Open Identity Exchange

"OIX" redirects here. For the Open Internet Exchange product, see Phorm.
The OIX logo

The Open Identity Exchange (OIX) is a non-profit trade organization focused on identity assurance on the Internet. OIX members are from the private and public sectors: data aggregation, telecommunications and government. Its goal is to enable the expansion of online services and adoption of new online products through the development and registration of trust frameworks and sharing of domain expertise, joint research and pilot projects to test real-world use cases. OIX is building OIXnet, an authoritative registry for online identity trust to enable global interoperability among identity federations.[1]

History

Shortly after coming into office, the Obama administration asked the U.S. General Services Administration (GSA) how to leverage open identity technologies to allow the American public to more easily, efficiently, and safely interact with federal websites such as the National Institute of Health (NIH), the Social Security Administration (SSA), and the Internal Revenue Service (IRS). So, at the 2009 RSA Conference, the GSA sought to build a public/private partnership with the Open ID Foundation (OIDF) and the Information Card Foundation (ICF) in order to craft a workable identity information framework that would establish the legal and policy precedents needed to establish trust for Open ID transactions.

The partnership eventually developed a trust framework model, described below. Further meetings were held at the Internet Identity Workshop in November 2009, which resulted in OIDF and ICF forming a Joint Steering Committee. The committee's task was to study the best implementation options for the newly created framework.

The US Chief Information Officer recommended the formation of a non-profit corporation, the Open Identity Exchange (OIX). In January 2010, the OIDF and ICF approved grants to fund the creation of the Open Identity Exchange. OIX was the first trust framework provider certified by the US Government. Booz Allen Hamilton, CA Technologies, Equifax, Google, PayPal, Verisign, and Verizon, all members of either OIDF and ICF, agreed to become founding members of OIX.

The Open Identity Exchange was formed in 2011. It addresses the increasing challenges of building trust in online identity outlined below:

Overview

OIX is non-profit, technology agnostic, cross jurisdictional, multi-channel, standards development organization representing the leaders in online identity in the internet, telecom and data aggregation industries. Its mission is to build trust in online identity by developing standards for trust frameworks to expand online identity-driven markets and to reduce friction, mitigate risk and better serve users.

OIX drives adoption of new and expanded online services by improving market efficiency through open standards and transparency by ensuring credibility and accountability in the system by enabling an improved user experience. OIX acts as a neutral referee and shares expertise through joint legal/policy research and best practices from the experience of working groups developing trust frameworks.

As the first trust framework provider certified by the US Government, OIX is building a global certification listing service that is a database of (white-lists) databases, a machine-readable information repository of trust framework participants, processes and certifications.

OIX Assets

Leadership

The OIX Board represents leaders in online identity in the internet, telecom and data aggregation industries concerned with both market expansion and information security.[2]

Government

The OIX Board met with Howard Schmidt in 2011[3][4] to discuss the public -private partnership envisioned in the National Strategy for Trusted Identities in Cyberspace (NSTIC.)

Infrastructure

OIX has establish a credibility among industry, government, and public advocacy communities through its publication of policy and legal research, its sponsorship of a series of conferences, and a comprehensive and forward thinking response to the NSTIC NOI.

Membership

Members of OIX benefit from a number of services. Companies ranging from startups to market leaders in the public and private sectors are able to communicate with their competitors to work on common goals and solutions in a forum provided by a third-party non-profit. This creates a "team of rivals" environment that is otherwise difficult to achieve. Members also have access to innovative research that allows them to explore untapped markets and develop new products.

