Foundation Foundation The Rotary 2007-2008 OUR ROTARY FOUNDATION.
The Open Identity Framework Don Thibeau, Executive Director, OpenID Foundation (OIDF) Drummond Reed,...
-
Upload
shon-barker -
Category
Documents
-
view
216 -
download
0
Transcript of The Open Identity Framework Don Thibeau, Executive Director, OpenID Foundation (OIDF) Drummond Reed,...
![Page 1: The Open Identity Framework Don Thibeau, Executive Director, OpenID Foundation (OIDF) Drummond Reed, Executive Director, Information Card Foundation (ICF)](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649e545503460f94b4a437/html5/thumbnails/1.jpg)
The Open Identity FrameworkThe Open Identity FrameworkThe Open Identity FrameworkThe Open Identity Framework
Don Thibeau,Executive Director, OpenID Foundation (OIDF)
Drummond Reed,Executive Director, Information Card Foundation (ICF)
V2 2009-12-06
![Page 2: The Open Identity Framework Don Thibeau, Executive Director, OpenID Foundation (OIDF) Drummond Reed, Executive Director, Information Card Foundation (ICF)](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649e545503460f94b4a437/html5/thumbnails/2.jpg)
2
OverviewOverviewOverviewOverview
• This presentation introduces the Open Identity Framework, a new open source model for trust frameworks created by the OIDF & ICF
• It covers:– Why such a model is needed– What principles underlie its design– How the model works– How it will drive adoption of open identity– What next steps the foundations are taking
![Page 3: The Open Identity Framework Don Thibeau, Executive Director, OpenID Foundation (OIDF) Drummond Reed, Executive Director, Information Card Foundation (ICF)](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649e545503460f94b4a437/html5/thumbnails/3.jpg)
Third-party identity managementThird-party identity managementThird-party identity managementThird-party identity management
• Both OpenID and Information Cards address the need for Internet-scale digital identity management
• Both solve the problem using a third party to assist end-users in identity transactions– Called an “identity service provider” (also “identity provider”,
“IdP”, “IP”, “OP”)
• This sets up the following “trust triangle” for Internet identity transactions
3
![Page 4: The Open Identity Framework Don Thibeau, Executive Director, OpenID Foundation (OIDF) Drummond Reed, Executive Director, Information Card Foundation (ICF)](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649e545503460f94b4a437/html5/thumbnails/4.jpg)
4
identityserviceprovider
relyingparty
user
Terms of Service (TOS) agreement
Terms of Service (TOS) agreement
Optional direct trust agreement
The “trust triangle”The “trust triangle”The “trust triangle”The “trust triangle”
![Page 5: The Open Identity Framework Don Thibeau, Executive Director, OpenID Foundation (OIDF) Drummond Reed, Executive Director, Information Card Foundation (ICF)](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649e545503460f94b4a437/html5/thumbnails/5.jpg)
5
The trust problemThe trust problemThe trust problemThe trust problem
• The user has a direct trust relationship with both the identity service provider and the relying party
• The problem is: how can the identity service provider and relying party trust each other?
