Presentation on theme: "Introduction to OIX: A Market Solution to Online Identity Trust Don Thibeau."— Presentation transcript:
Introduction to OIX: A Market Solution to Online Identity Trust Don Thibeau
Commerce Requires Trust The Internet presents countless market opportunities limited only by the confidence to trust digital identity exchanges.
"Trusted identities and consumer control of personal information are essential to the effectiveness of transactions on the Internet. Trusted frameworks that provide identity assurance are a critical factor in the success of the digital identity ecosystem." -- Andrew Nash, Senior Director of Identity Services for PayPal Inc OIX Founding Board Member.
4 We live in a world of “trust frameworks” Most are closed: –Visa, MasterCard, AMEX credit card networks –Phone networks –ATM networks Some are open: –Political, social, religious organizations Some are explicit: (legal agreements) Some are implicit: (social contracts)
The Basic “Trust Triangle” The user has a direct trust relationship with both the identity service provider and the relying party The problem is: How can the identity service provider and relying party trust each other?
A Matter of Trust Relying Parties (RP) must be able to trust that the Identity Provider can reliably provide accurate user data Identity Providers (IDP) must be able to trust that the Relying Party is legitimate (i.e., not a hacker, phisher, etc.) Direct RP-to-IDP agreements are a common solution, but are impossible to manage at Internet scale
Builds Trust Builds Trust OIX is an Internet-scale solution to the problem of how digital identities can be trusted online
Background OIX was founded by leading identity providers and relying parties in the internet and telecommunications industries Prompted by the US government’s need to accept identity credentials from certified providers at known levels of assurance –The US government did not want to become an identity provider for citizens –It wanted to consume credentials citizens already had from third-party identity providers
The OIX Identity Trust Framework Model Open Identity Exchange Trust framework agreements Identity Service Provider Relying Party user (or Yahoo, PayPal and many others)
Technical & Policy Interoperability OIX Trust Frameworks reduce friction of using the web through interoperability of digital identities Interoperability increases market opportunities and converts more sales with easier user experiences Interoperable digital identity eases user experience, increases user confidence and strengthens privacy
"OIX is the organization where different parties across verticals such as federal, Telco, and healthcare, can come together to address policy challenges through the creation of vertical trust frameworks. The immediate need is to tailor to each eco-system while providing a consistent approach that in the long run, will allow us to link all the identity networks together through infrastructure and policy interoperability." -- Nico Popp, VP Identity and Authentication Services, Symantec OIX Founding Board Member
The US ICAM Trust Framework First example of OIX Trust Frameworks developed in conjunction with the U.S. GSA on behalf of the Identity Credential, and Access Management (ICAM) subcommittee of the U.S. CIO Council.
The US ICAM Trust Framework Designed to meet the first of the four LOAs defined by the ICAM Trust Framework Provider Adoption Process (TFPAP), the OIX US ICAM LOA 1 trust framework was approved by ICAM on 15 February 2010 and went operational on 3 March 2010.
The US ICAM Trust Framework The US ICAM LOA 1 trust framework enables U.S. federal agency websites, such as the National Institute of Health (NIH), the National Library of Medicine (NLM), and the Library of Congress (LOC), to begin accepting OpenID and Information Card credentials from OIX certified private-industry providers. Milestone of note: July 27, 2010, OIX announced formation of the US ICAM Trust Framework Working Group to extend the OIX US ICAM Trust Framework specification to LOA 2 and Non-PKI 3.
Telco Data Trust Framework The intent is to specify a consistent, provider-agnostic set of information exchange protocols and policies for the purpose of facilitating identity verification, digital identity management and fraud prevention. These “rules and tools” would allow for access to necessary subscriber information without interfering in, risking, or devaluing the primary relationship between the subscriber and the Telecom Service Provider who is holding private subscriber data “in trust”.
16 Where trust frameworks fit Technology Interoperability (Identity Protocols) Usability (User Experience Ceremonies) Market Expansion & Adoption Hardware Devices (Security Capabilities) Internet Identity Layer Policy Interoperability (Trust Frameworks)
OIX Drives Adoption By Enabling Improved User Trust Through Openness and Transparency By Ensuring Credibility and Accountability Improving Market Efficiency
Who Should Join OIX? All organizations engaged in the digital identity market who want to become certified identity providers, relying parties, or assessors. Governments, professional associations, non-profit networks, and other communities who want to develop their own trust frameworks.
Benefits of Joining OIX “OIX Certified” brand Access to a worldwide network of leading organizations and individuals in the identity assurance industry. Ability to lead in developing trust frameworks, advisory committees and working groups Achieve a level playing field with the global players in the market Influence the strategy, direction and policies of OIX
20 Why do this together? Cost efficiency Lowers legal, design, and operations costs Lowers overhead for assessors, IdPs, and RPs who need to be certified Process efficiency Single entity for negotiation of MOAs with trust communities Will attract other trust communities Effectiveness 1+1=3
OIX enables cross-industry certification that builds trust through technical and policy interoperability OIX is a neutral, non profit, technology agnostic, global internet utility. OIX reduces friction and expands market opportunities to Internet scale Learn more at http://openidentityexchange.org