Recalling a Life Lost Too Soon in the Service of Her Country

Dear Ms. Sonenshine,

Like you, many of us never met Anne Smedinghoff, although we have the pleasure of working with her father Tom.  As is so often the case, when a tragedy occurs in a professional colleague’s personal life we have few ways of expressing our support and solidarity.  Your post below reminds us that our work, though far away from the world of diplomacy, also touches on why we are secure in the world and who helps create that security.

Our work involves how we are to be more secure online. In this work we have the benefit of Tom Smedinghoff’s legal experience and expertise. Tom’s work with the US State Department and the UN on issues of global identity management complements our more commercial and technical concerns. Tom’s commitment and values enriches and informs our work as it did Anne’s.

Thank you for your reminder to count our blessings. And the chance to add our thanks to yours to the Smedinghoff family.

Don Thibeau
The Open Identity Exchange
The OpenID Foundation


Tara Sonenshine Posted: Sunday, September 15, 2013, 1:10 AM

September is a season of beginnings. Kids start school. Parents head back to work. We tuck away summer memories, and make room for fall events.

But for one family, this September is a season of sadness mingled with pride as they remember a beautiful young diplomat who gave her life protecting ours.

Anne Smedinghoff would be turning 26 on Sept. 18 were it not for a bomb blast that took her life miles from home, in Afghanistan, in April.

Anne was raised in River Forest, Ill., by a joyful family in a close-knit community. Friends and colleagues describe Anne as spunky, smart, energetic, and adventurous. She loved hiking, mountain climbing, and backpacking.

After graduating from Johns Hopkins University in Baltimore, in 2009, Anne rode her bike 4,000 miles across America to raise money for cancer research. From her Facebook pages and the stories of friends and loved ones, she clearly loved traveling, meeting new people, and learning about the world.

Like so many young Americans, Anne wanted to serve her country. In 2010, she joined the foreign service – no easy feat. Many young people want to be diplomats; only a few pass the exam, get through the rigorous interview process, and complete the training required for a first-tour assignment overseas. Anne made it.

In August of that year she was sent to Venezuela. Fluent in Spanish, her first posting was at the consular window in Caracas, where she met and greeted citizens, her warm smile providing a welcoming and beckoning presence to those needing a visa to visit the United States.

What I have learned about foreign service officers is that they rarely stay put and are the first to volunteer for harder assignments.

So when Anne heard there was an opening in Afghanistan, she raised her hand. She was assigned to the public diplomacy office in the embassy in Kabul in 2011 – a difficult and dangerous job, but an ideal one for someone who loved being with people, fostering relationships with local youth, engaging with citizens to improve education, and building bridges between Afghanistan and America.

In Afghanistan, Anne had the opportunity to do what she loved most: work with people in a conflict zone. She helped Afghan girls find opportunity through embassy youth empowerment projects with Afghan schools and set up media interviews with Afghan press for visiting U.S. officials. She learned the art of public diplomacy – an often underappreciated diplomatic skill to connect with foreigners on a human level. She was the perfect public diplomat, ready to move beyond the embassy walls to mingle with locals, to create trust and individual relationships by funding local projects, to explain U.S. customs and share American stories, and to develop an atmosphere of goodwill abroad to enhance the peace and security at home.

In March 2012, Anne got the chance of a lifetime. The new U.S. secretary of state, John Kerry, was going to Kabul. She was able to prepare his visit, coordinate the schedule, and meet her new boss as a member of the host delegation. Kerry later recalled Anne’s energy, enthusiasm, and warmth.

Just weeks after meeting Kerry, Anne traveled to Zabul province to deliver books to a school in the town of Qalot. As the convoy of American soldiers and civilians arrived, a suicide bomber approached. Witnesses describe a horrific blast, the shattering of glass and debris, and the cries for help.

Anne was among those killed outside the school, along with four other Americans – three soldiers and a civilian. Her body was flown to Dover Air Force Base. Draped in the U.S. flag, her casket was returned home to St. Luke’s Church in Forest Oak, Ill., where grieving family members, friends, and colleagues honored her.