The Open Identity Exchange currently has thirteen executive members, sixteen general members, and four Trust Framework Authority members.[5]

Executive Members

General Members

  • Adobe
  • Avoco Secure
  • Blue Marble Research
  • Callsign
  • Cloud Four
  • Comsign
  • Confyrm
  • Consult Hyperion
  • Digidentity
  • EE
  • Escher Group
  • E-Sign
  • FuGen Solutions
  • GakuNin
  • ID Analytics
  • Identity Assurance Systems
  • ITIM Consulting
  • Innovate Identity
  • iSignthis Ltd (ASX : ISX)
  • Janrain
  • Kycme
  • Lumenous
  • Mii Card
  • Open ID
  • PacificEast
  • Privo
  • Pin+
  • SecureKey
  • Sitekit
  • Sunet
  • T-Mobile
  • TeleSign
  • Tricerion
  • Trulioo
  • TrustX
  • UnboundID
  • Wave

Trust Framework Authority Members

White Papers

One of key main benefits of being an Open Identity Exchange subscriber is access to the OIX White Papers. The OIX White Papers deliver joint research, funded by competitors, to examine a wide range of challenges facing the open identity market and to provide possible solutions.[6] They are written by some of the top experts in the fields of technology, particularly open identity.

OIX

Trust Frameworks

UK Identity Assurance Programme (IDAP)

US National Strategy for Trusted Identities in Cyberspace (NSTIC)

2013 White Paper Pipeline

At the beginning of the summer, OIX commissioned a number of White Papers aimed at tackling the toughest issues regarding identity technology, which remains an emerging market with its own set of uncertainties. Unlike previous white papers, which are more like academic exercises, these in particular relate to larger projects OIX is currently working on, such as OIXnet. The first of these papers, "The Vocabulary of Systems Liability, Part 1" by Tom Smedinghoff, Mark Deem, and Sam Eckland, was released in June.[15] Several others, listed below, are set to be released and available to subscribing members on October 1, 2013.

Working Groups

OIX operates a series of Working Groups to facilitate the development of trust frameworks and trust framework infrastructure. OIX Working Groups are open to employees and contractors of all OIX members, whose participation is covered by the OIX Membership Agreement. In addition, non-members may participate in an OIX Working Group at the invitation of a Working Group member by filling out and submitting the OIX Contributor Agreement.

Online Attribute Exchange Trust Framework Working Group

The purpose of this Working Group is to draft the OIX Attribute Exchange Trust Framework Specification to be posted on the OIX website. The Attribute Exchange Trust Framework is intended to facilitate the exchange of identity attributes or claims between attribute providers and relying parties utilizing consumer consent and control of these exchanges. The AX working group is defined by a charter and chaired by Dave Coxe from ID Data Web.[16]

Telecom Data Trust Framework Working Group

The Telecom Data working group will develop a trust framework that will allow commerce providers, like retailers and etailers, to obtain or verify identity information without interfering in the relationship between a subscriber and a Telecom Service Provider. It will provide a secure and controlled solution for how a telephone number may be used to access identification information while holding private subscriber data “in trust”. The Telecom Data working group is chaired by Scott Rice from PacificEast and guided by a charter.[17]

Projects

OIX members work together to jointly fund and participate in pilot projects (sometimes referred to as alpha projects).[18] These “lab experiments” test business, legal, and/or technical concepts or theory and their interoperability in real world use cases.

Identity Assurance Programme Alpha Projects[19]

Through OIX, the UK Cabinet Office has directed funding to facilitate and coordinate the rapid formation, deployment, and analysis of Alpha Projects: small scale, low risk tests of interoperable components that address key challenges to realizing the IDAP goals of convenient, secure, and privacy-enhancing digital transactions. The Alpha Projects aim to advance the development of the IDAP, but provide technology-agnostic use cases with global implications for public-private identity transactions.

Attribute Exchange Network (AXN) Pilots[20]

OIX members also have funded pilot projects that seek to test certain conditions and assumptions within a particular trust framework. For example, "Street Identity" was a 2011 model that separated identity providers and attribute providers, providing evidence for a number of potentially powerful capabilities.

Open Identity Trust Framework

The Open Identity Trust Framework was first introduced in the organization's first White Paper, "An Open Market Solution for Online Identity Assurance," which detailed OIX's solution to Internet-scale identity assurance.[21] The problem that arises in open identity transactions is one of trust, such as whether a relying party can trust credentials from an identity service provider without knowing whether that provider’s security, privacy, and operational policies are strong enough to protect the relying party.

