Open Identity Exchange

"OIX" redirects here. For the Open Internet Exchange product, see Phorm.

The OIX logo

The Open Identity Exchange (OIX) is a non-profit trade, technology agnostic, collaborative cross-sector membership organisation with the purpose of accelerating the adoption of digital identity services based on open standards. OIX enables members to expand existing identity services and serve adjacent markets. Members advance their market position through joint research and engaging in pilot projects to test real world use cases. The results of these efforts are published via OIX whitepapers and shared publicly via OIX workshops.

OIX members work together to jointly fund and participate in pilot projects (sometimes referred to as alpha projects). These pilots test business, legal and/or technical concepts or theory and their interoperability in real world use cases.

OIX operates the OIXnet trust registry, a global authoritative registry of business, legal and technical requirements needed to ensure market adoption and global interoperability.

History

Shortly after coming into office, the Obama administration asked the U.S. General Services Administration (GSA) how to leverage open identity technologies to allow the American public to more easily, efficiently, and safely interact with federal websites such as the National Institute of Health (NIH), the Social Security Administration (SSA), and the Internal Revenue Service (IRS). So, at the 2009 RSA Conference, the GSA sought to build a public/private partnership with the Open ID Foundation (OIDF) and the Information Card Foundation (ICF) in order to craft a workable identity information framework that would establish the legal and policy precedents needed to establish trust for Open ID transactions.

The partnership eventually developed a trust framework model, described below. Further meetings were held at the Internet Identity Workshop in November 2009, which resulted in OIDF and ICF forming a Joint Steering Committee. The committee's task was to study the best implementation options for the newly created framework.

The US Chief Information Officer recommended the formation of a non-profit corporation, the Open Identity Exchange (OIX). In January 2010, the OIDF and ICF approved grants to fund the creation of the Open Identity Exchange. OIX was the first trust framework provider certified by the US Government. Booz Allen Hamilton, CA Technologies, Equifax, Google, PayPal, Verisign, and Verizon, all members of either OIDF and ICF, agreed to become founding members of OIX.

The Open Identity Exchange was publicly launched at RSA 2010 and it addressed the increasing challenges of building trust in online identity as outlined below:

Relying Parties must be able to trust that the Identity Provider is providing accurate data
Identity Providers must be able to trust that the Relying Party is legitimate (i.e. not a hacker, phisher, etc.)
Direct RP-to-IDP trust agreements are a common solution, but are impossible to manage at Internet scale

In 2012 the executive director position was founded and NSTIC pilots showed the growing proof of traction and increased awareness and attention. In 2012 OIX UK was formed and throughout 2013 initial UK Cabinet Office IDAP pilots were launched and whitepapers published.

In 2014 OIXnet registry of trusted identity systems was announced and back-end development funded. In 2014, OIDF also announced plans to register all companies self-certifying conformance to OpenID Connect via the OpenID Certification Program on OIXnet.

OIXnet was launched in 2015 and OpenID Foundation was the first registrant by registering the initial set of organizations, including Google, ForgeRock, Microsoft, NRI, PayPal and Ping Identity, certifying conformance to OpenID Connect. Additional registrations were added to OIXnet throughout 2015 and 2016 with (10) trusted identity services currently registered.

OIX developed a Chapters Policy in 2015 that allows regional OIX chapters to be established and in 2016 the OIX United Kingdom Chapter was approved by OIX board and launched.

Overview

The Open Identity Exchange (OIX) is a non-profit, technology agnostic, collaborative cross-sector membership organization with the purpose of accelerating the adoption of digital identity services based on open standards. OIX enables members to expand existing identity services and serve adjacent markets. Members advance their market position through joint research and engaging in pilot projects to rest real world use cases. The results of these efforts are published via OIX whitepapers and shared publicly via OIX workshops.

OIX operates the OIXnet trust registry, a global, authoritative registry of business, legal and technical requirements needed to ensure market adoption and global interoperability.

