OIX is a community for all those involved in the ID sector to connect and collaborate, developing the guidance needed for inter-operable, trusted identities Through our definition of, and education on Trust Frameworks, we create the rules, tools and confidence that will allow every individual a trusted, universally accepted, identity.
Shortly after coming into office, the Obama administration asked the U.S. General Services Administration (GSA) how to leverage open identity technologies to allow the American public to more easily, efficiently, and safely interact with federal websites such as the National Institute of Health (NIH), the Social Security Administration (SSA), and the Internal Revenue Service (IRS). So, at the 2009 RSA Conference, the GSA sought to build a public/private partnership with the Open ID Foundation (OIDF) and the Information Card Foundation (ICF) in order to craft a workable identity information framework that would establish the legal and policy precedents needed to establish trust for Open ID transactions.
The partnership eventually developed a trust framework model. Further meetings were held at the Internet Identity Workshop in November 2009, which resulted in OIDF and ICF forming a Joint Steering Committee. The committee’s task was to study the best implementation options for the newly created framework.
The US Chief Information Officer recommended the formation of a non-profit corporation, the Open Identity Exchange (OIX). In January 2010, the OIDF and ICF approved grants to fund the creation of the Open Identity Exchange. OIX was the first trust framework provider certified by the US Government. Booz Allen Hamilton, CA Technologies, Equifax, Google, PayPal, Verisign, and Verizon, all members of either OIDF and ICF, agreed to become founding members of OIX.
The Open Identity Exchange was formed in 2010 and addressed the increasing challenges of building trust in online identity:
Relying Parties must be able to trust that the Identity Provider is providing accurate data
Identity Providers must be able to trust that the Relying Party is legitimate (i.e. not a hacker, phisher, etc.)
Direct RP-to-IDP trust agreements are a common solution, but are impossible to manage at Internet scale