Self-Issued Consulting

Self-Issued ConsultingSelf-Issued ConsultingSelf-Issued Consulting

Self-Issued Consulting

Self-Issued ConsultingSelf-Issued ConsultingSelf-Issued Consulting
  • Home
  • Services
  • Standards CV
  • Clients
  • Contact Me
  • More
    • Home
    • Services
    • Standards CV
    • Clients
    • Contact Me

  • Home
  • Services
  • Standards CV
  • Clients
  • Contact Me

Standards Curriculum Vitae for Dr. Michael B. Jones

I've authored these standards, always in collaboration with others

Completed Standards

IEEE Computer Society

  • ISO/IEC 9945-1:1996 [ANSI/IEEE Std 1003.1, 1996 Edition] Information technology - Portable Operating System Interface (POSIX(TM))-Part 1: System Application Program Interface (API) [C Language] (POSIX Threads), July 1996

OASIS Open

  • OASIS Identity Metasystem Interoperability Version 1.0 (Information Cards), July 2009
  • OASIS SAML V2.0 Information Card Token Profile Version 1.0, July 2009

OpenID Foundation

  • OpenID Provider Authentication Policy Extension 1.0, December 2008
  • OpenID Connect Core 1.0, February 2014
  • OpenID Connect Discovery 1.0, February 2014
  • OpenID Connect Dynamic Client Registration 1.0, February 2014
  • OAuth 2.0 Multiple Response Type Encoding Practices, February 2014
  • OpenID Connect Core 1.0 incorporating errata set 1, November 2014
  • OpenID Connect Discovery 1.0 incorporating errata set 1, November 2014
  • OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 1, November 2014
  • OAuth 2.0 Form Post Response Mode, April 2015
  • OpenID Connect RP-Initiated Logout 1.0, September 2022
  • OpenID Connect Session Management 1.0, September 2022
  • OpenID Connect Front-Channel Logout 1.0, September 2022
  • OpenID Connect Back-Channel Logout 1.0, September 2022
  • OpenID Connect Core 1.0 incorporating errata set 2, December 2023
  • OpenID Connect Discovery 1.0 incorporating errata set 2, December 2023
  • OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2, December 2023
  • OpenID Connect Back-Channel Logout 1.0 incorporating errata set 1, December 2023

IETF

  • RFC 6750: The OAuth 2.0 Authorization Framework: Bearer Token Usage, October 2012
  • RFC 7033: WebFinger, September 2013
  • RFC 7515: JSON Web Signature (JWS), May 2015
  • RFC 7516: JSON Web Encryption (JWE), May 2015
  • RFC 7517: JSON Web Key (JWK), May 2015
  • RFC 7518: JSON Web Algorithms (JWA), May 2015
  • RFC 7519: JSON Web Token (JWT), May 2015
  • RFC 7521: Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants, May 2015
  • RFC 7522: Security Assertion Markup Language (SAML) 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants, May 2015
  • RFC 7523: JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants, May 2015
  • RFC 7591: OAuth 2.0 Dynamic Client Registration Protocol, July 2015
  • RFC 7592: OAuth 2.0 Dynamic Client Registration Management Protocol, July 2015
  • RFC 7638: JSON Web Key (JWK) Thumbprint, September 2015
  • RFC 7797: JSON Web Signature (JWS) Unencoded Payload Option, February 2016
  • RFC 7800: Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs), April 2016
  • RFC 8152: CBOR Object Signing and Encryption (COSE), July 2017 (significant contributor)
  • RFC 8176: Authentication Method Reference Values, June 2017
  • RFC 8230: Using RSA Algorithms with CBOR Object Signing and Encryption (COSE) Messages, September 2017
  • RFC 8392: CBOR Web Token (CWT), May 2018
  • RFC 8414: OAuth 2.0 Authorization Server Metadata, June 2018
  • RFC 8417: Security Event Token (SET), July 2018
  • RFC 8628: OAuth 2.0 Device Authorization Grant, August 2019
  • RFC 8693: OAuth 2.0 Token Exchange, January 2020
  • RFC 8725/BCP 225: JSON Web Token Best Current Practices, February 2020
  • RFC 8747: Proof-of-Possession Key Semantics for CBOR Web Tokens (CWTs), March 2020
  • RFC 8809: Registries for Web Authentication (WebAuthn), August 2020
  • RFC 8812: CBOR Object Signing and Encryption (COSE) and JSON Object Signing and Encryption (JOSE) Registrations for Web Authentication (WebAuthn) Algorithms, August 2020
  • RFC 8935: Push-Based Security Event Token (SET) Delivery Using HTTP, November 2020
  • RFC 8936: Poll-Based Security Event Token (SET) Delivery Using HTTP, November 2020
  • RFC 8943: Concise Binary Object Representation (CBOR) Tags for Date, November 2020
  • RFC 9101: The OAuth JWT Secured Authorization Request (JAR), August 2021
  • RFC 9278: JWK Thumbprint URI, August 2022
  • RFC 9449: OAuth 2.0 Demonstrating Proof of Possession (DPoP), September 2023
  • RFC 9596: CBOR Object Signing and Encryption (COSE) "typ" (type) Header Parameter, June 2024
  • RFC 9597: CBOR Web Token (CWT) Claims in COSE Headers, June 2024
  • RFC 9728: OAuth 2.0 Protected Resource Metadata, April 2025

