[OpenID board] OIDF Executive Director's UPDATE: GovernmentAdoption of OpenID: Certification

Krall, Gary gkrall at verisign.com
Tue Nov 24 03:05:24 UTC 2009

I suppose one needs to hear the words to the deck to put things into their proper context.  That said what might be helpful is some definition of terms.  For example:
1)  What is a "trust framework provider"?  What is it's roles and responsibilities explicitly?  Who might be an example "providers"?
2)  Who are the "trust framework authorities"?  What are their roles and responsibilities explicitly?  Who might be example "authorities".
3)  Who are the "auditors and assessors"?  What are their roles and responsibilities?  Who might be examples?
The deck speaks to this somewhat at a high level but drilling down in these areas IMHO might provide some further clarification and insight.


From: openid-board-bounces at lists.openid.net on behalf of Don Thibeau (OIDF ED)
Sent: Mon 11/23/2009 4:00 AM
To: board at openid.net
Subject: [OpenID board] OIDF Executive Director's UPDATE: GovernmentAdoption of OpenID: Certification

This is to bring the OpenID Board up to date on the latest developments with our OpenID certification initiative. 


Since March of this year, the OpenID and the Information Card Foundations have collaborated on responding to US government identity standards adoption and certification requirements. In September 2009 the U.S. General Services Administration (GSA) established a Trust Framework Provider Adoption Process (TFPAP) <http://www.idmanagement.gov/documents/TrustFrameworkProviderAdoptionProcess.pdf>  as a key step to enable citizens to easily and safely engage with government websites.  The impact of our work with the government can be seen in the first set of deliverables at www.IDmanagement.gov <http://www.idmanagement.gov/> .  As a result of following the government's Identity Scheme Adoption Process (ISAP) and Trust Framework Provider Adoption Process (TFPAP) process; the OpenID and information Card profiles have been completed under the ISAP process.


Two weeks ago at the OpenID Summit and again at the Internet Identity Workshop (IIW), we asked the community at large to help design our approach, challenge our assumptions and focus our vision.  Immediately after IIW, the Boards of Directors of the OpenID Foundation and the Information Card Foundation agreed to form a "joint steering committee"  (JSC) to refine strategic goals, investigate operational alternatives, and guide deployment planning for what we have called the Open Identity Framework or OIF. The Steering Committee is composed of four representatives of companies that are members of both foundations and four community representatives including the Chairmen of both foundation boards.  The joint steering committee reviewed the request for information and weighed the tradeoffs of outsourcing versus those strategic (In-Sourced) program elements.  The JSC has fast tracked the process of choosing OIF development partners and expects a report in 30 days. The JSC plans to quickly report its findings and recommendations to the two boards to set a course of action by year's end. 


On behalf of the JCS, a request for information was sent today to Kantara, OASIS, Protiviti, InCommon, Global Inventures, and FuGen with an information copy to VeriSign.  This request for information has three objectives; to solicit informed collaboration, to identify a short list of potential partners and continue to evolve our thinking.  We attached supplemental materials to fully describe our plans.  The JSC selection criteria are likely to focus on cost efficiencies, execution synergies and compatible "business models."  Just as we have reached out to the community at IIW and future partners through the RFI.  We have also taken care to understand best practices in legal and policy interop. We are working with lawyers close to the ABA Federated Identity Legal Task Force at http://www.abanet.org/dch/committee.cfm?com=CL320041&edit=0 <http://www.abanet.org/dch/committee.cfm?com=CL320041&edit=0>   The policy aspects of certification importantly involve privacy and user protections. At the suggestion of the White House National Security Staff, we are soliciting legal and policy analysis from the Center from Democracy and Technology.  You may have an interest in their notes at http://cdt.org/policy/cdt-discusses-key-policies-issues-surrounding-user-centric-identity-management <http://cdt.org/policy/cdt-discusses-key-policies-issues-surrounding-user-centric-identity-management>   We are always mindful of the domain expertise and assets VeriSign has in this space. Nico Popp is a thought leader in this space and his blog post on this subject at http://blogs.verisign.com/innovation/ <http://blogs.verisign.com/innovation/> 


Our next public exposure of these concepts is at the National Institutes of Health (NIH) forum on "Identity and Trust: Enabling Collaboration in a Connected World" on December 10th, 2009. The purpose of this forum is to educate the NIH and government communities about federal-wide efforts to enable identity management to collaborate in new ways. We plan to make the case that open identity standards such as OpenID and Information Card will allow users-both within the government and in academia and the research community-to use a single set of credentials to access a variety of electronic resources at NIH and beyond. 

Board Action Items 


I have attached a PowerPoint that gives a high level look at the certification work in progress.  While the work of the Joint Steering Committee is in flight several other key activities are also underway.  The voting process for new community board members is of great importance. Brian Kissel has been leading a 2010 priorities survey and assembling a comprehensive IdP/OP Capabilities Matrix that give a first of its kind picture of this part of the identity ecosystem. The vote of the revised IPR Process Document has been restarted in order to increase member participation.  Have a great Thanksgiving. 


Don Thibeau

don at OIDF.org

Executive Director

The OpenID Foundation

http://openid.net <http://openid.net/> 



-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/ms-tnef
Size: 10109 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-board/attachments/20091123/cdcb9a2c/attachment.bin>

More information about the board mailing list