A very short history of OpenID Connect
More often than not OpenID Foundation members vote with their feet. Members typically signal their interest in a topic or work group by participating on a spectrum from “leader to lurker” on a mailing list discussion or in a work group’s agenda setting. On important, rare occasions, real people have to cast real votes. Votes decide things in presidential elections or in standards development organizations like the OpenID Foundation.
Two elections just concluded in the OpenID Foundation. The Vote to Approve Implementer’s Drafts of OpenID HEART Specifications just passed after a successful “get out the vote” campaign by Work Group Chairs Deb Bucci and Eve Maler with help from Board Secretary Mike Jones. In the “sausage making” of standards development votes like these really matter.
The vote for the corporate board representative also just concluded with Dale Olds’ election. I asked Dale to share a few remarks about what we might expect from his leadership. He shared the following;
“I’m honored to be elected to the board of the OpenID Foundation. In the past few years VMware has become much more active in federated identity services, both with their own products and integrations with other vendors’ products. While I expect to primarily contribute to technical issues, I plan to use my position on the board to push for increased participation by VMware and AirWatch in working groups and events. With that said, I also recognize that my position is to represent the perspective of all the corporate members, not just VMware. I encourage other corporate members to contact me if they would like to voice a concern or if they desire an issue brought to the board’s attention. Looking forward to a productive term!”
Thanks to all who took the time to vote. The contribution of your time, talents and votes are the lifeblood of volunteer-driven organizations like the OpenID Foundation and as a result; solutions are improved, standards are strengthened and customers and end-users are better served.
The focus of this year’s conference was to present the interim results of the private sector requirements for Identity Services project – the continuing consultation that begun during Autumn with interested companies. The conference also considered the UK and the European expanding market opportunities for digital identities, will representatives from UK and European Governments taking the stage.
The Open Identity Exchange, along with the American Bar Association’s Identity Management Legal Taskforce and the World Bank, hosted a workshop on January 14, 2015 in Washington D.C. with the objective of discussing the main concerns surrounding the adoption of identity management law and policy, helping to develop a common language around internet identity.
Attendees included industry leaders in identity and relevant regulatory bodies. The key theme reiterated throughout the event was the importance of focusing on outcome-based legislation. Participants voiced concern that legislation prescribing a specific technical process to implement identity standards would hinder innovation and ultimately prevent the success of a new legal regime.
The group was briefed on three main efforts to develop identity management-specific policy:
- United Nations Commission on International Trade Law (United Nations);
- Uniform Law Commission (United States);
- Identity Management Standards Advisory Council (Virginia).
Experts involved in each effort shared their opinions on how attendees could utilize their expertise to aid these efforts. These projects are moving forward at a domestic and international level to set the groundwork for a broader discussion around the impact of standards-based versus risk-based approaches to achieve the outcomes-based model regarded so positively in the discussions. Anti-Money Laundering (AML) is an important proof point in this regard for international banking.
In addition to leaders in US identity related legislation, architects of the EU eIDAS regulation were present at the event and shared their expertise on the development and function of identity-management specific law. The eIDAS team was able to show how the law they developed spurs the rapid development of solutions to problems to cooperation. They emphasized how the outcome focused nature of the eIDAS regulation allows it to continually adapt to changing technology. In examining the use case of eIDAS, attendees were able to generate new ideas of how a similar system could be adapted to the United States.
Discussions were moderated throughout the day on the following topics relating to identity management-specific law:
- Trust, Interoperability, and Enforceability;
- Privacy and Security;
- Business and Technical Standards;
- Participant Obligations;
- Legislative Goals.
These wide ranging issues gave attendees an update on the major critiques that potential legislation will face as it attempts to address the challenges of internet identity.
Ultimately, the group agreed on the need to develop a common set of issues that must be addressed in any identity management-specific law. Although there was disagreement over the standards surrounding privacy and security, attendees recognized the need to focus on developing law that allows industry to continue to innovate while protecting the interests of consumers throughout the identity management processes.
OIX encourages approaches that identity management law can be developed to serve in the cross-section of international law, identity management, and corporate policy. Follow up events planned in both London and Amsterdam on March 24 will give attendees and members of OIX the ability to continue this important conversation while learning from experts from across the identity ecosystem and develop a common language of internet identity.
The inaugural meeting of the iGov Working Group took place on Wednesday, January 14th where three co-chairs were elected by acclamation. John Bradley of Ping Identity, Paul Grassi of the US NIST and Adam Cooper of the UK Cabinet Office Identity Assurance Program are the elected co-chairs. Acclamation may be a bit strong describing an electoral process closer to being shanghaied. All the same, all of us know leadership is a classic key success factor.
