1 / 22

Open Identity Trust Frameworks: “We Need the Eggs”

Open Identity Trust Frameworks: “We Need the Eggs”. Don Thibeau, Executive Director, OpenID Foundation (OIDF) Drummond Reed, Executive Director, Information Card Foundation (ICF). Topics. Background Interop frameworks & trust frameworks The Open Identity Trust Model Next steps.

kera
Download Presentation

Open Identity Trust Frameworks: “We Need the Eggs”

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Open Identity Trust Frameworks:“We Need the Eggs” Don Thibeau,Executive Director, OpenID Foundation (OIDF) Drummond Reed,Executive Director, Information Card Foundation (ICF)

  2. Topics • Background • Interop frameworks & trust frameworks • The Open Identity Trust Model • Next steps

  3. We live in a world of “trust frameworks” • Most are closed • Visa, MasterCard, AMEX credit card networks • Phone networks • ATM networks • Some are open • Political, social, religious organizations • Some are explicit (legal agreements) • Some are implicit (social contracts)

  4. So how did this get started? • The U.S. government came to the OIDF and ICF in March and asked us to help put an open identity trust framework in place • The mother of all use cases • GSA ICAM relying party requirements: • Open (not just US citizens) • Explicit (legal documentation of certification to NIST levels of assurance) • Internet scale

  5. So why do it?

  6. So where are we now? • See the first set of deliverables at IDmanagement.gov • Identity Scheme Adoption Process (ISAP) • Trust Framework Provider Adoption Process (TFPAP) • Two open identity scheme profiles completed under the ISAP process

  7. OpenID and InfoCard profiles • OpenID LOA 1 profile is now implemented across tens of millions of OpenID accounts • Test/pilot infrastructure built • Multiple IdP implementations tested • Pilot customer (National Institute of Health) with test site • IMI Information Cards 1.0 profile covers LOA 1, 2, and non-PKI 3

  8. So what’s next? • How to best implement the profiles • How to best implement the trust framework RelyingParties(RPs) IdentityProviders(IdPs) Policy interop Technical interop

  9. Market Education InternetIdentityLayer Policy Interoperability (Trust Frameworks) Where trust frameworks fit Usability (User Experience Ceremonies) Technology Interoperability (Identity Protocols) Hardware Devices (Security Capabilities)

  10. First principles • Our first joint white paper established that an open, Internet-scale approach to trust frameworks must be: • Open to all IdPs and RPs • Open to any qualified assessor/auditor • Open to any qualified certification process (including audited self-certification) • Open to evolution and adaptation as market changes

  11. Key insights • US ICAM trust policy requirements are the first of many • In addition to Levels of Assurance (LOA) for IdPs, we also need Levels of Protection (LOP) for RPs • A new legal entity might be the best option as the trust framework provider (TFP)

  12. IIW insights • Technical interop (identity scheme profiles) is a precondition to policy interop (trust profiles) • Technical interop listings drive adoption before trust layer is required • Policy interop listings drive adoption where explicit trust is required • Trust profiles can be implicit or explicit • Most OpenID logins today rely on implicit trust • US ICAM logins require an explicit trust framework • Profiles can be reused at both layers

  13. Open Identity Interop Framework RPs IdPs UserAgents Policy Authorities(Gov’ts, edu’s, industry) • Adoption enablers: • Predictability • Reliability • Implicit trust Interoperability Listings Technology Profiles

  14. Open Identity Framework RPs IdPs UserAgents Certification Agreements Policy Authorities(Gov’ts, edu’s, industry) Assessors/Auditors Certification Listings Policy Profiles Interoperability Listings Technology Profiles

  15. Why the Open Identity Trust Model? • Adoption efficiency • Openness/Transparency • Credibility/Accountability • User experience

  16. Adoption efficiency The OIIF makes it easy for anyone of any size to ensure technical or policy interop with their choice of profiles Eliminates the n-squared problem of multi-lateral interop testing or trust agreements Quickly become unwieldy for even a small number of IdPs and RPs Grows market for everyone The “network effect for trust”

  17. Openness/Transparency • Properly implemented, the OITF provides an open, transparent process for Internet trust agreements • Helps protect participants from collusion or anti-trust concerns • Enables trusted transactions within and between communities • Anticipates cross-border data protection issues

  18. Credibility/Accountability • Each participant (trust community, IdP, RP, assessor) reinforces the credibility of the entire model • Mutual accountability of all participants • Enhanced by government participation • Gov’ts serve as the initial “trust anchors”

  19. User experience • Better interoperability improves user experience of Internet identity • More consistent ceremony leads to lower login or transaction abandonment at RPs • Consistent trust mark encourages user confidence

  20. Why do this together? • Cost efficiency • Lowers legal, design, and operations costs • Lowers overhead for assessors, IdPs, and RPs who need to be certified • Process efficiency • Single entity for negotiation of MOAs with trust communities • Will attract other trust communities • Effectiveness • 1+1=3

  21. We want your feedback! • We will be holding sessions here at IIW • We will be publishing a new white paper shortly • Contact either of us with questions or feedback don@oidf.org director@informationcard.net • Tell us if your organization or trust community is interested

  22. Questions

More Related