OIX Assets

Leadership

The OIX Board represents leaders in online identity in the internet, telecom and data aggregation industries concerned with both market expansion and information security.^[1]

Government

The OIX Board met with Howard Schmidt in 2011^[2]^[3] to discuss the public -private partnership envisioned in the National Strategy for Trusted Identities in Cyberspace (NSTIC.)

The UK Government, Cabinet Office joined the OIX at board level, as it began the work on its Identity Assurance Programme (IDAP) which is now GOV.UK Verify.^[4] The States of Jersey joined in 2015 as they wish to leverage the knowledge gained during the development of the UK Government identity assurance programme to hasten adaptation and adoption for Jersey.

Infrastructure

OIX has established a credibility among industry, government, and public advocacy communities through its publication of policy and legal research, its sponsorship of a series of conferences, and a comprehensive and forward thinking response to the NSTIC NOI.

Membership

Members of OIX benefit from a number of services. Companies ranging from startups to market leaders in the public and private sectors are able to communicate with their competitors to work on common goals and solutions in a forum provided by a third-party non-profit. This creates a "team of rivals" environment that is otherwise difficult to achieve. Collaborating members can also benefit from pre-negotiated agreements enabling rapid prototyping and agile pilot testing that expands markets. Members also have access to innovative research that allows them to explore untapped markets and develop new products.

The Open Identity Exchange currently has thiIdroOCteen executive members and 50+ general members as of November 2016.^[5] i

Executive Members

Barclays
UK Cabinet Office
CA Technologies
Equifax
Experian
Google
International Airlines Group
LexisNexis
Microsoft
Ping Identity
Symantec
Timpson
Verizon

OIX UK Europe Chapter

At the beginning of 2015 the Cabinet Office requested Open Identity Exchange begin a process of exploring the legal, business and pragmatic considerations of creating a self-sustaining UK ‘chapter’ of the Open Identity Exchange. To that point OIX UK operated as an independent UK entity able to administer ‘directed funding’ from member organisations. It had received a series of grants from the UK Cabinet Office that were used for the collaboratively funded projects.

An ad-hoc board of advisers was formed of independent, experienced, public and private sector leaders who addressed policy considerations during this transition process. In addition to considering the role of OIX UK in the future, this board of advisers considered the private sector’s needs for identity services, resulting in an on-going OIX project.

The Open Identity Exchange Board of Directors approved an OIX Chapters Policy at the end of 2015, allowing the formation of individual Chapters affiliated with OIX for the purpose of furthering the goals and objects of OIX in various local markets. In April 2016 OIX UK Europe Chapter appointed its board of Directors.

White Papers

One of key main benefits of being an Open Identity Exchange subscriber is access to the OIX White Papers. The OIX White Papers deliver joint research, funded by competitors, to examine a wide range of challenges facing the open identity market and to provide possible solutions.^[6] They are written by some of the top experts in the fields of technology, particularly open identity.

OIX

OIX: An Open Market Solution for Online Identity Assurance^[7]

Trust Frameworks

Trust Framework Requirements and Guidelines^[8]
The Personal Network: A New Trust Model and Business Model for Personal Data^[9]
Federated Online Attribute Exchange Initiatives^[10]
Personal Levels of Assurance (PLOA)^[11]
The Three Pillars of Trust^[12]

UK Identity Assurance Programme (IDAP)

Overview of Legal Liability in the IDAP (In development)

US National Strategy for Trusted Identities in Cyberspace (NSTIC)

Comments on U.S. NSTIC Steering Group Draft Charter and Related Governance Issues^[13]
United States National Strategy for Trusted Identities in Cyberspace Identity Ecosystem Steering Committee Plenary and Governing Board Charter
OIX Response to "Models for a Governance Structure for the National Strategy for Trusted Identity in Cyberspace"^[14]

White Papers Published in 2016

Open Identity Exchange (OIX) White Papers focus on current issues and opportunities in emerging identity markets. OIX white papers are driven by the needs of the members but the goal of each white paper is that they stand on their own to deliver value to the identity ecosystem as whole. OIX White Papers are always pragmatic, transparent and take one of two perspectives: a retrospective report on the outcome of a given project or pilot or a prospective discussion on a current issue or opportunity. OIX White Papers are authored by independent domain experts and are intended as summaries for a general business audience.