Although we never met, I supervised all the public diplomacy officers around the world, of which Anne was one. Hence, when it came to her memorial service at the State Department, I was among those who gave the remarks.

We hear about casualties of war – about the injured and the dead – counted in the hundreds, even the thousands. These are staggering statistics. But behind these numbers are individual – often young lives, lost too soon in the line of duty.

This month, as we go about our busy lives, let’s pause for a moment on Wednesday. Let us count our blessings and remind ourselves why we are secure in the world and who helps create that security. And let us say thank you.

The Authority of the Neutral Judge

Anyone who has been to a Yankee game in the Bronx knows that the umpire’s best day is when the fans forget he’s on the field. In his mind, he only gets recognized after having made a mistake. One can’t help but see the parallel to the United States Supreme Court in light of the past week’s rulings on issues from same-sex marriage to health care. Chief Justice John Roberts sees himself in a similar situation to the umpire in his role on the Supreme Court.

In the Chief Justice’s mind, “umpires don’t make the rules, they help apply them. While the rules are made elsewhere the role of an umpire is critical. They help everybody play by the rules, but it is a limited role. Nobody ever went to a ballgame to see the umpire.” [1]

In this way the role of the Supreme Court and the OIX registry are somewhat similar. The Open Identity Exchange registry is given multiple sets of rules and by publishing them for all to see makes enforcement possible. The Open Identity Exchange’s trust registry make enforcement possible in

three ways. First it exposes an organization’s compliance to a set of rules (whitelists, trust frameworks, etc.) to the judgement of its peers. None has a keener interest in a companies compliance than its competitors. The second enforcement dynamic is the powerful binding of an organization’s public self attestation to a set of legal claims and technical tests. The brand risk alone ensures a company thinks carefully before publicly declaring compliance. Lastly, the OIXnet.org registry invites a crowd sourced scrutiny of claims of conformance. In this way Open Identity Exchange uses a minimal viable governance approach to support a diverse set of trust frameworks, whitelists, listing services, etc.

A general purpose registry like OIXnet, as a neutral third-party publisher of rule sets, is able to provide authoritative information to all stakeholders on behalf of a variety of registrants. It is as if the umpire has outlined the strike zone in neon tape for the entire stadium to see. It would be hard for batters to argue when all of the information is available for anyone to see. Each set of the business, legal and technical requirements of a trust framework registered at OIXnet.org will be the neon tape for all to see. Through a “transparency drives trust” value proposition, “anyone, at anytime, anywhere, can see everything registered in the OIXnet.org registry without charge.” [2]

Although Justice Roberts is right that, “nobody ever went to a ballgame to see the umpire,” it would be hard to argue that it makes his role any less important. Although Open Identity Exchange will never develop its own trust frameworks, it would be hard to argue the role of the OIXnet.org registry any less important

[1] Rosen, Jeffrey. “John Roberts, the Umpire in Chief.” The New York Times. The New York Times, 27 June 2015. Web. 29 June 2015.

[2] OIXnet.org

First of a Kind/One of a Kind

At the OIX pre-discovery event in May, senior representatives from leading private and public sector organizations, many of them OIX members, collaborated on the first step of analyzing how they wanted to define open identity services in the UK. A federated approach to internet identity as the engine of a cross sector market model were favoured outcomes. The benefits of such an approach were seen in, increased customer acquisition and revenue, reduced fraud and compliance costs, all together in an improved customer experience. The OIX White paper written by Innovate Identity expands the outcomes of that day.

UK Members have asked OIX to accelerate the discovery project during the next two months with the purpose of articulating actionable plans for overall UK identity market standards across sector, and to share its findings in a OIX White paper that will inform discussions at OIX’s Economics of Identity II summit planned for November (date to be announced soon).

This increased pace and scope includes targeted industry engagement refined through a series of sector specific workshops surveys to capture industry feedback for analysis (see the white paper appendix for the survey questions). Innovate Identity working closely with OIX will drive the testing of user needs to anticipate stakeholder interests in federated identity ecosystems.

