What is OIX?
The Open Identity Exchange (OIX) is a non-profit trade organization of market leaders from competing business sectors e.g. the internet (Google, PayPal, etc.), data aggregation (Equifax, Experian, etc.), and telecommunications (AT&T, Verizon, etc.) driving the expansion of existing online services and the adoption of new online products. OIX helps develop and certify trust frameworks: pre-negotiated sets of business, legal, and technical agreements that provide stakeholders with mutual assurance that their online transactions can be trusted. OIX members form a global center of excellence for the identity trust layer of online transactions sharing domain expertise, joint research, and pilot projects to test real world use cases.
Who is leading OIX?
OIX leadership is comprised of some of the premier product line managers and identity thought leaders in the industry. The Board of Directors includes Kennie Kwong, AT&T; Jeffrey Broberg, CA Technologies; Pat Mangiacotti, Equifax; Daniel Elvester, Experian; Eric Sachs, Google; Dennis Becker, LexisNexis Risk Solutions; Farhang Kassaei, PayPal; Paul Agbabian, Symantec; Paul Florack, Transaction Network Services; and Peter Tippett, Verizon. The Chairman of the OIX Board of Directors and Executive Director is Don Thibeau, who currently serves as the Executive Director of the OpenID Foundation.
What problem is OIX solving?
To effectively provide digital services, businesses and governments need to validate, verify, and authenticate identity in a cheap, reliable, repeatable manner. The rapid advancement of open identity technologies has created an interoperable technical platform to make this possible. While the technology exists for relying parties (such as an online retailer or government agency) to utilize third-party identity providers, the business and legal policies that set the rules for identity issues such digital transactions have lagged behind. Without clear agreements on the business, legal, and technical terms of a transaction, how can parties trust each other? OIX was formed to facilitate the development of the business and legal policies that match open identity technologies, thereby establishing trust among act actors—trust that will enable deeper deployments of existing services and rapid deployments of new online products.
How does OIX work to solve this problem?
To create greater trust in the identity layer of online transactions, OIX addresses the hardest issues head on. OIX taps the domain expertise of its leaders and members to engage in a business, legal, and technical policy “sandbox.” There they lead joint research and pilot/alpha programs that study and test pre-market solutions to impediments such as liability, payments, trustmarks, interoperability, and privacy.
But OIX goes beyond thought simply thought leadership to aggregate best practices—developed through papers and projects—to form internet-scale legal agreements for identity in online transactions: trust frameworks.
All this is something one company can do, but when done on a collect basis—with the most innovative names and brains in the industry—it is more cost effective, and hold and greater market impact. For an example, see how OIX members are collaborating to test identity verification and the elevation of authentication through the use of social media attributes in the Internet Life Verification Alpha Project.
What is a trust framework?
In digital identity systems, a trust framework is a pre-negotiated set of business, legal, and technical agreements that bind all stakeholders with mutual assurance that online transactions are reliable and repeatable.
What is an identity provider?
An identity provider is the website or service providing a security credential on behalf of the user (e.g. an email provider).
What is a relying party?
A relying party is the website or service that requires a security credential from the user (e.g. an online retailer).
What Open Identity Trust Frameworks are OIX now servicing?
The U.S. Government Identity, Credential, and Access Management (ICAM) was our first trust framework, developed in conjunction with the U.S. General Services Administration on behalf of the U.S. Chief Information Officer. The trust framework allow federal agency websites (e.g. National Institutes of Health and Library of Congress), to accept OpenID and Information Card credentials through OIX-certified identity service providers to meet the US ICAM LOA 1 trust framework. Additionally, OIX is developing a trust framework for the exchange of data for digital identity verification, management, and fraud prevention in the telecommunications sector (Telcom Data Trust Framework), and one for the exchange of online attributes (Online Attribute Exchange Trust Framework). OIX also hosts ConnectMe’s Respect Trust Framework, the American Psychological Association Publish Trust Framework, and the Mydex Trust Framework.
The latest trust framework initiative is being driven by OIX’s newest executive member, the United Kingdom Cabinet Office (CO), in order to create business, legal, and technical policies for identity authentication as it transitions public services online. The CO’s Identity Assurance Program (IDAP) and is tapping OIX members’ industry expertise to perform joint research and alpha projects to design and test its policies before forming the identity trust framework to service its “digital by default” charge.
Is OIX following an open market model approach?
Yes, the key challenge to providing identity assurance at Internet scale is removing the need for direct trust agreements between identity providers and relying parties. To solve this problem, the open identity community, led by members of the OpenID Foundation and Information Card Foundation, developed the Open Identity Trust Framework (OITF) model. This model “breaks apart” centralized control of certification into separate functions in order to create an open competitive market for each function.
What are the benefits of an open market model for identity assurance?
Open market models reward good market behavior in a virtuous cycle. Having trust frameworks, trust framework providers, identity providers, relying parties, and assessors competing directly with each other for business means:
Who should join OIX?
If you are a provider of identity services, a site that wants to consume identity credentials from certified providers, or a professional IT industry assessor/auditor, OIX is the market for you. In addition OIX welcomes governments, professional associations, non-profit networks, and other communities who want to develop their own trust frameworks.
What are the top benefits of OIX membership?
The top benefits exclusively available to OIX members are:
How can I join OIX?
Joining is easy, simply follow these instructions.
How much does it cost to become a member?
OIX’s two tiered member program – Executive and General (with a special pricing plan for government, academic and non-profit organizations) - encourages organizations of all sizes to participate, collaborate, and contribute to the success of our shared mission. Each tier has auditing, participation and/or leadership benefits commensurate with financial contribution. See the complete fee schedule.
Where can I get more information?
For more information please contact help [at] openidentityexchange [dot] org