• This problem is especially acute:– At Internet scale, where identity service providers and relying
parties may not have any pre-existing relationship– With high-value data– With high-assurance transactions
![Page 6: The Open Identity Framework Don Thibeau, Executive Director, OpenID Foundation (OIDF) Drummond Reed, Executive Director, Information Card Foundation (ICF)](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649e545503460f94b4a437/html5/thumbnails/6.jpg)
Direct trust agreements Direct trust agreements do not scaledo not scale
Direct trust agreements Direct trust agreements do not scaledo not scale
• Direct trust agreements are common when an identity service provider and a relying party are close business partners– Airlines and rental car companies
• They do not scale to large networks, e.g., credit card networks, ATM networks– Requires n2 trust agreements
• The solution is often a trust framework– A shared set of policies and agreements
6
![Page 7: The Open Identity Framework Don Thibeau, Executive Director, OpenID Foundation (OIDF) Drummond Reed, Executive Director, Information Card Foundation (ICF)](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649e545503460f94b4a437/html5/thumbnails/7.jpg)
7
A trust framework “umbrella”A trust framework “umbrella”A trust framework “umbrella”A trust framework “umbrella”
TrustFramework
Trust Community
identityserviceprovider relying
party
user
![Page 8: The Open Identity Framework Don Thibeau, Executive Director, OpenID Foundation (OIDF) Drummond Reed, Executive Director, Information Card Foundation (ICF)](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649e545503460f94b4a437/html5/thumbnails/8.jpg)
8
Trust framework providersTrust framework providersTrust framework providersTrust framework providers
• Other industries (credit cards, ATMs) have created global trust frameworks
• They each use a shared trust framework provider– Visa, Mastercard, AMEX– Cirrus, PLUS
• The same model can be used for identity
![Page 9: The Open Identity Framework Don Thibeau, Executive Director, OpenID Foundation (OIDF) Drummond Reed, Executive Director, Information Card Foundation (ICF)](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649e545503460f94b4a437/html5/thumbnails/9.jpg)
A trust framework for identityA trust framework for identityA trust framework for identityA trust framework for identity
9
Trust framework agreements
TOS agreements
Trust Framework Provider(TFP)
Trust Community(source of a trust framework)
assessors& auditors
disputeresolvers
identityserviceprovider
relyingparty
user
![Page 10: The Open Identity Framework Don Thibeau, Executive Director, OpenID Foundation (OIDF) Drummond Reed, Executive Director, Information Card Foundation (ICF)](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649e545503460f94b4a437/html5/thumbnails/10.jpg)
Example #1: the US ICAM trust Example #1: the US ICAM trust frameworkframework
Example #1: the US ICAM trust Example #1: the US ICAM trust frameworkframework
10
Trust Framework Provider
US GSA
Private-sector identity providers
US government websites
assessors& auditors
disputeresolvers
user
![Page 11: The Open Identity Framework Don Thibeau, Executive Director, OpenID Foundation (OIDF) Drummond Reed, Executive Director, Information Card Foundation (ICF)](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649e545503460f94b4a437/html5/thumbnails/11.jpg)
US GSA
Example #2: the OpenID Society Example #2: the OpenID Society trust frameworktrust framework
Example #2: the OpenID Society Example #2: the OpenID Society trust frameworktrust framework
11
Trust Framework Provider
??
user
Professionalassociations
Academicpublishersassessors
& auditorsdispute
resolvers
![Page 12: The Open Identity Framework Don Thibeau, Executive Director, OpenID Foundation (OIDF) Drummond Reed, Executive Director, Information Card Foundation (ICF)](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649e545503460f94b4a437/html5/thumbnails/12.jpg)
12
Websites forPBS shows
Example #3: the PBS trust frameworkExample #3: the PBS trust frameworkExample #3: the PBS trust frameworkExample #3: the PBS trust framework
Trust Framework Provider
US GSA
user
PBS affiliatestations
assessors& auditors
disputeresolvers
![Page 13: The Open Identity Framework Don Thibeau, Executive Director, OpenID Foundation (OIDF) Drummond Reed, Executive Director, Information Card Foundation (ICF)](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649e545503460f94b4a437/html5/thumbnails/13.jpg)
13
The Open Identity FrameworkThe Open Identity FrameworkThe Open Identity FrameworkThe Open Identity Framework
• This model is an Internet-scale, open source trust framework model for identity
• It is a meta-framework where each trust community can specify the requirements of their own trust framework
• This approach leverages market forces to:– Drive adoption– Drive convergence of specifications for LOA– Introduce specifications for LOP (Levels of Protection)– Engage market pricing for services from assessors, auditors,
and dispute resolution service providers
![Page 14: The Open Identity Framework Don Thibeau, Executive Director, OpenID Foundation (OIDF) Drummond Reed, Executive Director, Information Card Foundation (ICF)](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649e545503460f94b4a437/html5/thumbnails/14.jpg)
The Open Identity The Open Identity Framework ModelFramework ModelThe Open Identity The Open Identity Framework ModelFramework Model