This project is the first of its kind and one of a kind in its scope, scale and ambition it may prove to be a significant step to a UK market where the public and private sector work together to create an open and trustworthy digital identity market

We hope you will participate, alongside our members – email oixuk@openidentityexchange.org to be involved in the project, attend the workshops and respond to the survey.

Don Thibeau

Using attribute exchange to gain customer trust and transform service delivery

The first principle of good on-line service design is to put the customer first. This can be quite straightforward when an organisation is in complete control of an online transaction. It becomes a lot more difficult when other organisations are involved. This is often the case in local government transactions where information about a customer’s entitlement or eligibility for a service is held by Government departments. The customer can then get lost in a difficult and time-consuming paper chase as they assemble the evidence they require to secure the service they need.

In those situations putting the customer first means finding a quick and efficient way of sharing eligibility and entitlement information on-line, in real time while the customer is filling out their on-line application form. And eliminating the paper chase isn’t only good for customers. It means local and central government can deliver services more efficiently and at lower cost.

The first challenge, then, is to develop effective, real-time data sharing mechanisms that allow eligibility and entitlement information to flow between organisations.

There is a problem, though. There have been a number of reports recently (see for example a recent report by the Digital Catapult) showing that the public do not trust organisations with their data and don’t know how that data is being used. This fear is fuelled by repeated stories of data breaches in both the private and public sectors.

So the second challenge is to share data in a way that customers understand, trust and are prepared to accept.

Warwickshire County Council has been working with The Government Digital Service and private sector partners (Verizon, Mydex andNorthgate Public Services) to deliver a number of Open Identity Exchange (OIX) sponsored projects that address these challenges head on. Last year we demonstrated that putting the customer in control of the data that is being shared in an online transaction can build trust and acceptance. The customers understood what data was being shared and why it was being shared. They were also delighted with the way the data sharing improved service delivery.

In our latest OIX project we have demonstrated that it is possible to build a technical solution that allows this data sharing happen for real. You can read about our findings in the white paper and technical paper on the OIXUK web site. We call the solution attribute exchange, and it has a number of key characteristics:

  • Data is shared online, in real-time so that complex transactions can be completed there and then
  • The customer is in control of the data that is shared and has to give consent before data is shared
  • We know it is the customer who has consented because they have used their highly assured UK Verify credentials to log in
  • Only the minimum data necessary to drive the transaction in hand is exchanged. In many cases the service provider only needs to get a yes/no answer back from the attribute provider. In our use case Warwickshire asked the DWP a simple yes/no question: “is this customer eligible for a Blue Badge?”
  • The solution meets the relevant privacy principles developed by the Privacy and Consumer Advisory Group for identity assurance
  • The solution is generic and standards based. It could be used for any service and any service provider/attribute provider pairing. It is applicable to the private and public sectors and could handle transactions that require a combination of private and public sector data

Attribute exchange can address the two challenges of providing online, real-time exchange of data in a way that customers trust, accept and welcome. The next challenge is to bring this solution to the market as a live service in order to deliver its transformative potential. This needs both the private and public sectors to participate. The private sector needs to provide the attribute exchange mechanisms. The public sector needs to embrace this opportunity to make life better for our customers while at the same time meeting demands for greater efficiency and lower costs.

There are signs that the private and public sectors are both prepared to step up to the mark. Watch this space.

Ian Litton. Warwickshire County Council

Open Identity Exchange Member Meeting Notes

OIX member meetings are “dog fooding” exercises. We walk our talk of transparency in the hope that members trust the organization they contribute their time and treasure. This is to share notes from our last meeting.

Survival, if not success, of organizations like Open Identity Exchange (OIX), requires a very clear, precise description of the value propositions from a number of member perspectives.

The value propositions of organizations like OIX, the OpenID Foundation and others are clearer now that the problem space has matured to the point that it can now recognize what Open Identity Exchange has to offer – e.g. a general purpose trust registry fits the needs of other organizations who need a trusted place to register trusted identity systems.  Organizational ears in the US, UK and Canada are tuning in.

The next set of needs for this emerging open market will be processes for terms/policy/rules standardization.  As the registry matures, it will expose more models available in the current landscape and enable Trust Framework Providers (TFPs) to be grouped and make it easier for the TFPs that follow. The OIXnet registry does not, by itself, fill in the gaps to help draw separate TFs together toward policy interoperability.  This interfederation won’t be extant in the early days, but as the network effect takes hold, it’s likely to be relevant.