World Wide Web Consortium

  • Web Cryptography API, January 2017 (significant contributor)
  • Web Authentication: An API for accessing Public Key Credentials - Level 1 (WebAuthn), March 2019
  • Web Authentication: An API for accessing Public Key Credentials - Level 2 (WebAuthn), April 2021
  • Verifiable Credentials Data Model v2.0, May 2025
  • Securing Verifiable Credentials using JOSE and COSE, May 2025
  • Controlled Identifiers v1.0, May 2025

FIDO Alliance

  • Client to Authenticator Protocol (CTAP) 2.0 (FIDO 2), January 2019
  • Client to Authenticator Protocol (CTAP) 2.1 (FIDO 2), June 2021
  • Client to Authenticator Protocol (CTAP) 2.2 (FIDO 2), February 2025

ISO

  • ISO/IEC 26131:2024 — Information technology — OpenID connect — OpenID connect core 1.0 incorporating errata set 2
  • ISO/IEC 26132:2024 — Information technology — OpenID connect — OpenID connect discovery 1.0 incorporating errata set 2 
  • ISO/IEC 26133:2024 — Information technology — OpenID connect — OpenID connect dynamic client registration 1.0 incorporating errata set 2 
  • ISO/IEC 26134:2024 — Information technology — OpenID connect — OpenID connect RP-initiated logout 1.0 
  • ISO/IEC 26135:2024 — Information technology — OpenID connect — OpenID connect session management 1.0 
  • ISO/IEC 26136:2024 — Information technology — OpenID connect — OpenID connect front-channel logout 1.0 
  • ISO/IEC 26137:2024 — Information technology — OpenID connect — OpenID connect back-channel logout 1.0 incorporating errata set 1 
  • ISO/IEC 26138:2024 — Information technology — OpenID connect — OAuth 2.0 multiple response type encoding practices 
  • ISO/IEC 26139:2024 — Information technology — OpenID connect — OAuth 2.0 form post response mode

Standards Work in Progress

OpenID Foundation

  • OpenID Federation 1.0
  • OpenID Connect Extended Authentication Profile (EAP) ACR Values 1.0
  • Self-Issued OpenID Provider v2
  • OpenID for Verifiable Presentations (significant contributor)
  • OpenID for Verifiable Credential Issuance (significant contributor)
  • OpenID Federation Extended Subordinate Listing 1.0
  • OpenID Federation Wallet Architectures 1.0
  • OpenID Connect Relying Party Metadata Choices 1.0

IETF

  • JSON Web Proof
  • JSON Proof Token
  • JSON Proof Algorithms
  • Barreto-Lynn-Scott Elliptic Curve Key Representations for JOSE and COSE
  • Fully-Specified Algorithms for JOSE and COSE
  • Use of Hybrid Public Key Encryption (HPKE) with JSON Object Signing and Encryption (JOSE)
  • COSE Algorithms for Two-Party Signing
  • Updates to Audience Values for OAuth 2.0 Authorization Servers
  • GLobal Unique Enterprise (GLUE) Identifiers
  • Traceability Claims
  • OpenID Connect standard claims registration for CBOR Web Tokens (significant contributor)
  • JSON Web Token Best Current Practices

World Wide Web Consortium

  • Web Authentication: An API for accessing Public Key Credentials - Level 3 (WebAuthn)

FIDO Alliance

  • Client to Authenticator Protocol (CTAP) 2.3 (FIDO 2)

Interoperation Testing and Certification

Interop Testing

Designed and supervised coding and evolution of interop testing software used for Information Card, OpenID 2.0, and OpenID Connect interop testing (example page), 2007

  • Organizer of and participant in five Information Card interop events, 2007-2010
  • Organizer of and participant in five OpenID 2.0 interop events, 2007-2010
  • Participant in Liberty SAML 2.0 interoperability testing for ADFS 2.0, 2009
  • Organizer of and participant in five OpenID Connect interop events, 2012-2014
  • Organizer of OpenID Federation Interop Event, April 2025

Certification

  • Designer of OpenID Certification Program, 2015
  • Wrote and maintained OpenID Connect certification profiles, 2015-2018
  • Board and OpenID Connect Working Group representative to OpenID Certification Program, 2015-present
  • Write and maintained OpenID Federation certification profiles, 2024-present
  • Over 4,100 OpenID Certifications have been performed as of April 2025, contributing to interoperable OpenID ecosystems

Standards Leadership Positions

Board of Directors

  • OpenID Foundation Board of Directors, 2008-present (Board Secretary, 2015-2023)

Working Group Co-Chair

  • OpenID Connect, 2011-present
  • OpenID Enhanced Authentication Profile (EAP), 2016-present
  • IETF CBOR Object Signing and Encryption (COSE), 2021-present

Recognitions

  • OpenID Foundation Distinguished Engineer, April 2023
  • Kuppinger Cole Lifetime Achievement Award, May 2023

Education

Degrees

  • Worthington High School (Valedictorian), Worthington, OH, USA, 1978
  • B.S. in Mathematics (Graduate with University Honors), Carnegie Mellon University, Pittsburgh, PA, USA, May 1982
  • M.S. in Computer Science, Carnegie Mellon University, Pittsburgh, PA, USA, 1988
  • Ph.D. in Computer Science, Carnegie Mellon University, Pittsburgh, PA, USA, 1992

Copyright © 2025 Self-Issued Consulting - All Rights Reserved.

Powered by

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

Accept