1 / 21

The Open Identity Framework

Learn how the Open Identity Framework (OIF) is enabling trust and interoperability, driving adoption of open identity schemes such as OpenID and Information Cards. Discover the next steps in this transparent and efficient framework.

crichton
Download Presentation

The Open Identity Framework

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. The Open Identity Framework Don Thibeau,Executive Director, OpenID Foundation (OIDF) Drummond Reed,Executive Director, Information Card Foundation (ICF)

  2. Background • The Open Identity Framework • How the OIF will drive adoption • Next steps Topics

  3. Most are closed • Visa, MasterCard, AMEX credit card networks • Phone networks • ATM networks • Some are open • Political, social, religious organizations • Some are explicit (legal agreements) • Some are implicit (social contracts) We live in a world of “trust frameworks”

  4. In April, the U.S. government asked the OIDF and ICF to create a trust framework for OpenID and Information Cards • This would enable U.S. government websites to begin accepting OpenID and Information Card credentials • GSA ICAM relying party requirements: • Open (not just US citizens) • Explicit (legal documentation of certification to NIST levels of assurance) • Internet scale An internet trust framework?

  5. See the first set of deliverables at IDmanagement.gov • Identity Scheme Adoption Process (ISAP) • Trust Framework Provider Adoption Process (TFPAP) • Two open identity scheme profiles completed under the ISAP process Current status (Nov 2009)

  6. OpenID LOA 1 profile is now implemented across tens of millions of OpenID accounts • Test/pilot infrastructure built • Multiple IdP implementations tested • Pilot customer (National Institute of Health) with test site • IMI Information Cards 1.0 profile covers LOA 1, 2, and non-PKI 3 OpenID and InfoCard profiles

  7. How to best implement the profiles • How to best implement the trust framework Policy interop RelyingParties(RPs) IdentityProviders(IdPs) Technical interop So what’s next?

  8. In August, OIDF and ICF published a joint white paper saying an open, Internet-scale approach to trust frameworks must be: • Open to any trust framework authority • Open to all IdPs and RPs • Open to any qualified assessor/auditor • Open to any qualified certification process (including self-certification) • Open to evolution and adaptation to market forces First principles

  9. An open Internet-scale trust framework must also: • Offer both Levels of Assurance (LOA) for IdPs and Levels of Protection (LOP) for RPs • Provide a means for dealing with liability • Provide a simple, useful, scalable listing service • Be open and transparent in its dealings, use public documents written in plain language, and provide frequent reports on all activities Additional principles

  10. The following slide shows the basic design reflecting the OIF principles • It illustrates the relationships between the four parties connected by OIF legal agreements • The OIF TFP itself • Auditors/assessors • Identity providers • Relying parties Design

  11. auditors/assessors RelyingParties(RPs) IdentityProviders(IdPs) Trust Framework Provider(the Open Identity Framework) trust framework authorities Trust framework agreements Optional direct agreements Users

  12. The OIF design explicitly supports at two levels of interoperability • Technical certification listings drive adoption before the trust layer is required • Policy certification listings drives adoption where explicit trust is required • Self-certification and third-party certification is supported at both layers • Technical and policy requirements (“profiles”) can be reused at both layers A two-layer interoperability model

  13. auditors/assessors RelyingParties(RPs) IdentityProviders(IdPs) Trust Framework Provider(the Open Identity Framework) Technical CertificationListings Technical InteropRequirements trust framework authorities

  14. auditors/assessors RelyingParties(RPs) IdentityProviders(IdPs) Trust Framework Provider(the Open Identity Framework) Policy CertificationListings Policy InteropRequirements Technical CertificationListings trust framework authorities

  15. Efficiency • Openness/Transparency • Credibility/Accountability • User experience Why will the OIF drive adoption?

  16. The OIF makes it easy for anyone of any size to ensure technical or policy interop with their choice of profiles • Eliminates the n-squared problem of multi-lateral interop testing or trust agreements • Quickly become unwieldy for even a small number of IdPs and RPs • Grows the market for everyone • The “network effect for trust” Efficiency

  17. Properly implemented, the OITF provides an open, transparent process for trusted identity transactions • Both within and between communities • Helps protect participants from collusion or anti-trust concerns • Anticipates cross-border data protection issues Openness/Transparency

  18. Each participant (policy authority, IdP, RP, assessor/auditor) reinforces the credibility of the entire model • Mutual accountability of all participants • Enhanced by government participation • Gov’ts serve as the initial “trust anchors” Credibility/Accountability

  19. Increased interoperability of Internet identity across websites • More consistent ceremony leads to lower login or transaction abandonment at RPs • Consistent trust mark raises user confidence User experience improvements

  20. Cost efficiency • Lower legal, design, and operations costs • Lower overhead for assessors/auditors, IdPs, and RPs who need certification • Process efficiency • Single entity for negotiation of MOAs with policy authorities • Effectiveness • 1+1=3 Why do this together?

  21. Please contact either foundation with questions or comments don@oidf.org director@informationcard.net • Let us know if your organization is interested We want your feedback!

More Related