OIXnet builds processes that are deliberately simple first to perform the enrollment function of informing with common information so separate processes can start to gravitate toward shared, broader interoperability requirements.  As the OIXnet registration data is made more transparent and markets react it can help strengthen federation and facilitate interoperability across TFP requirements.

OIX policy allows registrants to reduce risk by ensuring that other stakeholders are committed to the same set of (enforceable) terms and will in turn, behave more predictably.  This is what some call the “self-binding” issue, and it requires competitors to embrace the concept that some things that are better done in groups.  We have real examples in the UK and US with MNOs collaborating to build identity services available only when ubiquitous market coverage is available.

Each competitor, be they MNO or retailer, does an “outsourcing” calculus, weighing benefits and downsides of being dependent on a third-party platform they help build.  One doesn’t have to go far to reference similar outsourcing delegations to networks for shipping, payroll preparation, data processing, etc.  The latest “outsourcing” opportunity is identity services, and OIXnet could be seen as a market information platform to accelerate and govern these multiparty agreements.

OIX workshops, pilots and white papers assess and reflect progress on the pathway to date with the goal of pulling forward the futures members are impatient to manifest.  It’s OIX members that have got us to this place. A place where OIX is poised to make an even bigger positive impact to the many stakeholders it serves.

Blessed are the Doers for They Shall Inherit the Ecosystem

Pilots and problem solving, like science experiments, don’t always work as expected. But we always publish results in the hope we can advance the conversation. OIX takes on the hardest problems in identity like liability. We enable competitors to collaborate through a remarkable IPR container used by global leaders.

OIX has helped pilots involving shared signals and Mobile Network Operators across borders. Years ago, Google and Verizon collaborated on an OIX pilot called “Street Identity” sorting out the issues of binding a physical “street” address with an online address like an email account. It was an agile, “Googley” approach; market test a hypothesis, see it works and then “wash, rinse and repeat.”

And of late we’ve turned our attention on how best to verify the identities of the disadvantaged, the “thin file” demographics. There’s been a lot of recent discussions on helping disadvantaged citizens AKA the under-banked, the ‘thin files’ folks unable to participate fully in government-to-citizen services online. It’s a growing problem common to governments and Internet identity systems worldwide.

OIX Board member companies like Equifax, Experian and LexisNexis are building commercial data solutions that address the verification of the ‘thin file’ demographic. CA Technology, Microsoft and others provide the enterprise systems at scale that support attribute exchange across populations. Ping Identity, Verizon and others are looking at extending attribute provisioning into national health care systems.

These members have in common is that they are all involved in the GOV.UK Verify program at the same time exploring similar propositions with Federal and State officials in the US. The ROI of delivering G2C services is compelling and happening now. It seems the right thing to do and an economically sensible area to explore.

We’ll build on the OIX’s GOV.UK Verify pilots and White Papers. The idea is simple – learn from UK Pilots in South Yorkshire, Warwickshire, etc. to inform pilots in the US.

Truth be told, innovations occur where the rubber hits the road, at the state, local and municipal levels. Whether in Warwickshire or Pennsylvania, South Yorkshire or Virginia, British Columbia or Texas, that’s where real problems in verifying identity gets solved; its where Internet identity isn’t aspirational its critical.

Building Blocks of Trusted Transactions

Many of you have heard me talk about the need for a registry of trusted identity systems and the vision for OIXnet over the last couple of years. Today I am proud to announce the launch of OIXnet at RSA 2015.

OIX has a global reputation for managing pragmatic pilots. So no surprise, this launch is a pilot in partnership with the OpenID Foundation whereby the Foundation is registering OpenID Connect certifications at OIXnet. Early adopters who have self certified and registered include Google, Microsoft, ForgeRock, Ping Identity, Nomura Research Institute, and PayPal. There will phases of adoption by other industry leaders who will join the program throughout 2015.