14
Trust framework agreements
TOS agreements
OIF Trust Framework ProviderIdentityservice
providers relyingparties
Trust Community
3322
assessors& auditors
44
disputeresolvers
55
Trust Community Trust Community
user
1111 11
![Page 15: The Open Identity Framework Don Thibeau, Executive Director, OpenID Foundation (OIDF) Drummond Reed, Executive Director, Information Card Foundation (ICF)](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649e545503460f94b4a437/html5/thumbnails/15.jpg)
15
Range of OIF certification optionsRange of OIF certification optionsRange of OIF certification optionsRange of OIF certification options
Self-certification
Third-party
certification
Policymatching Technical
interoperability
![Page 16: The Open Identity Framework Don Thibeau, Executive Director, OpenID Foundation (OIDF) Drummond Reed, Executive Director, Information Card Foundation (ICF)](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649e545503460f94b4a437/html5/thumbnails/16.jpg)
OIF technical interoperability OIF technical interoperability OIF technical interoperability OIF technical interoperability
16
Third-party certificationSelf-certification
identityservice
providers
Technical CertificationListings
Technical CertificationListings
OIF Trust Framework Provider
trust communities
relyingparties
assessors& auditors
assessors& auditors
Technical InteropRequirements
![Page 17: The Open Identity Framework Don Thibeau, Executive Director, OpenID Foundation (OIDF) Drummond Reed, Executive Director, Information Card Foundation (ICF)](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649e545503460f94b4a437/html5/thumbnails/17.jpg)
OIF policy matching OIF policy matching OIF policy matching OIF policy matching
17
identityservice
providers
Technical CertificationListings
Technical CertificationListings
OIF Trust Framework Provider
Policy CertificationListings
Policy CertificationListings
relyingparties
assessors& auditors
assessors& auditors
trust communities
Policy MatchingRequirements
Third-party certificationSelf-certification
![Page 18: The Open Identity Framework Don Thibeau, Executive Director, OpenID Foundation (OIDF) Drummond Reed, Executive Director, Information Card Foundation (ICF)](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649e545503460f94b4a437/html5/thumbnails/18.jpg)
18
Why will the OIF drive adoption?Why will the OIF drive adoption?Why will the OIF drive adoption?Why will the OIF drive adoption?
1. Efficiency
2. Openness/Transparency
3. Credibility/Accountability
4. Improved user experience
![Page 19: The Open Identity Framework Don Thibeau, Executive Director, OpenID Foundation (OIDF) Drummond Reed, Executive Director, Information Card Foundation (ICF)](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649e545503460f94b4a437/html5/thumbnails/19.jpg)
19
EfficiencyEfficiencyEfficiencyEfficiency
• The OIF makes it easy for anyone of any size to ensure technical interop or policy matching with their choice of profiles
• Eliminates the n-squared problem of multi-lateral interop or trust agreements
• Grows the market for everyone– The “network effect for trust”
![Page 20: The Open Identity Framework Don Thibeau, Executive Director, OpenID Foundation (OIDF) Drummond Reed, Executive Director, Information Card Foundation (ICF)](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649e545503460f94b4a437/html5/thumbnails/20.jpg)
20
Openness/TransparencyOpenness/TransparencyOpenness/TransparencyOpenness/Transparency
• Properly implemented, the OIF provides an open, transparent process for trusted identity transactions– Both within and between trust communities
• Helps protect participants from collusion or anti-trust concerns
• Anticipates cross-border data protection issues
![Page 21: The Open Identity Framework Don Thibeau, Executive Director, OpenID Foundation (OIDF) Drummond Reed, Executive Director, Information Card Foundation (ICF)](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649e545503460f94b4a437/html5/thumbnails/21.jpg)
21
Credibility/AccountabilityCredibility/AccountabilityCredibility/AccountabilityCredibility/Accountability
• Each participant (trust community, identity service provider, relying party, assessor, auditor, dispute resolver) reinforces the credibility of the entire ecosystem
• Mutual accountability of all participants• Enhanced by government participation
– Governments serve as the initial “trust anchors”
![Page 22: The Open Identity Framework Don Thibeau, Executive Director, OpenID Foundation (OIDF) Drummond Reed, Executive Director, Information Card Foundation (ICF)](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649e545503460f94b4a437/html5/thumbnails/22.jpg)
22
User experience improvementsUser experience improvementsUser experience improvementsUser experience improvements
• Increased interoperability of Internet identity across websites
• More consistent ceremony leads to lower login or transaction abandonment at relying parties
• Consistent trust mark raises user confidence
![Page 23: The Open Identity Framework Don Thibeau, Executive Director, OpenID Foundation (OIDF) Drummond Reed, Executive Director, Information Card Foundation (ICF)](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649e545503460f94b4a437/html5/thumbnails/23.jpg)
Thank youThank youThank youThank you
• We look forward to working with you– [email protected]– [email protected]
23