Therefore, it is necessary to establish a system that enables parties to trust each other's information when making transactions.In digital identity systems, a trust framework is a pre-negotiated set of business, legal, and technical agreements that bind all stakeholders with mutual assurance that online transactions are reliable and repeatable.

Every trust framework is defined by a set of policy makers that represent a trust community—a set of parties who need to maintain trust in online interactions. Technically these policymakers are the authors of the trust framework specification and the authority for its content.The trust community is also responsible for maintaining and overseeing the trust framework specifications.

Once a trust framework has been specified,the policymakers may contract with one or more trust framework providers (TFPs)to administer it. The TFP first must publish the trust framework so it is publicly accessible. The TFP then must accept applications from businesses and other groups that wish to join the trust framework as identity service providers and verify that they comply with the framework's requirements. It also must publish updates to the trust framework as it is revised.

OIX is building a global listing service called OIXnet, outlined below. The OIXnet registry is a database of (white-lists) databases, a machine-readable information repository of trust framework participants, processes and certifications.

OIXnet

One of the newest projects the Open Identity Exchange is working on is OIXnet. The potential growth of open identity exchanges is currently limited due to a lack of trust between internet stakeholders. Trust is essential to the expansion of any market because it makes transactions reliable and repeatable. OIXnet seeks to solve this dilemma by creating an online registry of trusted identity data, which would ease information sharing between online parties. OIXnet would centralize trusted identity metadata to facilitate global interoperability among identity federations in commercial, non-profit, and public sectors. The resulting open identity market could grow more quickly as the volume and velocity of trusted transactions increase. OIXnet is currently in the planning and design stages with potential pilots scheduled to debut later in 2013. An OIXnet Working Group is currently involved in the planning, design and due diligence stages to test the OIXnet hypothesis and help shape OIXnet.[22] Potential pilots are scheduled to debut later in 2013.

References

  1. About the Open Identity Exchange. Retrieved 2013-08-07.
  2. OIX Board of Directors. Accessed 2013-08-16.
  3. OIX Board Meets with White House National Security Staff. Open Identity Exchange. Accessed 2013-08-16.
  4. State of the Net 2011 Keynote: Howard Schmidt. Accessed 2013-08-16.
  5. OIX Members.
  6. OIX 2013 White Paper Pipeline. Accessed 2013-08-16.
  7. OIX: An Open Market Solution for Online Identity Assurance. The Open Identity Exchange. Accessed 2013-07-31.
  8. Trust Framework Requirements and Guidelines. The Open Identity Exchange. Accessed 2013-07-31.
  9. The Personal Network: A New Trust Model and Business Model for Personal Data. The Open Identity Exchange. Accessed 2013-07-31.
  10. Federated Online Attribute Exchange Initiatives. The Open Identity Exchange. Accessed 2013-07-31.
  11. Personal Levels of Assurance (PLOA). The Open Identity Exchange. Accessed 2013-07-31.
  12. The Three Pillars of Trust. Booz Allen Hamilton. Accessed 2013-07-31.
  13. Comments on U.S. NSTIC Steering Group Draft Charter and Related Governance Issues. The Open Identity Exchange. Accessed 2013-07-31.
  14. OIX Response to "Models for a Governance Structure for the National Strategy for Trusted Identity in Cyberspace." The Open Identity Exchange. Accessed 2013-07-31.
  15. The Vocabulary of Identity Systems Liability. The Open Identity Exchange. Accessed 2013-08-08.
  16. Online Attribute Exchange Trust Framework Working Group.
  17. Telecom Data Trust Framework Working Group.
  18. OIX Directed Funding Program FAQ.
  19. IDAP Alpha Projects.
  20. Attribute Exchange Network (AXN) Pilots
  21. Creating a New Trust Framework.
  22. OIXnet Working Groups.

External links

This article is issued from Wikipedia - version of the Wednesday, April 06, 2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.