Recent published whitepapers include:

• Use of online activity as part of the identity verification ^[15]

• UK private sector needs for identity assurance ^[16]

• Use of digital identity in peer-to-peer economy

• Shared signals proof of concept

• Creating a digital identity in Jersey

• Just Giving and GOV.UK Verify

• Creating a pensions dashboard ^[17]

• Could digital identities help transform consumers attitudes and behavior towards savings?

• Digital identity across borders: opening a bank account in another EU country

• Generating Revenue and Subscriber Benefits: An Analysis of: The ARPU of Identity

Projects

OIX members work together to jointly fund and participate in pilot projects (sometimes referred to as alpha projects). Projects are defined as small scale, low risk assessments, analysis or tests of interoperable components that address the key challenges of creating convenient, secure, and privacy-enhancing digital transactions. These projects target specific issues that have been identified by an organization. All projects result in a whitepaper that is published on the OIX website.

Listed below are examples of the projects we have run.

States of Jersey: Creating a Digital ID^[18]

The States of Jersey (SoJ) eGovernment programme will be a major business-led transformation programme to implement the eGovernment Model vision that will be led by technology.

The eGovernment model sets out 4 key themes:

• Customer personalisation

• Operational effectiveness

• Trusted identification

• Enabling infrastructure

A fundamental component to support the model is some form of Digital ID for citizens and organisations. SoJ wish to leverage the knowledge gained during the development of the UK Government identity assurance programme to hasten adaptation and adoption for Jersey.

The hypothesis was that the UK Government identity assurance model could be adapted for Jersey with the support of certified UK IdPs and potential identity assurance hub providers, to meet the requirements of SoJ. The hypothesis also considered that this would create an attractive market opportunity in Jersey for one or more of these providers.

LIGHTest Project

This is a 3 year project that started in September 2016 and is partially funded from the European Union Horizon 2020 research and innovation programme under G.A, No. 700321. The LIGHTest consortium consists of 14 partners from 9 European countries and co-ordinated by Fraunhofer-Gesellschaft. The project looks to reach out beyond Europe, to build a global community.

LIGHTest (Lightweight Infrastructure for Global Heterogeneous Trust management in support of an open Ecosystem of Stakeholders and Trust schemes)

The objective of LIGHTest is to create a global cross-domain trust infrastructure that renders it transparent and easy for verifiers to evaluate electronic transactions. By querying different trust authorities world-wide and combining trust aspects related to identity, business, reputation etc. it will become possible to conduct domain-specific trust decisions.

This is achieved by reusing existing governance, organization, infrastructure, standards, software, community, and know-how of the existing Domain Name System, combined with new innovative building blocks. This approach allows an efficient global rollout of a solution that assists decision makers in their trust decisions. By integrating mobile identities into the scheme, LIGHTest also enables domain-specific assessments on Levels of Assurance for these identities.

This project will include at least 2 pilots.

GOV.UK Verify Programme

The UK Government, Cabinet Office joined the OIX at board level, as it began the work on its Identity Assurance Programme (IDAP). Through the OIX Directed Funding programme, a considerable number of projects continue to be carried out under OIX governance, the results of which have helped with the ongoing development of GOV.UK Verify. Work continues as GDS looks at how digital identities can be used in both the public and private sector.

