The U.S. Government ICAM Trust Framework

The first OIX trust framework was developed in conjunction with the U.S. General Services Administration (GSA) on behalf of the Identity, Credential, and Access Management (ICAM) subcommittee of the U.S. CIO Council. Designed to meet the first of the four LOAs defined by the ICAM Trust Framework Provider Adoption Process (TFPAP), the OIX US ICAM LOA 1 trust framework was approved by ICAM on 15 February 2010 and went operational on 3 March 2010.

As the introduction to the TFPAP explains:

To support E-Government activities, Identity, Credential, and Access Management (ICAM) aims to leverage industry-based credentials that citizens already have for other purposes. In order to ensure these credentials are trustworthy, the government requires a mechanism to assess these credentialing processes against federal requirements as codified by Office of Management and Budget (OMB), National Institute of Standards and Technology (NIST), and General Services Administration (GSA)… This approach enables a scalable model for extending identity assurance across a broad range of citizen and business needs.

In short, the US ICAM LOA 1 trust framework enables U.S. federal agency websites, such as the National Institute of Health (NIH), the National Library of Medicine (NLM), and the Library of Congress (LOC), to begin accepting OpenID and Information Card credentials from OIX certified private-industry providers.

On July 27, 2010, OIX announced formation of the US ICAM Trust Framework Working Group to extend the OIX US ICAM Trust Framework specification to LOA 2 and Non-PKI 3. The output of this Working Group, which will be submitted to the ICAM Trust Framework Evaluation Team, is expected in early fall.

OIX Newsletter Sign Up