A very short history of OpenID Connect
More often than not OpenID Foundation members vote with their feet. Members typically signal their interest in a topic or work group by participating on a spectrum from “leader to lurker” on a mailing list discussion or in a work group’s agenda setting. On important, rare occasions, real people have to cast real votes. Votes decide things in presidential elections or in standards development organizations like the OpenID Foundation.
Two elections just concluded in the OpenID Foundation. The Vote to Approve Implementer’s Drafts of OpenID HEART Specifications just passed after a successful “get out the vote” campaign by Work Group Chairs Deb Bucci and Eve Maler with help from Board Secretary Mike Jones. In the “sausage making” of standards development votes like these really matter.
The vote for the corporate board representative also just concluded with Dale Olds’ election. I asked Dale to share a few remarks about what we might expect from his leadership. He shared the following;
“I’m honored to be elected to the board of the OpenID Foundation. In the past few years VMware has become much more active in federated identity services, both with their own products and integrations with other vendors’ products. While I expect to primarily contribute to technical issues, I plan to use my position on the board to push for increased participation by VMware and AirWatch in working groups and events. With that said, I also recognize that my position is to represent the perspective of all the corporate members, not just VMware. I encourage other corporate members to contact me if they would like to voice a concern or if they desire an issue brought to the board’s attention. Looking forward to a productive term!”
Thanks to all who took the time to vote. The contribution of your time, talents and votes are the lifeblood of volunteer-driven organizations like the OpenID Foundation and as a result; solutions are improved, standards are strengthened and customers and end-users are better served.
The inaugural meeting of the iGov Working Group took place on Wednesday, January 14th where three co-chairs were elected by acclamation. John Bradley of Ping Identity, Paul Grassi of the US NIST and Adam Cooper of the UK Cabinet Office Identity Assurance Program are the elected co-chairs. Acclamation may be a bit strong describing an electoral process closer to being shanghaied. All the same, all of us know leadership is a classic key success factor.
However leaders emerge, they are essential to success especially in the “sausage making” of standards development. The configuration of iGOV’s leadership is intentional. The leaders map onto the WG’s mission: John’s Chilean/Canadian identity together with his unique technical chops; together with Paul Grassi’s past pedigree and present position in the US Government; together with Adam Cooper’s architectural expertise than stretches into European standards and schemes form iGOV’s leadership team.
Leaders lead and we look to these men to manage the process and lead work group contributors to a common goal. Please consider joining this effort. The work group’s goal is to have a common deployment profile that can be customized for the needs of both pubic and private sector deployments in multiple jurisdictions that may require the higher levels of security and privacy protections that OpenID Connect currently supports. The resulting profile’s goal is to enable users to authenticate and share consented attribute information with public sector services across the globe.
The full draft charter is available at http://openid.net/igov-wg-draft-charter/.
OIX member meetings are “dog fooding” exercises. We walk our talk of transparency in the hope that members trust the organization they contribute their time and treasure. This is to share notes from our last meeting.
Survival, if not success, of organizations like Open Identity Exchange (OIX), requires a very clear, precise description of the value propositions from a number of member perspectives.
The value propositions of organizations like OIX, the OpenID Foundation and others are clearer now that the problem space has matured to the point that it can now recognize what Open Identity Exchange has to offer – e.g. a general purpose trust registry fits the needs of other organizations who need a trusted place to register trusted identity systems. Organizational ears in the US, UK and Canada are tuning in.
The next set of needs for this emerging open market will be processes for terms/policy/rules standardization. As the registry matures, it will expose more models available in the current landscape and enable Trust Framework Providers (TFPs) to be grouped and make it easier for the TFPs that follow. The OIXnet registry does not, by itself, fill in the gaps to help draw separate TFs together toward policy interoperability. This interfederation won’t be extant in the early days, but as the network effect takes hold, it’s likely to be relevant.
OIXnet builds processes that are deliberately simple first to perform the enrollment function of informing with common information so separate processes can start to gravitate toward shared, broader interoperability requirements. As the OIXnet registration data is made more transparent and markets react it can help strengthen federation and facilitate interoperability across TFP requirements.
OIX policy allows registrants to reduce risk by ensuring that other stakeholders are committed to the same set of (enforceable) terms and will in turn, behave more predictably. This is what some call the “self-binding” issue, and it requires competitors to embrace the concept that some things that are better done in groups. We have real examples in the UK and US with MNOs collaborating to build identity services available only when ubiquitous market coverage is available.
