OIX Update (1A2)

OIX and Related Collaborations Update (1A#2)

Convener: Don Thibeau

Notes-taker(s): Ross Foard

Tags for the session - technology discussed/ideas considered:

Public-Private collaboration within and beyond US, Oasis, OpenID, etc.

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

Relationship of Public-Private partnerships outside of the US

Don wants to give a broad perspective

Protocol layer

Increasingly merging different identity solution sets

Merging value proposition of physical device to accelerate broader adoption

Personal Data Store

Often gets instantiated in a given protocol

Important to consider from an eco-system perspective

Oasis Trust elevation working group

Whether formally in LOA 1-4 or less formally

Inventory of best practices

Specific use cases

How are attributes verified and exchanged

As part of risk management perspective

Mary Ruddy is leader of that effort and BOA

How do we engage user in trust management

We are seeing true experimentation in the ecosystem

What difference does it make when we engage the user in the process

ABA IDM Workshop has been referenced

Terms of reference are being defined in new and more specific ways

We are seeing the notion of identity being unpacked in terms of attributes and the adoption of attribute exchanges participating in specifying the contest of the identity and the trust associated with that identity

Outside the government space there is a concurrent engineering effort regarding the trust framework of Open Identithy Exchange federations

Engineer requirements of business, technology and legal levels to put this in the context of a trust framework

OpinID data web is open to all

The final product is going to be open to all

Take for instance the telephone number

How to monetize, inter-operate one's telephone number

In the Google and Verizon attribute exchange pilot, they are seeing how AttX pilots at the same time that the NSTIC pilots are going on. People that are responding to J. Grants grants can have things informed by the attribute exchange pilots. There is a deliberate but separate

Interoperability and Trust frameworks

Top down and bottom up merger in 2012

Watching that space between the two and how they converge

Trust framework working group

Set up requirements for certification

Can look at the attributes and add them to the trust framework

Comment

COPA is already certifying practices to comply with regulations, but organizations are not certifying the certifying organizations

Lessons can be learned from COPA and suggest changes that need to be made

There are a lot of action forcing events

There are a number of attribute models that apply to specific industries and specific use cases

We want to loog at the larger

Kaliya showed the identity framework and working group eco-system diagram

She also showed evolution of Identity Community