Int'l Presence of OpenID

Issue/Topic: International Presence of OpenID (Strategy Session)

Session: Wednesday 2H

Conference: IIW-11 November 2-4, Mountain View, Complete Notes Page

Convener: Henrik, Sha-Mayn The, Nat Sakimura

Notes-taker(s):

Tags: 

Discussion notes:

Goal is to discuss the state of OpenID in Europe and Asia and brainstorm strategy of pushing OpenId in the region.

Note from OpenID foundation director: join the foundation and vote so that OpenID can do something for your region.

Background of the EU situation:
 * Nov 1 German eID
 * July 1 Denmark OCES II
 * (2008) Belgian
 * 2011 Poland
 * 2010/9 wp.pl becomes OpenID provider (largest portal in poland)

Denmark
 * Banking - 2 factor login: user/password/number on the card (150 numbers at a time)
 * tax office is an IDP
 * private identity vs government identity

Germany
 * state-sponsored identity poofing
 * privatized postal service also does manual identity verification
 * Microsoft working closely with German govt as a testbed

In Europe, notion of level of assurance is not well known.
 * Holland has trust framework with 3-4 IDPs and brokers
 * Certified providers not necessarily state-owned
 * Belgium is an exception where government provides credentials

For China
 * state already knows who you are?
 * mainly social networks enabling federated login e.g. tencent (qq), renren. also e-commerce: taobao (IDP), 360buy.com (RP)
 * telcos interested but haven't found the business value
 * a general strategy is to implement OpenID in open source products (most Chinese sites use open source)
 * but need more big IDPs to get big sites interested in becoming RPs. Action item: get AOL, Yahoo, Google etc to write a white paper of why/how it's good to be an IDP

Japan
 * trust framework - Japanese govt just recently published public docs about the need for a trust framework
 * IDPs: docomo/kddi
 * identity proofing by private companies e.g. Yahoo Auctions does door-to-door identity verification.