[OpenID] Icam question at didw

John Bradley ve7jtb at ve7jtb.com
Wed Sep 16 23:39:17 UTC 2009 

You raise good points.

We are looking at ways that peoples existing auditors may be able to  
perform the function to keep costs down.

Certainly the OIDF is not looking at this to be a money maker.  But it  
also has little money.

I think you should take your use case to the certification committee  
of the board who are looking at those issues.

John B.
On 2009-09-16, at 7:30 PM, Peter Williams wrote:

> I think it would be useful to justify the cost for small, medium and
> large firms.
>
> Small means a firm with ~50 associates/employees. In realty, this as a
> typical independent brokerage. There are 2 or 3 in the averge size
> city. Annual revenue may be 10m (revenue, not transaction value). The
> trust network from that office accumulates year over year and will be
> typically be 10-20k "active" consumers in that local market.
>
> Medium size is ~250 associates in a several offices across town, and
> is probably part of a national franchise. Revenues per office will be
> 60-100m, but probably audit costs can be partially shared across the
> franchise. A large franchise will manage 10m identities, nationally.
>
> Then there are the existing governance structures who in aggregate are
> "big companies", with major budgets, and for whom $500k on it audits
> is normal and is par for the course (providing controls and tests from
> related audits (eg pci) can be reapplied). But if the audit tests the
> 800 leaves of the aggregation space (since realty operates like dod
> with "local" registration authorities) then 800 * 500k is just not
> sustainable. 800 * 200k a year  essentially becomes a privacy tax...
>
>
>
> On Sep 16, 2009, at 4:03 PM, "John Bradley" <ve7jtb at ve7jtb.com> wrote:
>
>> I can say that the OIDF shares the concern of keeping costs down for
>> small IdP.
>> That is why they are directly engaged in the process.
>>
>> The goal is to get everyone who can meet the certification
>> requirements certified.
>>
>> The foundation doesn't have the financial resources to make that free
>> however.
>>
>> If the membership has strong feelings about pricing models please
>> share them with the board.
>>
>> Nothing has been finalized yet.
>>
>> John B.
>>
>> On 2009-09-16, at 6:12 PM, Peter Williams wrote:
>>
>>>
>>> Here is the question I was going to ask the panel about trust
>>> frameworks for open govt ( at digital ID world conference, las  
>>> Vegas,
>>> today).
>>>
>>> (there was no time left for nobodies like me.)
>>>
>>> We know from the ssl world that even basic assurance audits cost
>>> about
>>> 500,000$ the first year, and 200,000$ thereafter. How will the
>>> program
>>> ensure that the very financial obligations do not eliminate small  
>>> and
>>> medium size companies from the new identity economy?
>>>
>>> If required, I was prepared to get specific, saying that our  
>>> industry
>>> of many SME companies has very high quality, very up to date
>>> attribute
>>> info on about 100 million consumers. But it's not obvious we can
>>> afford to play.
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> general mailing list
>>> general at lists.openid.net
>>> http://lists.openid.net/mailman/listinfo/openid-general
>>

More information about the general mailing list