We announced in the OIXnet launch press release today that SAFE-BioPharma and SecureKey will be among the first trust framework providers (TFPs) to register their requirements and participants at OIXnet. We look forward to working with these two member organizations in getting their trust frameworks registered soon.

So why a registry? The OIXnet registry is designed to provide a comprehensive and authoritative location where documents and information relating to a specific purpose can be safely exposed to the marker. This transparency mechanism has the purpose of making available to others interoperability requirements that can be accessed by interested stakeholders seeking such information. Through registration, TFPs provide their business, legal and technical requirements to be registered through a neutral, non-profit, technology agnostic, multi tenant source. It provides a transparency and discovery mechanism for participants and users of identity systems to remove friction and build trust. Trust that results in higher volumes, velocity and variety of transactions.

So why OIXnet? One of the key value propositions of OIXnet is ‘disclosure’. OIXnet provides the visibility, transparency and understandability needed to enable trust among identity system participants. Two key words in that last sentence: ‘trust’ and ‘transparency’. Both are needed to ensure identity services success. As a colleague suggested in a recent exchange, “we need absolute trust in the transparency infrastructure”. OIXnet seeks to be a part of that ‘transparency infrastructure’.

I look forward to updating you on OIXnet momentum and adoption again soon.

Don

Toward a Modern Magna Carta for Internet Identity

Many have noted similarities in the work of the US National Strategy on Trusted Identity in Cyberspace’s via its Identity Ecosystem Steering Group, and in the UK via HMG Cabinet Office Identity Assurance Program via its Identity Steering Group.

After the recent US National Strategy on Trusted Identity in Cyberspace Plenary in Atlanta, I attended meetings in London that focused on how the progress and precedents in GOV.UK Verify can inform business cases for identity services across both public and private sectors. The common denominator is a need for a private sector led, public private partnership, that helps accelerate the volume, velocity and variety of Internet transactions while recognizing government’s role in protecting the security and privacy of its citizens.

At an Open Identity Exchange (OIX) speaker’s dinner preceding a big tech entrepreneurs’ conference at the Royal Institute of Great Britain, industry leaders and investors from British banks and Silicon Valley talked about how best to grow bespoke services in the UK that interoperate with global identity ecosystems. There was begrudging acknowledgement that emerging UK identity services markets risk being dominated by a small group of US companies whose “walled gardens” and proprietary standards limit the upside and expansion for established and entrepreneurial enterprises alike in Britain.

All the attendees acknowledged that leveraging GOV.UK Verify as a catalyst for commercial services pivots on issues around how identity services that serve government might be repurposed for commercial applications. Put another way; what are the rules of the road in the UK for the reuse of government approved identity services?

The need for guidelines for the Internet—a Magna Carta, of sorts—was part of a discussion with Baroness Martha Lane Fox and others on the BBC recently. (http://www.bbc.co.uk/programmes/b048l00t). A week later in Silicon Valley, President Obama called for new cooperation to wrangle the Wild West of the Internet. (http://www.nytimes.com/2015/02/14/business/obama-urges-tech-companies-to-cooperate-on-internet-security.html?_r=0)

Francis Maude, the Minister for Cabinet OfficeHMG Minister for Cabinet Office Francis Maude reminded us before the dinner that all stakeholders have much to gain by a public-private partnership like OIX. It can help develop, deploy and govern a set of scheme rules that clarify and articulate the business, technical and legal interoperability requirements needed for robust business cases. The Right Honorable Francis Maude’s remarks  reminded many of us of his “JFDI” reference at the first Economics of Identity conference held last June in London.

Minister Maude eschewed that particular exhortation in his keynote last week, but his message was clear: British taxpayers will be well served by the efficiencies of the Government Digital Service (GDS) GOV.UK Verify program, as well as the catalyst it can provide to the emerging identity services in the UK private sector.

During the OIX member meetings that followed, GDS leader Chris Ferguson pointed to the challenge of starting with government procurement language to inform a public and private sector set of scheme rules.

The OIX Advisory Board noted the success of trust frameworks underway via the Transglobal Secure Collaboration Participation (TSCP) in defense and aerospace, and with the SAFE-BioPharma Association in the biopharmaceutical and healthcare sectors. Today these organizations provide identity federation services that are the rules of the road necessary to govern their sectors’ commercial Internet identity systems.