However leaders emerge, they are essential to success especially in the “sausage making” of standards development. The configuration of iGOV’s leadership is intentional. The leaders map onto the WG’s mission: John’s Chilean/Canadian identity together with his unique technical chops; together with Paul Grassi’s past pedigree and present position in the US Government; together with Adam Cooper’s architectural expertise than stretches into European standards and schemes form iGOV’s leadership team.
Leaders lead and we look to these men to manage the process and lead work group contributors to a common goal. Please consider joining this effort. The work group’s goal is to have a common deployment profile that can be customized for the needs of both pubic and private sector deployments in multiple jurisdictions that may require the higher levels of security and privacy protections that OpenID Connect currently supports. The resulting profile’s goal is to enable users to authenticate and share consented attribute information with public sector services across the globe.
The full draft charter is available at http://openid.net/igov-wg-draft-charter/.
One of the take-aways from the Open Identity Exchange Economics of Identity Conference last week in London was potential impact of regulatory and legislative changes driven by the European Union’s eIDaSS program and the common digital market. Andrea Servida, Head of the EU’s Task Force on Identity, outlined the changes that will redefine digital markets and identity services in 2016 and beyond.
As a result, Open Identity Exchange is extending its core focus a bit to address international identity management legal and policy issues. Together with our co-sponsors we hope to obtain the views and recommendations of Open Identity Exchange members on the direction of soon-to-be-developed identity legislation. The meeting is co-sponsored by the Open Identity Exchange, the ABA Identity Management Legal Task Force, and The World Bank.
The meeting will review several recent legal and policy developments that have important implications for identity transactions. In addition to identity management legislation recently enacted by the State of Virginia and the European Union, two key identity management legislative initiatives are in the works. First, the United Nations Commission on International Trade Law (UNCITRAL) has agreed to undertake a project to develop international legal rules for identity management. Second, in the U.S., the Uniform Law Commission is considering a proposal to establish a committee to draft uniform identity management legislation for enactment by the 50 U.S. states.
The legal and policy choices made by these and other legislative processes will have a significant impact on everyone who issues or consumes online identity credentials. Thus, the meeting co-sponsors will be seeking your input and guidance regarding the appropriate direction of identity management law and policy, so as to inform the processes in both the U.S. and internationally. As with all Open Identity Exchange initiatives we’ll share the outcomes and hopefully help advance the conversations in the US, UK and Europe via OIX workshops, white papers and websites.
Dear Ms. Sonenshine,
Like you, many of us never met Anne Smedinghoff, although we have the pleasure of working with her father Tom. As is so often the case, when a tragedy occurs in a professional colleague’s personal life we have few ways of expressing our support and solidarity. Your post below reminds us that our work, though far away from the world of diplomacy, also touches on why we are secure in the world and who helps create that security.
Our work involves how we are to be more secure online. In this work we have the benefit of Tom Smedinghoff’s legal experience and expertise. Tom’s work with the US State Department and the UN on issues of global identity management complements our more commercial and technical concerns. Tom’s commitment and values enriches and informs our work as it did Anne’s.
Thank you for your reminder to count our blessings. And the chance to add our thanks to yours to the Smedinghoff family.
September is a season of beginnings. Kids start school. Parents head back to work. We tuck away summer memories, and make room for fall events.
But for one family, this September is a season of sadness mingled with pride as they remember a beautiful young diplomat who gave her life protecting ours.
Anne Smedinghoff would be turning 26 on Sept. 18 were it not for a bomb blast that took her life miles from home, in Afghanistan, in April.
Anne was raised in River Forest, Ill., by a joyful family in a close-knit community. Friends and colleagues describe Anne as spunky, smart, energetic, and adventurous. She loved hiking, mountain climbing, and backpacking.
After graduating from Johns Hopkins University in Baltimore, in 2009, Anne rode her bike 4,000 miles across America to raise money for cancer research. From her Facebook pages and the stories of friends and loved ones, she clearly loved traveling, meeting new people, and learning about the world.
Like so many young Americans, Anne wanted to serve her country. In 2010, she joined the foreign service – no easy feat. Many young people want to be diplomats; only a few pass the exam, get through the rigorous interview process, and complete the training required for a first-tour assignment overseas. Anne made it.
In August of that year she was sent to Venezuela. Fluent in Spanish, her first posting was at the consular window in Caracas, where she met and greeted citizens, her warm smile providing a welcoming and beckoning presence to those needing a visa to visit the United States.
What I have learned about foreign service officers is that they rarely stay put and are the first to volunteer for harder assignments.