GOV.UK Verify is built and maintained by the Government Digital Service (GDS), part of the Cabinet Office. The UK Government is committed to expanding GOV.UK Verify and helping to grow a market for identity assurance that will be able to meet user needs in relation to central government services, as well as for local, health and private sector services. GOV.UK Verify uses certified companies to verify your identity to government. A certified company is a private company that works to high industry and government standards when they verify your identity. Once you’ve verified your identity with your chosen certified company, you can use your account across a growing range of government services without having to start again each time.

OIXnet

OIXnet is a registry. It is an official online and publicly-accessible repository of documents and information relating to identity systems and identity system participants. Referred to as a “registry”, it functions as an official and centralized source of such documents and information, much like a government-operated recorder of deeds. That is, individuals and entities can register documents and information with the OIXnet Registry to provide notice of their contents to the public, and members of the public seeking access to such documents or information can go to that single authoritative location to find them.

The OIXnet registry is designed to provide a single comprehensive and authoritative location where documents and information relating to a specific purpose (in this case, identity systems) can be safely stored for the purpose of putting others on notice of certain facts, and from which such documents and information can be accessed by interested stakeholders seeking such information.

The value of OIXnet can be summed up in three points:

Disclosure: OIXnet provides the visibility, transparency and understand ability needed to enable trust among identity system participants.

Discovery: OIXnet provides a neutral, authoritative registry of trust information to enable interoperability of identity systems and participants.

Centralized: OIXnet provides a single authoritative source of trust-related information across multiple identity systems and multiple participants. It functions as a one-stop-shop that is increasingly being recognized as an authoritative source of cross-system trust information.

The OIXnet Registry is currently in pilot in 2016 registering new and diverse trust frameworks and communities of interest. The plan is to continue the momentum of new pilot registrations at OIXnet through 2016 and then to make the registry and pricing available to all potential registrants in 2017.

References

↑ OIX Board of Directors. Accessed 2013-08-16.
↑ OIX Board Meets with White House National Security Staff. Open Identity Exchange. Accessed 2013-08-16.
↑ State of the Net 2011 Keynote: Howard Schmidt. Accessed 2013-08-16.
↑ "GOV.UK Verify - GOV.UK". www.gov.uk. Retrieved 2016-11-28.
↑ OIX Members.
↑ OIX 2013 White Paper Pipeline. Accessed 2013-08-16.
↑ OIX: An Open Market Solution for Online Identity Assurance. The Open Identity Exchange. Accessed 2013-07-31.
↑ Trust Framework Requirements and Guidelines. The Open Identity Exchange. Accessed 2013-07-31.
↑ The Personal Network: A New Trust Model and Business Model for Personal Data. The Open Identity Exchange. Accessed 2013-07-31.
↑ Federated Online Attribute Exchange Initiatives. The Open Identity Exchange. Accessed 2013-07-31.
↑ Personal Levels of Assurance (PLOA). The Open Identity Exchange. Accessed 2013-07-31.
↑ The Three Pillars of Trust. Booz Allen Hamilton. Accessed 2013-07-31.
↑ Comments on U.S. NSTIC Steering Group Draft Charter and Related Governance Issues. The Open Identity Exchange. Accessed 2013-07-31.
↑ OIX Response to "Models for a Governance Structure for the National Strategy for Trusted Identity in Cyberspace." The Open Identity Exchange. Accessed 2013-07-31.
↑ "Report suggests Facebook activity could be used for online identity verification | PublicTechnology.net". www.publictechnology.net. Retrieved 2016-11-28.
↑ "Survey: 81% of UK companies want cross-industry digital ID options - SecureIDNews". SecureIDNews. Retrieved 2016-11-28.
↑ "Press release: Money Advice Service on behalf on the Open Identity Exchange publishes recommendations for Pension Finder Dashboard - Money Advice Service". www.moneyadviceservice.org.uk. Retrieved 2016-11-28.
↑ Ferbrache, Author Marcus (2016-07-12). "Towards a digital ID: part 4". Official States of Jersey Blog. Retrieved 2016-11-29.

External links

Open Identity Exchange official site

This article is issued from Wikipedia - version of the 12/3/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.