OIX UK is beginning to organize what we call a “scheme rules sprint” using a proven multi-stakeholder collaboration process that solves a specific and common problem. The process is key, as we take on the forcing-functions of transparency and a second annual Economics of Identity Conference on Canary Wharf on June 30 of this year. This work, like all others, will follow the now time-tested process set out in the UK Identity Steering Group, ensuring transparency and deliverables as we would expect with any government and Open Identity Exchange led project.

It is terribly presumptuous to compare our modest scheme rules or trust framework development efforts to a modern Magna Carta. But as they say in the UK, it’s a direction of travel, a way to honor the original Magna Carta on its anniversary and a road worth taking.

Don Thibeau
The Open Identity Exchange

Industry Leaders Lead: Google Asks Developers to Migrate from OpenID 2.0 to OpenID Connect

In 2015, waves of disruption are coursing through the Internet identity ecosystem as standard development organizations, companies and governments look to bolster the security and privacy of the information they are charged with protecting.

Implementing the latest open standards is one of the many practical steps identity providers and relying parties can take now to secure the identities of people accessing websites and apps. Industry leaders like Google are adopting the OpenID Connect protocol and migrating away from OpenID 2.0 to enable better privacy controls and stronger authentication. Released last year, OpenID Connect helps website and application developers get out of the business of storing and managing passwords – especially in the face of the increasing attacks that have compromised the identities of hundreds of millions of people worldwide.

Google recently announced to its developer ecosystem that they should migrate to OpenID Connect by April 20, 2015, the deadline when OpenID 2.0 will no longer work for Google Accounts.

Along with Google, other OpenID Foundation members including Microsoft, Salesforce, Ping Identity, and ForgeRock as well as companies such as Amazon, are adopting and deploying OpenID Connect. This is a signal to organizations worldwide that the tide is turning in the fight against identity theft and cybercrime. OpenID Connect will increase the security of the whole Internet by putting the responsibility for user identity verification in the hands of the most expert service providers.

For questions and information on OpenID Connect please turn to the following resources:

2015 Board of Directors Election Results

Thanks to all who voted for those who will represent corporate members and the community at large on the OpenID Foundation Board of Directors. John Bradley and Mike Jones have been elected to two year terms and George Fletcher to a one year term.

The returning board members help ensure the leadership, continuity and deep technical expertise that is the lifeblood of the Foundation. Those reelected will join current sustaining board representatives: Pam Dingle of Ping Identity, Raj Mata of PayPal, Tony Nadalin of Microsoft, Roger Casals of Symantec, Tracy Hulver of Verizon, Dylan Casey of Yahoo!, Debbie Bucci of the US Department of Health and Human Services, Office of the National Coordinator and Adam Dawes of Google on the board.

Corporate Members of the OpenID Foundation elect a member to represent them on the OIDF board.  All corporate members were eligible to nominate themselves, second the nominations of others, and vote for candidates. I am very pleased to announce the reelection of Torsten Lodderstedt of Deutsche Telekom as the Corporate member representative to the Board of Directors. In addition to his service on the Board, Torsten chairs the Mobile Profile for OpenID Connect WG. Torsten’s leadership in profiling OpenID Connect on the platform of choice, mobile, together with Deb Bucci’s focus on a particularly ‘wicked’ problem space, medical patient records permissioning demonstrates the importance of the work we have set out to do.

I am very pleased to announce a OpenID Foundation corporate member Nomura Research Institute, represented by Nat Sakimura, our long standing board Chairman, has stepped up its membership.  Sustaining membership requires a significant financial and resource commitment. I am delighted that NRI’s increased investment and Nat’s global thought leadership continues to inform our work.  Nat’s Chairmanship of the OpenID Foundation and liaison with OpenID Foundation Japan helps coordinate working groups with a vibrant community of developers in Asia.

There is a special place in heaven, or at least in the identity ecosystem, for those that lead by example.

Please join me in thanking all OpenID Foundation Board members for their leadership.

Regards,
Don