Maturity: Established (I2 ) | |||
|---|---|---|---|
| Use i-name-based OpenID (starting with an = or *) at an OpenID 2.0 relying party | Accepted and i-name correctly displayed by OP | Not accepted and/or i-number displayed by OP | |
Tests
Feature-Directs user to use appropriate authentication methods to fulfill PAPE request
| list help copy as XML edit |
| OpenID Identity Provider Directs user to use appropriate authentication methods to fulfill PAPE request - Maturity: Established (I2 ) | |||
|---|---|---|---|
| Use OpenID at site requesting phishing-resistant authentication. Verify that the OP directs the user to a phishing-resistant authentication method, if available. | Only authentication methods fulfilling request shown for accounts supporting such methods | Username/password authentication still available with PAPE requests for accounts with appropriate methods available | |
Tests
Feature-Directs user to re-authenticate if current authentication can not fulfill PAPE request
| list help copy as XML edit |
| OpenID Identity Provider Directs user to re-authenticate if current authentication can not fulfill PAPE request - Maturity: Established (I2 ) | |||
|---|---|---|---|
| Use OpenID at site requesting phishing-resistant authentication when already signed in with a username and password. Verify that the OP directs the user to re-authenticate with a phishing-resistant authentication method, if available. | User requested to re-authenticate with method fulfilling PAPE request | No opportunity to re-authenticate presented to user | |
Tests
Feature-OpenID Provider login via Information Card
| list help copy as XML edit |
| OpenID Identity Provider OpenID Provider login via Information Card - Maturity: Established (I2 ) | |||
|---|---|---|---|
| OP supports logging in to your OpenID with an Information Card | Sign into the OP with an Information Card | Either one or more Information Cards may be associated with your OpenID, which log you in | A password still needs to be entered into a web form when an Information Card is used |
Tests
Feature-OpenID Provider account creation via Information Card
| list help copy as XML edit |
| OpenID Identity Provider OpenID Provider account creation via Information Card - Maturity: Established (I2 ) | |||
|---|---|---|---|
| OP supports creating a new OpenID using an Information Card | Create a new OpenID at the OP supplying an Information Card to be associated with that OpenID at account creation time. Preferably also accept claims from the card and populate the OpenID profile with them. | The Information Card supplied is associated with the account for login purposes. Preferably also use claim values supplied. | A username and password must still be used to create an OpenID |
Tests
Feature-OpenID Provider support for issuing Managed Information Cards
| list help copy as XML edit |
| OpenID Identity Provider OpenID Provider support for issuing Managed Information Cards - Maturity: Established (I2 ) | |||
|---|---|---|---|
| OP issues managed Information Cards containing claims from profile, enabling the OpenID to also be used at Information Card relying parties. | Import a managed card from the OpenID Provider for an OpenID and use it at an Information Card Relying Party | Card contains claims populated from OpenID profile | Information Card claims not derived from same data as OpenID profile data |