Each competitor, be they MNO or retailer, does an “outsourcing” calculus, weighing benefits and downsides of being dependent on a third-party platform they help build. One doesn’t have to go far to reference similar outsourcing delegations to networks for shipping, payroll preparation, data processing, etc. The latest “outsourcing” opportunity is identity services, and OIXnet could be seen as a market information platform to accelerate and govern these multiparty agreements.
OIX workshops, pilots and white papers assess and reflect progress on the pathway to date with the goal of pulling forward the futures members are impatient to manifest. It’s OIX members that have got us to this place. A place where OIX is poised to make an even bigger positive impact to the many stakeholders it serves.
Many of you have heard me talk about the need for a registry of trusted identity systems and the vision for OIXnet over the last couple of years. Today I am proud to announce the launch of OIXnet at RSA 2015.
OIX has a global reputation for managing pragmatic pilots. So no surprise, this launch is a pilot in partnership with the OpenID Foundation whereby the Foundation is registering OpenID Connect certifications at OIXnet. Early adopters who have self certified and registered include Google, Microsoft, ForgeRock, Ping Identity, Nomura Research Institute, and PayPal. There will phases of adoption by other industry leaders who will join the program throughout 2015.
We announced in the OIXnet launch press release today that SAFE-BioPharma and SecureKey will be among the first trust framework providers (TFPs) to register their requirements and participants at OIXnet. We look forward to working with these two member organizations in getting their trust frameworks registered soon.
So why a registry? The OIXnet registry is designed to provide a comprehensive and authoritative location where documents and information relating to a specific purpose can be safely exposed to the marker. This transparency mechanism has the purpose of making available to others interoperability requirements that can be accessed by interested stakeholders seeking such information. Through registration, TFPs provide their business, legal and technical requirements to be registered through a neutral, non-profit, technology agnostic, multi tenant source. It provides a transparency and discovery mechanism for participants and users of identity systems to remove friction and build trust. Trust that results in higher volumes, velocity and variety of transactions.
So why OIXnet? One of the key value propositions of OIXnet is ‘disclosure’. OIXnet provides the visibility, transparency and understandability needed to enable trust among identity system participants. Two key words in that last sentence: ‘trust’ and ‘transparency’. Both are needed to ensure identity services success. As a colleague suggested in a recent exchange, “we need absolute trust in the transparency infrastructure”. OIXnet seeks to be a part of that ‘transparency infrastructure’.
I look forward to updating you on OIXnet momentum and adoption again soon.
In 2015, waves of disruption are coursing through the Internet identity ecosystem as standard development organizations, companies and governments look to bolster the security and privacy of the information they are charged with protecting.
Implementing the latest open standards is one of the many practical steps identity providers and relying parties can take now to secure the identities of people accessing websites and apps. Industry leaders like Google are adopting the OpenID Connect protocol and migrating away from OpenID 2.0 to enable better privacy controls and stronger authentication. Released last year, OpenID Connect helps website and application developers get out of the business of storing and managing passwords – especially in the face of the increasing attacks that have compromised the identities of hundreds of millions of people worldwide.
Google recently announced to its developer ecosystem that they should migrate to OpenID Connect by April 20, 2015, the deadline when OpenID 2.0 will no longer work for Google Accounts.
Along with Google, other OpenID Foundation members including Microsoft, Salesforce, Ping Identity, and ForgeRock as well as companies such as Amazon, are adopting and deploying OpenID Connect. This is a signal to organizations worldwide that the tide is turning in the fight against identity theft and cybercrime. OpenID Connect will increase the security of the whole Internet by putting the responsibility for user identity verification in the hands of the most expert service providers.
For questions and information on OpenID Connect please turn to the following resources:
Thanks to all who voted for those who will represent corporate members and the community at large on the OpenID Foundation Board of Directors. John Bradley and Mike Jones have been elected to two year terms and George Fletcher to a one year term.
The returning board members help ensure the leadership, continuity and deep technical expertise that is the lifeblood of the Foundation. Those reelected will join current sustaining board representatives: Pam Dingle of Ping Identity, Raj Mata of PayPal, Tony Nadalin of Microsoft, Roger Casals of Symantec, Tracy Hulver of Verizon, Dylan Casey of Yahoo!, Debbie Bucci of the US Department of Health and Human Services, Office of the National Coordinator and Adam Dawes of Google on the board.
Corporate Members of the OpenID Foundation elect a member to represent them on the OIDF board. All corporate members were eligible to nominate themselves, second the nominations of others, and vote for candidates. I am very pleased to announce the reelection of Torsten Lodderstedt of Deutsche Telekom as the Corporate member representative to the Board of Directors. In addition to his service on the Board, Torsten chairs the Mobile Profile for OpenID Connect WG. Torsten’s leadership in profiling OpenID Connect on the platform of choice, mobile, together with Deb Bucci’s focus on a particularly ‘wicked’ problem space, medical patient records permissioning demonstrates the importance of the work we have set out to do.
