Skip to main content

Attestation in OpenID-Connect

Document Type Expired Internet-Draft (individual)
Expired & archived
Authors Ned Smith , Thomas Hardjono
Last updated 2024-02-10 (Latest revision 2023-08-09)
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


This document defines message flows and extensions to OpenID-Connect (OIDC) messages that support attestation. Attestation Evidence and Attestation Results is accessed via appropriate APIs that presumably require authorization using OAuth 2.0 access tokens. A common use case for OIDC is retrieval of user identity information authorized by an OIDC identity token. The Relying Party may require Attestation Results that describes the trust properties of the UserInfo Endpoint. Trust properties may be a condition of accepting the user identity information.


Ned Smith
Thomas Hardjono

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)