OIX Technology

OIX is the first of a new type of utility referred to as a “meta-federation”.  This is the intersection of prior closed single protocol federations that operate on a single set of operational rules, and the needs and scalability requirements of the Internet community.   

OIX will operate a Global service acting as a trust root for multiple Trust Frameworks operating across multiple protocols, containing both certification and operational information.

OIX also needs administrative systems for tracking the details of certifications performed against the various trust frameworks.  This is separate from the operational information, but is used to verify the certifications published by the operational meta-data system.

Both the Operational and Administrative systems require both API access as well as Public Web interfaces in a more human friendly form.

OIX will also need to be the aggregator and verifier of information form other Federations like FICAM so that our members and subscribers have a single source of trusted information about RP and IdP participating in supported trust frameworks administered by federation partners like FICAM , InCommon and others.

OIX is participating with InCommon, Kantara, Kalmar 2, and other federations on standards for Data interchange in the "Federation Interoperability Work Group"

The infrastructure to allow the various IDP and RP to access and maintain there respective information needs to be more secure than the identity information that the individual IdP are asserting.

The Operational Meta-Data needs to contain:

  • Certification information for the various trust Frameworks.
  • Information for constructing RP Discovery UI/NASCAR
  • IdP Icons
  • IdP privacy & Terms of service links
  • IdP friendly name.
  • General Contact information for tech support.
  • Information specific to each protocol:
  • Protocol Endpoints
  • Encryption, and signing keys(if required)
  • Information about supported attributes (if supported)

The API for retrieving this needs to be more granular than just returning one aggregate file.

A requestor should be able to ask for the information for a single Entity or an aggregation of all of the IdP supporting ICAM LoA 2 for a particular protocol.

Several formats for distribution may be required to allow the individual protocols to easily consume the trust information.  The protocol specific formats may be protocol specific JSON retrieved from a SSL endpoint for LoA 1 openID where information exchanged between Federation operators will likely be securely signed XML.

These information systems will be the source of info working groups needing to operationalize certification and trust frameworks
 

About John Bradley
John Bradley is a Identity Domain expert in the Alexandria, VA office of Protiviti Government Services. He is an experienced IT professional with a diverse background. Most recently, John has been co-authoring the ICAM protocol profiles at Protiviti Government Services. He has also been coordinating interoperability testing on the profiles with OASIS and Trust Framework partners from industry.  John provides leadership at OASIS as a elected steering committee member for the Identity member section.  He has contributed to SAML, openID, Information Card (IMI), XRI and other identity standards.  As the Co-Chair of OSIS he has both developed testing infrastructure and co-coordinated interoperability testing amongst all the major vendors participating in openID and Information Cards.  He was co-founder and CTO of Group Telecom, a National CLEC in Canada. He has also been a principal in a number a number startup Identity companies.

OIX Newsletter Sign Up