The Open Identity Exchange played host to nearly 40 leading industry actors and government officials responsible for implementing identity assurance in the US, UK, Canada, Denmark, Mexico, and New Zealand Thursday morning at the first OIX-O5 Summit on Public-Private Partnerships in Internet Identity.
Our roundtable discussion paired government officials with their private sector partners in pilot/alpha projects and/or procurements as they explained the successes, stumbling blocks, and solutions to debunking the common barriers to action for large-scale identity system deployment—“The Four Horsemen of the Identity Apocalypse”—including: interoperability, business models, user experience, and liability. It is the anticipatory fear of these risks that can paralyze online identity deployments in a pre-market state. Panelists described the progress being made to overcome these barriers such as the NSTIC Attribute Exchange Pilot (business models and user experience), the UK Internet Life Verification Alpha (user experience and interoperability), and the Government of Canada’s Cyber Authentication “triple-blind” assurance (liability).
The session provided OIX members and other private sector leaders an opportunity to leverage the discussions government leaders had engaged in during the two proceeding days of government-only to answer some of the most pressing topics they encounter in partnering with the public sector in this emerging market.
Through the juxtaposition of each national initiative, it became apparent that we uncovered a paradoxical consequence; the more successful and enmeshed a program becomes in a given country, the more problematic cross-jurisdictional collaboration may become. We live and operate in a “post geographic” world, yet policies governing internet-scale systems are developed by political jurisdictions—often with a trustmark to signify to citizens accredited products and services. It doesn’t take much to imagine a not too distant future where each government deploys unique internet identity trustmark regime, diluting the efficacy of the brand for globalized citizens and missing the opportunity of providing a mutual recognition model for companies producing internet-scale products and services.
The OIX is just one voice of many stakeholders; it is a voice for companies big and small that must find ways to relate to each jurisdictions new identity deployments. When we reconvene in London, OIX plans to provide its joint research and analysis on this topic of mutual recognition of trustmarks to help all involved work through this paradox. OIX members have to live with the results of whatever regimes may take hold. As such, we take a very pragmatic approach.
Next OIX-O5 Summit
Plans are in the works for the second OIX-O5 Public Private Partnership Summit to be held in London in October. There we expect to: 1) report on the progress of the current wave of pilot/alpha programs; 2) discuss the continued deployment of hub/broker/framework systems and the models behind them; and 3) delve into how to advance the achievement of user-friendly, interoperable trustmarks for identity system assurance. It will also be an opportunity to share learning from the matured set of OIX White Papers on Identity System Liability currently in the pipeline.
As Andre Boysen of SecureKey put it: “we carry a public-private partnership around with us every day in our wallet”. We look forward to watching how our “wallet” of public-private partnerships grow richer with information sharing, use case demonstration, and deployments before OIX-O5 meets again.
View the introductory OIX presentation here.
List of Panelists:
Introduction and Overview
- Don Thibeau | Founder & Chairman, The Open Identity Exchange
US: NSTIC Pilot Program: Team Criterion Attribute Exchange Pilot
- Jeremy Grant | Senior Executive Advisor for Identity Management, US National Institute of Standards and Technology
- Dave Coxe | Co-Founder of Criterion, CEO of ID/Dataweb, Co-Chair of OIX Attribute Exchange Working Group
UK: Identity Assurance Programme (IDAP) Alpha Projects & Identity Steering Group (IDSG)
- Christopher Ferguson | Deputy Director, Government Digital Service, UK Cabinet Office
- Peter Graham | Senior Solutions Architect, Verizon Identity Solutions
- Stephen Ufford | CEO | Trulioo
Canada: The Credential Broker Service (CBS) of the Government of Canada’s Cyber Authentication Initiative
- Ken Dagg | Senior Project Co-ordinator, Security and Identity Management, Chief Information Officer Branch, Treasury Board of Canada Secretariat
- Tim Bouma | Senior Analyst, Cyber Authentication and Federating Identity Initiative, Chief Information Officer Branch, Treasury Board of Canada Secretariat
- Ian Bailey | Executive Director & Chief Information Security Officer, Office of Chief Information Officer, Canada Ministry of Citizens’ Services and Open Government
- Andre Boysen | EVP, Digital Identity & Authentication, SecureKey Technologies