Introduction to OIX: A Market Solution to Online Identity Trust Don Thibeau.

Slides:



Advertisements
Similar presentations
Mobile Payment Security The Good, the Bad and the Ugly
Advertisements

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.
TFTM Interim Trust Mark/Listing Approach Paper Discussion Deck TFTM Committee IDESG Plenary Meeting January 14, IDESG TFTM Committee1.
The GSMA July 2014 Restricted - Confidential Information
The Federation for Identity and Cross-Credentialing Systems (FiXs) FiXs ® - Federated and Secure Identity Management in Operation Implementing.
Identity Federation Rules and Process Linda Elliott President, PingID Network Electronic Authentication Partnership Washington, DC February 12, 2004.
Open Identity for Open Government and the Open Identity Exchange (OIX): A Market Solution to Online Trust June 2010.
Kantara Initiative Identity Assurance Framework Overview and Value Proposition March 8, 2011.
IDESG Goals & Work-plans for 2013 and beyond Brett McDowell IDESG Management Council Chair
Helena Sims NACHA – The Electronic Payments Association Overview of The Electronic Authentication Partnership Tenth Federal & Higher Education PKI Coordination.
Public Sector Perspective on CSR and Responsibility Who is Responsible for Responsibility? Santiago, Chile September 2005.
1 Trust Framework Portable Identity Schemes Trust Framework Portable Identity Schemes NIH iTrust Forum December 10, 2009 Chris Louden.
1 eAuthentication in Higher Education Tim Bornholtz Session #47.
Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.
Building Trusted Transactions Identity Authentication & Attribute Exchange In Public and Private Federations OASIS Conference September 2010 Joni Brennan,
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
Electronic Commerce Semester 1 Term 1 Lecture 2. Forces Fuelling E-Commerce Interest in e-commerce is being fuelled by: –Economic forces –Customer interaction.
Minnesota Law and Health Information Exchange Oversight Activities James I. Golden, PhD State Government Health IT Coordinator Director, Health Policy.
Financial and Banking Association of countries-members of the Cooperation of Shanghai From trust to success.
Justice Information Network Strategic Plan Development Justice Information Network Board March 18, 2008 Mo West, JIN Program Manager.
Identity Relationship Management The Next Evolution of Identity and Access Management for the Internet of Everything.
NSTIC ID Ecosystem A Conceptual Model v03 Andrew Hughes October October IDESG Version 1.
Federated Identity Management in New Zealand Sat Mandri Service Manager TNC15 REFEDs Meeting, 14 th June 2015.
BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
The InCommon Federation The U.S. Access and Identity Management Federation
1 International Forum on Trade Facilitation May 2003 Trade Facilitation, Security Concerns and the Postal Industry Thomas E. Leavey Director General, UPU.
Andrew Nash Senior Director of Identity Services Topics in Identity and Payments.
The Open Identity Framework Don Thibeau, Executive Director, OpenID Foundation (OIDF) Drummond Reed, Executive Director, Information Card Foundation (ICF)
Trusted Federated Identity and Access Management to provide the Cornerstone for Cyber Defense.
TFTM Interim Trust Mark/Listing Approach Paper Analysis of Current Industry Trustmark Programs and GTRI PILOT Approach Discussion Deck TFTM Committee.
A DESCRIPTION OF CONCEPTS AND PLANS MAY 14, 2014 A. HUGHES FOR TFTM The Identity Ecosystem DISCUSSION DRAFT 1.
1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
HIT Policy Committee NHIN Workgroup Recommendations Phase 2 David Lansky, Chair Pacific Business Group on Health Danny Weitzner, Co-Chair Department of.
E-Authentication: Enabling E-Government Presented to PESC May 2, 2005 The E  Authentication Initiative.
E-Authentication: Simplifying Access to E-Government Presented at the PESC 3 rd Annual Conference on Technology and Standards May 1, 2006.
2014 Asia-Pacific Financial Forum Seattle, Washington July 7, 2014 Electronic Payments: Expanding Financial Access for Consumers and Businesses of Every.
Cloud Computing, Policy Management and Standardization Europe Identity Conference 2011 John Sabo, Director Global Government Relations, CA Technologies.
The Feds and Shibboleth Peter Alterman, Ph.D. Asst. CIO, E-Authentication National Institutes of Health.
Scalable Trust Community Framework STCF (01/07/2013)
PRESENTED AT THE STAKEHOLDERS FORUM ON QUALITY OF SERVICE AND CONSUMER EXPERIENCE LAICO REGENCY HOTEL Creating Space for Consumer Rights in.
HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
What’s Happening at Internet2 Renee Woodten Frost Associate Director Middleware and Security 8 March 2005.
HIT Policy Committee Meeting Nationwide Health Information Network Governance June 25, 2010 Mary Jo Deering, PhD ONC, Office of Policy and Planning NHIN.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
Don Thibeau, Executive Director, OpenID Foundation (OIDF) Drummond Reed, Executive Director, Information Card Foundation (ICF)
Case Study: Applying Authentication Technologies as Part of a HIPAA Compliance Strategy.
The Value of Creating the Identity Ecosystem. The Identity Ecosystem Steering Group (IDESG) is the source of expertise, guidance, best practices and tools.
Justice Information Network Strategic Plan Development Justice Information Network Board March 18, 2008 Mo West, JIN Program Manager.
PROTECTING THE INTERESTS OF CONSUMERS OF FINANCIAL SERVICES Role of Supervisory Authorities Keynote Address to the FinCoNet Open Meeting 22 April 2016.
INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.
1 David C. Kibbe, MD MBA DirectTrust Collaborating to Build the Security and Trust Framework for Direct Exchange June 20, 2013.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
Broadband Challenges 2017 Christopher Tamarin
Decrypting Tokenization What is it and why is it important?
Privacy, Security, and Identity Management Update
October 27, 2016 EMV 3DS Seizing the opportunity to enhance security and deliver a great consumer experience September 22, 2018.
National Cyber Strategy Preparedness: 8 Preparatory Questions
Internet Interconnection
HIMSS National Conference New Orleans Convention Center
Data and Interoperability:
Pam Matthews, FHIMSS Director of Business Information Systems Business Information Systems is focused around administrative and financial information.
Reiniger LLC.
Presentation transcript:

Introduction to OIX: A Market Solution to Online Identity Trust Don Thibeau

Commerce Requires Trust The Internet presents countless market opportunities limited only by the confidence to trust digital identity exchanges.

