Open Identity Exchange OIX

The Open Identity Exchange (OIX) is a technology agnostic, non-profit trade organisation of leaders from competing business sectors focused on building the volume and velocity of trusted transactions online. OIX enables members to expand existing identity services and serve adjacent markets. Members advance their market position through joint research and engaging in pilot projects to test real world use cases. The results of these efforts are published via OIX white papers and shared publicly via OIX workshops. OIX members work together to jointly fund and  participate in pilot projects (sometimes referred to as alpha projects). These pilots test business, legal, and/or technical concepts or theory and their interoperability in real world use cases. OIX operates the OIXnet trust registry, a global, authoritative registry of business, legal and technical requirements needed to ensure market adoption and global interoperability.

OIX Vision and Mission

OIX’s vision is to be the catalyst for secure, privacy enhancing, globally interoperable, digital identities, for every entity in the UK

OIX’s Mission:

  • is to be the leading industry body driving the digital identity industry. Member led we will provide a neutral collaborative environment, bringing members and wider stakeholders together, and through collective action accelerating the adoption of digital identity services faster.
  • is to be a centre for excellence. Through experimentation and implementation, testing technical, commercial and legal innovations that align to open interoperable standards across the UK and Europe, for citizens and organisations, in order to understand and demonstrate the tangible value of the identity services market
The OIX Board represents leaders in online identity in the internet, telecom and data aggregation industries concerned with both market expansion and information security.
The OIX Board meets regularly with government leaders in the White House at the invitation of Howard Schmidt,Special Assistant to the President & White House Cybersecurity Coordinator to discuss the public -private partnership envisioned in the National Strategy for Trusted Identity in Cyberspace (NSTIC).
OIX has established a credibility among industry, government, and public advocacy communities through its publication of policy and legal research, its sponsorship of a series of conferences, and a comprehensive and forward thinking response to the NSTIC NOI.
Shortly after coming into office, the Obama administration asked the U.S. General Services Administration (GSA) how to leverage open identity technologies to allow the American public to more easily, efficiently, and safely interact with federal websites such as the National Institute of Health (NIH), the Social Security Administration (SSA), and the Internal Revenue Service (IRS). So, at the 2009 RSA Conference, the GSA sought to build a public/private partnership with the Open ID Foundation (OIDF) and the Information Card Foundation (ICF) in order to craft a workable identity information framework that would establish the legal and policy precedents needed to establish trust for Open ID transactions.

The partnership eventually developed a trust framework model. Further meetings were held at the Internet Identity Workshop in November 2009, which resulted in OIDF and ICF forming a Joint Steering Committee. The committee’s task was to study the best implementation options for the newly created framework.

The US Chief Information Officer recommended the formation of a non-profit corporation, the Open Identity Exchange (OIX). In January 2010, the OIDF and ICF approved grants to fund the creation of the Open Identity Exchange. OIX was the first trust framework provider certified by the US Government. Booz Allen HamiltonCA TechnologiesEquifaxGooglePayPalVerisign, and Verizon, all members of either OIDF and ICF, agreed to become founding members of OIX.

The Open Identity Exchange was formed in 2010 and addressed the increasing challenges of building trust in online identity:

  • Relying Parties must be able to trust that the Identity Provider is providing accurate data
  • Identity Providers must be able to trust that the Relying Party is legitimate (i.e. not a hacker, phisher, etc.)
  • Direct RP-to-IDP trust agreements are a common solution, but are impossible to manage at Internet scale

_df l oix l circle graphic v3