So when Anne heard there was an opening in Afghanistan, she raised her hand. She was assigned to the public diplomacy office in the embassy in Kabul in 2011 – a difficult and dangerous job, but an ideal one for someone who loved being with people, fostering relationships with local youth, engaging with citizens to improve education, and building bridges between Afghanistan and America.
In Afghanistan, Anne had the opportunity to do what she loved most: work with people in a conflict zone. She helped Afghan girls find opportunity through embassy youth empowerment projects with Afghan schools and set up media interviews with Afghan press for visiting U.S. officials. She learned the art of public diplomacy – an often underappreciated diplomatic skill to connect with foreigners on a human level. She was the perfect public diplomat, ready to move beyond the embassy walls to mingle with locals, to create trust and individual relationships by funding local projects, to explain U.S. customs and share American stories, and to develop an atmosphere of goodwill abroad to enhance the peace and security at home.
In March 2012, Anne got the chance of a lifetime. The new U.S. secretary of state, John Kerry, was going to Kabul. She was able to prepare his visit, coordinate the schedule, and meet her new boss as a member of the host delegation. Kerry later recalled Anne’s energy, enthusiasm, and warmth.
Just weeks after meeting Kerry, Anne traveled to Zabul province to deliver books to a school in the town of Qalot. As the convoy of American soldiers and civilians arrived, a suicide bomber approached. Witnesses describe a horrific blast, the shattering of glass and debris, and the cries for help.
Anne was among those killed outside the school, along with four other Americans – three soldiers and a civilian. Her body was flown to Dover Air Force Base. Draped in the U.S. flag, her casket was returned home to St. Luke’s Church in Forest Oak, Ill., where grieving family members, friends, and colleagues honored her.
Although we never met, I supervised all the public diplomacy officers around the world, of which Anne was one. Hence, when it came to her memorial service at the State Department, I was among those who gave the remarks.
We hear about casualties of war – about the injured and the dead – counted in the hundreds, even the thousands. These are staggering statistics. But behind these numbers are individual – often young lives, lost too soon in the line of duty.
This month, as we go about our busy lives, let’s pause for a moment on Wednesday. Let us count our blessings and remind ourselves why we are secure in the world and who helps create that security. And let us say thank you.
Anyone who has been to a Yankee game in the Bronx knows that the umpire’s best day is when the fans forget he’s on the field. In his mind, he only gets recognized after having made a mistake. One can’t help but see the parallel to the United States Supreme Court in light of the past week’s rulings on issues from same-sex marriage to health care. Chief Justice John Roberts sees himself in a similar situation to the umpire in his role on the Supreme Court.
In the Chief Justice’s mind, “umpires don’t make the rules, they help apply them. While the rules are made elsewhere the role of an umpire is critical. They help everybody play by the rules, but it is a limited role. Nobody ever went to a ballgame to see the umpire.” 
In this way the role of the Supreme Court and the OIX registry are somewhat similar. The Open Identity Exchange registry is given multiple sets of rules and by publishing them for all to see makes enforcement possible. The Open Identity Exchange’s trust registry make enforcement possible in
three ways. First it exposes an organization’s compliance to a set of rules (whitelists, trust frameworks, etc.) to the judgement of its peers. None has a keener interest in a companies compliance than its competitors. The second enforcement dynamic is the powerful binding of an organization’s public self attestation to a set of legal claims and technical tests. The brand risk alone ensures a company thinks carefully before publicly declaring compliance. Lastly, the OIXnet.org registry invites a crowd sourced scrutiny of claims of conformance. In this way Open Identity Exchange uses a minimal viable governance approach to support a diverse set of trust frameworks, whitelists, listing services, etc.
A general purpose registry like OIXnet, as a neutral third-party publisher of rule sets, is able to provide authoritative information to all stakeholders on behalf of a variety of registrants. It is as if the umpire has outlined the strike zone in neon tape for the entire stadium to see. It would be hard for batters to argue when all of the information is available for anyone to see. Each set of the business, legal and technical requirements of a trust framework registered at OIXnet.org will be the neon tape for all to see. Through a “transparency drives trust” value proposition, “anyone, at anytime, anywhere, can see everything registered in the OIXnet.org registry without charge.” 
Although Justice Roberts is right that, “nobody ever went to a ballgame to see the umpire,” it would be hard to argue that it makes his role any less important. Although Open Identity Exchange will never develop its own trust frameworks, it would be hard to argue the role of the OIXnet.org registry any less important Rosen, Jeffrey. “John Roberts, the Umpire in Chief.” The New York Times. The New York Times, 27 June 2015. Web. 29 June 2015.  OIXnet.org