"Trusted identities and consumer control of personal information are essential to the effectiveness of transactions on the Internet. Trusted frameworks that provide identity assurance are a critical factor in the success of the digital identity ecosystem." -- Andrew Nash, Senior Director of Identity Services for PayPal Inc OIX Founding Board Member.

4 We live in a world of “trust frameworks” Most are closed: –Visa, MasterCard, AMEX credit card networks –Phone networks –ATM networks Some are open: –Political, social, religious organizations Some are explicit: (legal agreements) Some are implicit: (social contracts)

The Basic “Trust Triangle” The user has a direct trust relationship with both the identity service provider and the relying party The problem is: How can the identity service provider and relying party trust each other?

A Matter of Trust Relying Parties (RP) must be able to trust that the Identity Provider can reliably provide accurate user data Identity Providers (IDP) must be able to trust that the Relying Party is legitimate (i.e., not a hacker, phisher, etc.) Direct RP-to-IDP agreements are a common solution, but are impossible to manage at Internet scale

Builds Trust Builds Trust OIX is an Internet-scale solution to the problem of how digital identities can be trusted online

Background OIX was founded by leading identity providers and relying parties in the internet and telecommunications industries Prompted by the US government’s need to accept identity credentials from certified providers at known levels of assurance –The US government did not want to become an identity provider for citizens –It wanted to consume credentials citizens already had from third-party identity providers

The OIX Identity Trust Framework Model Open Identity Exchange Trust framework agreements Identity Service Provider Relying Party user (or Yahoo, PayPal and many others)

Technical & Policy Interoperability  OIX Trust Frameworks reduce friction of using the web through interoperability of digital identities  Interoperability increases market opportunities and converts more sales with easier user experiences  Interoperable digital identity eases user experience, increases user confidence and strengthens privacy

"OIX is the organization where different parties across verticals such as federal, Telco, and healthcare, can come together to address policy challenges through the creation of vertical trust frameworks. The immediate need is to tailor to each eco-system while providing a consistent approach that in the long run, will allow us to link all the identity networks together through infrastructure and policy interoperability." -- Nico Popp, VP Identity and Authentication Services, Symantec OIX Founding Board Member

The US ICAM Trust Framework  First example of OIX Trust Frameworks developed in conjunction with the U.S. GSA on behalf of the Identity Credential, and Access Management (ICAM) subcommittee of the U.S. CIO Council.

The US ICAM Trust Framework  Designed to meet the first of the four LOAs defined by the ICAM Trust Framework Provider Adoption Process (TFPAP), the OIX US ICAM LOA 1 trust framework was approved by ICAM on 15 February 2010 and went operational on 3 March 2010.

The US ICAM Trust Framework  The US ICAM LOA 1 trust framework enables U.S. federal agency websites, such as the National Institute of Health (NIH), the National Library of Medicine (NLM), and the Library of Congress (LOC), to begin accepting OpenID and Information Card credentials from OIX certified private-industry providers.  Milestone of note: July 27, 2010, OIX announced formation of the US ICAM Trust Framework Working Group to extend the OIX US ICAM Trust Framework specification to LOA 2 and Non-PKI 3.

Telco Data Trust Framework  The intent is to specify a consistent, provider-agnostic set of information exchange protocols and policies for the purpose of facilitating identity verification, digital identity management and fraud prevention.  These “rules and tools” would allow for access to necessary subscriber information without interfering in, risking, or devaluing the primary relationship between the subscriber and the Telecom Service Provider who is holding private subscriber data “in trust”.

16 Where trust frameworks fit Technology Interoperability (Identity Protocols) Usability (User Experience Ceremonies) Market Expansion & Adoption Hardware Devices (Security Capabilities) Internet Identity Layer Policy Interoperability (Trust Frameworks)

OIX Drives Adoption By Enabling Improved User Trust Through Openness and Transparency By Ensuring Credibility and Accountability Improving Market Efficiency

Who Should Join OIX? All organizations engaged in the digital identity market who want to become certified identity providers, relying parties, or assessors. Governments, professional associations, non-profit networks, and other communities who want to develop their own trust frameworks.

Benefits of Joining OIX “OIX Certified” brand Access to a worldwide network of leading organizations and individuals in the identity assurance industry. Ability to lead in developing trust frameworks, advisory committees and working groups Achieve a level playing field with the global players in the market Influence the strategy, direction and policies of OIX

20 Why do this together? Cost efficiency Lowers legal, design, and operations costs Lowers overhead for assessors, IdPs, and RPs who need to be certified Process efficiency Single entity for negotiation of MOAs with trust communities Will attract other trust communities Effectiveness 1+1=3

OIX enables cross-industry certification that builds trust through technical and policy interoperability OIX is a neutral, non profit, technology agnostic, global internet utility. OIX reduces friction and expands market opportunities to Internet scale Learn more at

Go to the website to learn more: Are you interested in getting involved in the OIX community to help shape the future of digital identity?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.