The Authority of the Neutral Judge

Anyone who has been to a Yankee game in the Bronx knows that the umpire’s best day is when the fans forget he’s on the field. In his mind, he only gets recognized after having made a mistake. One can’t help but see the parallel to the United States Supreme Court in light of the past week’s rulings on issues from same-sex marriage to health care. Chief Justice John Roberts sees himself in a similar situation to the umpire in his role on the Supreme Court.

In the Chief Justice’s mind, “umpires don’t make the rules, they help apply them. While the rules are made elsewhere the role of an umpire is critical. They help everybody play by the rules, but it is a limited role. Nobody ever went to a ballgame to see the umpire.” [1]

In this way the role of the Supreme Court and the OIX registry are somewhat similar. The Open Identity Exchange registry is given multiple sets of rules and by publishing them for all to see makes enforcement possible. The Open Identity Exchange’s trust registry make enforcement possible in

three ways. First it exposes an organization’s compliance to a set of rules (whitelists, trust frameworks, etc.) to the judgement of its peers. None has a keener interest in a companies compliance than its competitors. The second enforcement dynamic is the powerful binding of an organization’s public self attestation to a set of legal claims and technical tests. The brand risk alone ensures a company thinks carefully before publicly declaring compliance. Lastly, the OIXnet.org registry invites a crowd sourced scrutiny of claims of conformance. In this way Open Identity Exchange uses a minimal viable governance approach to support a diverse set of trust frameworks, whitelists, listing services, etc.

A general purpose registry like OIXnet, as a neutral third-party publisher of rule sets, is able to provide authoritative information to all stakeholders on behalf of a variety of registrants. It is as if the umpire has outlined the strike zone in neon tape for the entire stadium to see. It would be hard for batters to argue when all of the information is available for anyone to see. Each set of the business, legal and technical requirements of a trust framework registered at OIXnet.org will be the neon tape for all to see. Through a “transparency drives trust” value proposition, “anyone, at anytime, anywhere, can see everything registered in the OIXnet.org registry without charge.” [2]

Although Justice Roberts is right that, “nobody ever went to a ballgame to see the umpire,” it would be hard to argue that it makes his role any less important. Although Open Identity Exchange will never develop its own trust frameworks, it would be hard to argue the role of the OIXnet.org registry any less important

[1] Rosen, Jeffrey. “John Roberts, the Umpire in Chief.” The New York Times. The New York Times, 27 June 2015. Web. 29 June 2015.

[2] OIXnet.org

Open Identity Exchange Member Meeting Notes

OIX member meetings are “dog fooding” exercises. We walk our talk of transparency in the hope that members trust the organization they contribute their time and treasure. This is to share notes from our last meeting.

Survival, if not success, of organizations like Open Identity Exchange (OIX), requires a very clear, precise description of the value propositions from a number of member perspectives.

The value propositions of organizations like OIX, the OpenID Foundation and others are clearer now that the problem space has matured to the point that it can now recognize what Open Identity Exchange has to offer – e.g. a general purpose trust registry fits the needs of other organizations who need a trusted place to register trusted identity systems.  Organizational ears in the US, UK and Canada are tuning in.

The next set of needs for this emerging open market will be processes for terms/policy/rules standardization.  As the registry matures, it will expose more models available in the current landscape and enable Trust Framework Providers (TFPs) to be grouped and make it easier for the TFPs that follow. The OIXnet registry does not, by itself, fill in the gaps to help draw separate TFs together toward policy interoperability.  This interfederation won’t be extant in the early days, but as the network effect takes hold, it’s likely to be relevant.

OIXnet builds processes that are deliberately simple first to perform the enrollment function of informing with common information so separate processes can start to gravitate toward shared, broader interoperability requirements.  As the OIXnet registration data is made more transparent and markets react it can help strengthen federation and facilitate interoperability across TFP requirements.

OIX policy allows registrants to reduce risk by ensuring that other stakeholders are committed to the same set of (enforceable) terms and will in turn, behave more predictably.  This is what some call the “self-binding” issue, and it requires competitors to embrace the concept that some things that are better done in groups.  We have real examples in the UK and US with MNOs collaborating to build identity services available only when ubiquitous market coverage is available.

Each competitor, be they MNO or retailer, does an “outsourcing” calculus, weighing benefits and downsides of being dependent on a third-party platform they help build.  One doesn’t have to go far to reference similar outsourcing delegations to networks for shipping, payroll preparation, data processing, etc.  The latest “outsourcing” opportunity is identity services, and OIXnet could be seen as a market information platform to accelerate and govern these multiparty agreements.

OIX workshops, pilots and white papers assess and reflect progress on the pathway to date with the goal of pulling forward the futures members are impatient to manifest.  It’s OIX members that have got us to this place. A place where OIX is poised to make an even bigger positive impact to the many stakeholders it serves.

Building Blocks of Trusted Transactions

Many of you have heard me talk about the need for a registry of trusted identity systems and the vision for OIXnet over the last couple of years. Today I am proud to announce the launch of OIXnet at RSA 2015.

OIX has a global reputation for managing pragmatic pilots. So no surprise, this launch is a pilot in partnership with the OpenID Foundation whereby the Foundation is registering OpenID Connect certifications at OIXnet. Early adopters who have self certified and registered include Google, Microsoft, ForgeRock, Ping Identity, Nomura Research Institute, and PayPal. There will phases of adoption by other industry leaders who will join the program throughout 2015.

We announced in the OIXnet launch press release today that SAFE-BioPharma and SecureKey will be among the first trust framework providers (TFPs) to register their requirements and participants at OIXnet. We look forward to working with these two member organizations in getting their trust frameworks registered soon.

So why a registry? The OIXnet registry is designed to provide a comprehensive and authoritative location where documents and information relating to a specific purpose can be safely exposed to the marker. This transparency mechanism has the purpose of making available to others interoperability requirements that can be accessed by interested stakeholders seeking such information. Through registration, TFPs provide their business, legal and technical requirements to be registered through a neutral, non-profit, technology agnostic, multi tenant source. It provides a transparency and discovery mechanism for participants and users of identity systems to remove friction and build trust. Trust that results in higher volumes, velocity and variety of transactions.

So why OIXnet? One of the key value propositions of OIXnet is ‘disclosure’. OIXnet provides the visibility, transparency and understandability needed to enable trust among identity system participants. Two key words in that last sentence: ‘trust’ and ‘transparency’. Both are needed to ensure identity services success. As a colleague suggested in a recent exchange, “we need absolute trust in the transparency infrastructure”. OIXnet seeks to be a part of that ‘transparency infrastructure’.

I look forward to updating you on OIXnet momentum and adoption again soon.

Don