OpenPubkey is a protocol for leveraging OpenID Providers (OPs) to bind identities to public keys. It adds user- or workload-generated public keys to OpenID Connect (OIDC), enabling identities to sign messages or artifacts under their OIDC identity. We represent this binding as a PK Token. This token proves control of the OIDC identity and the associated private key at a specific time, as long as a