Creating a new trust framework
Google, PayPal, Equifax, VeriSign, Verizon, CA, and Booz Allen Hamilton announced the formation of the Open Identity Exchange (OIX), a non-profit organization dedicated to building trust in the exchange of online identity credentials across public and private sectors. With initial grants from the OpenID (OIDF) and Information Card Foundation (ICF), OIX has been approved as a trust framework provider by the United States Government to certify online identity management providers to U.S. federal standards for identity assurance.
Trust frameworks are a new way for one site to trust the identity, security, and privacy assurances from another site (the “identity provider”) acting on behalf of a user. Google, Paypal, and Equifax are the first three identity providers certified by OIX to issue digital identity credentials that will be accepted for privacy-protected registration and login at U.S. government websites. Verizon is currently in the certification process and is expected to be completed shortly.
The National Institutes of Health (NIH) is the first government website accepting these credentials, including OpenID and Information Card logins. Citizens can use open identity technologies to support a number of online services across websites, including customized library searches, access to training resources, conference registration, and medical research wikis, with strong privacy protections, all designed to ensure accessible and transparent communication between the government agency and U.S. citizens.
“OIX grew out of a public/private industry partnership initiated by the U.S. government at this conference last year,” said Don Thibeau, OIDF Executive Director and OIX Board Chair. “OpenID and Information Card technologies can solve the technical problem of using identity credentials across different websites, but can’t solve the problem of how those credentials can be trusted at different levels of assurance. OIX is a solution to this problem not just for the U.S. government, but for many different governments, industry alliances, non-profit associations, telcos, academic networks, and others all over the world who need to establish trust across a wide online population.”
The first official OIX trust framework meets the requirements set forth by the U.S. Identity, Credential, and Access Management (ICAM) Trust Framework Provider Adoption Process (TFPAP) established by the U.S. General Services Administration (GSA). This trust framework will enable the American public to participate in open, transparent and participatory government while maintaining full control of how much or how little personal information they share with federal websites at all times. “OIX means there is now a safe way to use an OpenID or an Information Card to register and login at any number of federal websites without needing a new username and password for each,” said Drummond Reed, ICF Executive Director and Acting Executive Director of OIX. “As we roll out progressively stronger levels of certification, this will empower U.S. citizens to access and mange their tax records, Social Security records, veteran’s benefits, and many other government services online.”
The OIX is currently working on development of trust frameworks for public media, telecommunications, library services, state and local governments, and professional associations. “We look forward to facilitating trusted transactions throughout the government and eventually Internet channels,” said Thibeau. “True trust requires the participation of a broad community so we are engaging industry, government, legal and academia leaders in how best to resolve challenges in usability, security and privacy.”
“Digital trust should originate from the location where it naturally occurs, be it my municipality to validate my residency, my professional affiliations, my educational institutions, my family affiliations, my religious affiliations, etc.,” said Hal Warren, President of the OpenID Society, a chapter of the OIDF. “This requires a complex multi-faceted framework through which trusted claims can be transmitted and validated. This is the objective of the OIX. ‘Simplicity is complexity well done’.”