I am very pleased to announce a OpenID Foundation corporate member Nomura Research Institute, represented by Nat Sakimura, our long standing board Chairman, has stepped up its membership. Sustaining membership requires a significant financial and resource commitment. I am delighted that NRI’s increased investment and Nat’s global thought leadership continues to inform our work. Nat’s Chairmanship of the OpenID Foundation and liaison with OpenID Foundation Japan helps coordinate working groups with a vibrant community of developers in Asia.
There is a special place in heaven, or at least in the identity ecosystem, for those that lead by example.
Please join me in thanking all OpenID Foundation Board members for their leadership.
A few months ago the OpenID Foundation Board of Directors welcomed Deb Bucci as a colleague and representative of the US Office of the National Coordinator for Health Information Technology (ONC). The Board noted the important coincidence of the growing adoption of the OpenID Connect standard and the commitment of public and private sector organizations to OpenID Connect profiles that can accelerate progress on identity-related heath care challenges.That public and private collaboration is reflected the leadership of a new working group. Eve Mailer of Forgerock, OpenID Foundation member and industry opinion leader, has joined Deb as co chair of a new working group.
We are inviting interested parties in the public, private and academic sectors to join the first meeting of the Health Relationship Trust ( HEART) Working Group (WG) on January 12. The HEART WG is a collaboration of the MIT – KIT Consortium and the Open ID Foundation. The HEART WG will be looking at ways to harmonize and develop a set of privacy and security specifications that will help an individual control the authorization of access to RESTful health-related data sharing APIs and facilitate the development of interoperable implementations of these specifications.
The US ONC’s Office of Standards and Technology is supporting this effort joins the Foundation in encouraging the active participation of technical and policy subject matter experts from across the Health IT community. The initial work will focus on identifying/scoping/framing relevant use cases rather than delving into the technical details.
You can review the HEART Project Charter for more detailed information about the HEART WG. Additional Information about joining and registering for our mail list can be found here. Anyone can join the mailing list as a read-only recipient and attend the meetings.
The OpenID Foundation
The name is the thing. The name of this Open Identity Exchange White Paper, the “ARPU of Identity”, is deliberate. ARPU, Average Revenue Per User, is one metric telcos use to measure success. By deliberately using a traditional lens that telcos use, this paper puts emerging Internet identity markets into a pragmatic perspective. The focus of the white paper is on how mobile network operators (MNOs) and other telcos can become more involved in the identity ecosystem and thereby improve their average revenue per user, or ARPU. This perspective continues OIX’s “Economics of Identity” series, or as some call it the “how do we make money in identity” tour in the emerging Internet identity ecosystem. OIX commissioned a white paper reporting the first quantitative analysis of Internet identity market in the UK, where HMG Cabinet Office hosted workshops on the topic at KPMG’s headquarters in London and at the University of Washington’s Gates Center in Seattle.
The timing of this paper on business interoperability is coincidental with work groups in the OpenID Foundation developing the open standards that MNOs and other telco players will use to ensure technical interoperability. GSMA’s leadership with OIX on pilots in the UK Cabinet Office Identity Assurance Program and in the National Strategy on Trusted identity in Cyberspace offer opportunities to test both business and technical interoperability leveraging open standards built on OpenID Connect. The timing is the thing. The coincidence of white papers, workshops and pilots in the US, UK and Canada with leading MNOs provides a real-time opportunity for telcos to unlock their unique assets to increase ARPU and protect the security and privacy of their subscribers/citizen.
In my OpenID Foundation blog, I referenced Crossing the Chasm, where Geoffrey A. Moore argues there is a chasm between future interoperability that technology experts build into standards and the pragmatic expectations of the early majority. OIX White Papers, workshops and pilots help build the technology tools and governance rules needed for the interoperability to successfully cross the “chasm.”
Several OIX White Papers speak to the “supply side” how MNOs and others can become Identity Providers (IDPs), Attribute or Signal Providers in Internet identity markets. Our next OIX White Paper borrows an industry meme (and T-Shirt) for its title, “There’s No Party Like A Relying Party”. That paper speaks to the demand side. Relying Parties, (RPs) like banks, retailers and others rely on identity attributes and account signals to better serve and secure customers and their accounts rely on technical, business and legal interoperability.
By looking at the “flip sides” of supply and demand, OIX White Papers help us better understand the ARPU, the needs for privacy and security and the economics of identity.