[OpenID] Icam question at didw

Peter Williams pwilliams at rapattoni.com
Wed Sep 16 23:30:06 UTC 2009 

I think it would be useful to justify the cost for small, medium and
large firms.

Small means a firm with ~50 associates/employees. In realty, this as a
typical independent brokerage. There are 2 or 3 in the averge size
city. Annual revenue may be 10m (revenue, not transaction value). The
trust network from that office accumulates year over year and will be
typically be 10-20k "active" consumers in that local market.

Medium size is ~250 associates in a several offices across town, and
is probably part of a national franchise. Revenues per office will be
60-100m, but probably audit costs can be partially shared across the
franchise. A large franchise will manage 10m identities, nationally.

Then there are the existing governance structures who in aggregate are
"big companies", with major budgets, and for whom $500k on it audits
is normal and is par for the course (providing controls and tests from
related audits (eg pci) can be reapplied). But if the audit tests the
800 leaves of the aggregation space (since realty operates like dod
with "local" registration authorities) then 800 * 500k is just not
sustainable. 800 * 200k a year  essentially becomes a privacy tax...



On Sep 16, 2009, at 4:03 PM, "John Bradley" <ve7jtb at ve7jtb.com> wrote:

> I can say that the OIDF shares the concern of keeping costs down for
> small IdP.
> That is why they are directly engaged in the process.
>
> The goal is to get everyone who can meet the certification
> requirements certified.
>
> The foundation doesn't have the financial resources to make that free
> however.
>
> If the membership has strong feelings about pricing models please
> share them with the board.
>
> Nothing has been finalized yet.
>
> John B.
>
> On 2009-09-16, at 6:12 PM, Peter Williams wrote:
>
>>
>> Here is the question I was going to ask the panel about trust
>> frameworks for open govt ( at digital ID world conference, las Vegas,
>> today).
>>
>> (there was no time left for nobodies like me.)
>>
>> We know from the ssl world that even basic assurance audits cost
>> about
>> 500,000$ the first year, and 200,000$ thereafter. How will the
>> program
>> ensure that the very financial obligations do not eliminate small and
>> medium size companies from the new identity economy?
>>
>> If required, I was prepared to get specific, saying that our industry
>> of many SME companies has very high quality, very up to date
>> attribute
>> info on about 100 million consumers. But it's not obvious we can
>> afford to play.
>>
>>
>>
>>
>>
>> _______________________________________________
>> general mailing list
>> general at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-general
>

More information about the general mailing list