THE CHALLENGES OF THIRD-PARTY IDENTITY CREDENTIALS & WHY A TRUSTED IDENTITY REGISTRY IS NEEDED

A Registry for Online TrustDon Thibeau

Chairman & President

© by Open Identity Exchange, 2014

A Registry for Online Trust

Four Problems Plague Trusted Transactions

…

… “Four Horsemen of the Identity Apocalypse”



• Governance systems that are transparent in the service of trusted transactions in the “zero-trust” internet ecosystem

• Liability is the legal enforcement and assignment of the duties of all actors in an identity system for the protection of all stakeholders

• Certification options that are responsive to the speed, scale and dynamism of the internet

• Adoption of a community of interest’s business, legal and technical interoperability requirements


Markets grow when there is trust between stakeholders, making transactions reliable and repeatable

Trusted identity systems need leverage

How do we leverage trusted identity systems?

Listings leverage identity data

Directories automate discovery

Exchanges grow markets

Registries build trust

Even dogs have registries!



There is no registry for trusted identity systems.



is building



Registries build trust



enable interoperability



increase the volume and velocity of trusted transactions



And accelerate market growth



How does it work?



OIXnet Pilot

Symantec providing a secure, trusted, scalable platform for conformance testing, self-certification and registration.

OIX announces the pilot of the OIXnet registry and the the first self-certifications of OpenID Connect.

Google, Microsoft, Ping Identity and salesforce to be the first to self-certify to the OpenID Connect standard and to be registered at the OIXnet pilot



Pilot Registration Flow

Registration Requirements

FAQ&

Terms of Service

Approve?

Registration Approval Package

YES

Registration Denial

NO

Information Needed “To Be Trusted”

COI’s are solely responsible for business, legal and technical

requirements

Information Needed “To Be Registered”

OIX is solely responsible for business, legal and technical

requirements

AC

CES

SLA

YER

GO

VER

NA

NC

ELA

YER

Manual/Automated Discovery

Pilot Phase: Listing Service -- Future: Automated Discovery



Building OIXnet

Testing Self-Certification and Registration Focusing on near-term, low cost, agile use-cases e.g. OpenID

Connect

Investing in legal research focused on liability in the OIXnet registry

model

Adapting Registry Models for OIXnet CA Browser Forum

Cloud Security Alliance Star Registry

U.S.-EU Safe Harbor

IDESG Trust Framework and Trustmark Committee

Liberty Alliance Project

Piloting Registry Business, Legal and Technical MechanismsPartnering with COI’s and e.g. OpenID Foundation and others

Partnering with industry, government and academic leaders



…“Four Horsemen of the Identity Apocalypse”

• Governance: the full transparency of all COI and OIX business, legal and technical requirements builds trust

• Liability: COI + OIXnet TOS agreements clearly assign and enforce all duties of all actors in an identity system

• Certification: self certification + registration responds to the speed, scale and dynamism of internet identity

• Adoption: OIXnet removes friction and speeds the discovery of a COI’s business, legal and technical requirements




Why OIX?



Global Cross-Sector Leadership

Data Aggregators

Enterprise

Technology

Consulting Services

Banking

Government

Telcos



Join OIX’s work to build trust in internet identity. Shape the future of trusted transactions online.

Don ThibeauChairman| Open Identity Exchange

[email protected]

THE CHALLENGES OF THIRD-PARTY IDENTITY CREDENTIALS & WHY A TRUSTED IDENTITY REGISTRY IS NEEDED

Software

Transcript of THE CHALLENGES OF THIRD-PARTY IDENTITY CREDENTIALS & WHY A TRUSTED IDENTITY REGISTRY IS NEEDED