User:Brfritsch2013/sandbox

The Open Identity Exchange (OIX) is a non-profit trade organization focused on internet identity solutions. OIX includes a membership of industry players representing a cross-section of private and public sectors e.g. the internet (Google, PayPal, etc.), data aggregation (Equifax, Experian, etc.), telecommunications (AT&T, Verizon, etc.) and government (UK Cabinet Office). The OIX's goal is to enable the expansion of online services and adoption of new online products through the development and registration of trust frameworks and sharing of domain expertise, joint research and pilot projects to test real-world use cases. OIX is building OIXnet, an authoritative registry for online identity trust to enable global interoperability among identity federations.

History
Shortly after coming into office, the Obama administration asked the U.S. General Services Administration (GSA) how to leverage open identity technologies to allow the American public to more easily, efficiently, and safely interact with federal websites such as the National Institute of Health (NIH), the Social Security Administration (SSA), and the Internal Revenue Service (IRS). So, at the 2009 RSA Conference, the GSA sought to build a public/private partnership with the Open ID Foundation (OIDF) and the Information Card Foundation (ICF) in order to craft a workable identity information framework that would establish the legal and policy precedents needed to establish trust for Open ID transactions.

The partnership eventually developed a trust framework model, described below. Further meetings were held at the Internet Identity Workshop in November 2009, which resulted in OIDF and ICF forming a Joint Steering Committee. The committee's task was to study the best implementation options for the newly created framework.

The US Chief Information Officer recommended the formation of a non-profit corporation, the Open Identity Exchange (OIX). In January 2010, the OIDF and ICF approved grants to fund the creation of the Open Identity Exchange. OIX was the first trust framework provider certified by the US Government. Booz Allen Hamilton, CA Technologies, Equifax, Google, PayPal, Verisign, and Verizon, all members of either OIDF and ICF, agreed to become founding members of OIX.

The Open Identity Exchange was formed in 2011. It addresses the increasing challenges of building trust in online identity outlined below:
 * Relying Parties must be able to trust that the Identity Provider is providing accurate data
 * Identity Providers must be able to trust that the Relying Party is legitimate (i.e. not a hacker, phisher, etc.)
 * Direct RP-to-IDP trust agreements are a common solution, but are impossible to manage at Internet scale

Overview
OIX is non-profit, technology agnostic, cross jurisdictional, multi-channel, standards development organization representing the leaders in online identity in the internet, telecom and data aggregation industries. Its mission is to build trust in online identity by developing standards for trust frameworks to expand online identity-driven markets and to reduce friction, mitigate risk and better serve users.

OIX drives adoption of new and expanded online services by improving market efficiency, through open standards and transparency by ensuring credibility and accountability in the system by enabling an improved user experience. OIX acts as a neutral referee and shares expertise through joint legal/policy research and best practices from the experience of working groups developing trust frameworks.

As the first trust framework provider certified by the US Government, OIX is building a global certification listing service that is a database of (white-lists) databases, a machine-readable information repository of trust framework participants, processes and certifications.

Leadership
The OIX Board represents leaders in online identity in the internet, telecom and data aggregation industries concerned with both market expansion and information security.

Government
The OIX Board meets regularly with government leaders in the White House at the invitation of Howard Schmidt, Special Assistant to the President & White House Cyber Security Coordinator to discuss the public -private partnership envisioned in the National Strategy for Trusted Identity in Cyberspace (NSTIC.)

Infrastructure
OIX has establish a credibility among industry, government, and public advocacy communities through its publication of policy and legal research, its sponsorship of a series of conferences, and a comprehensive and forward thinking response to the NSTIC NOI.

Membership
Members of OIX benefit from a number of services. Companies ranging from startups to market leaders in the public and private sectors are able to communicate with their competitors to work on common goals and solutions in a forum provided by a third-party non-profit. This creates a "team of rivals" environment that is otherwise difficult to achieve. Members also have access to innovative research that allows them to explore untapped markets and develop new products.

The Open Identity Exchange currently has thirteen executive members, sixteen general members, and four Trust Framework Authority members.

Executive Members
 * AT&T
 * UK Cabinet Office
 * CA Technologies
 * Equifax
 * Experian
 * Google
 * LexisNexis
 * Microsoft
 * PayPal
 * Ping Identity
 * SecureKey
 * Symantec
 * Verizon

General Members
 * AMF Ventures
 * Blue Marble Research
 * Broadridge
 * Connectis
 * Consult Hyperion
 * Deloitte
 * FuGen Solutions
 * GakuNin
 * ID Analytics
 * Mii Card
 * Nomura Research Institute
 * Open ID
 * PacificEast
 * Sitekit
 * Sunet
 * Trulioo
 * Daon
 * UnboundID
 * Wave

Trust Framework Authority Members
 * American Psychological Association
 * ID Dataweb
 * Respect Network
 * Mydex

White Papers
One of key main benefits of being an Open Identity Exchange subscriber is access to the OIX White Papers. The OIX White Papers deliver joint research, funded by competitors, to examine a wide range of challenges facing the open identity market and to provide possible solutions. They are written by some of the top experts in the fields of technology, particularly open identity.

OIX

 * OIX: An Open Market Solution for Online Identity Assurance

Trust Frameworks

 * Trust Framework Requirements and Guidelines
 * The Personal Network: A New Trust Model and Business Model for Personal Data
 * Federated Online Attribute Exchange Initiatives
 * Personal Levels of Assurance (PLOA)
 * The Three Pillars of Trust

UK Identity Assurance Programme (IDAP)

 * Overview of Legal Liability in the IDAP (In development)

US National Strategy for Trusted Identities in Cyberspace (NSTIC)

 * Comments on U.S. NSTIC Steering Group Draft Charter and Related Governance Issues
 * United States National Strategy for Trusted Identities in Cyberspace Identity Ecosystem Steering Committee Plenary and Governing Board Charter
 * OIX Response to "Models for a Governance Structure for the National Strategy for Trusted Identity in Cyberspace"

2013 White Paper Pipeline
At the beginning of the summer, OIX commissioned a number of White Papers aimed at tackling the toughest issues regarding identity technology, which remains an emerging market with its own set of uncertainties. Unlike previous white papers, which are more like academic exercises, these in particular relate to larger projects OIX is currently working on, such as OIXnet. The first of these papers, "The Vocabulary of Systems Liability," by Tom Smedinghoff, Mark Deem, and Sam Eckland, was released in June. Several others are in development and are set to be released later in 2013.
 * The Vocabulary of Identity Systems Liability
 * The Publish Trust APA Registration on OIXnet
 * Attribute Exchange Network Trust Framework
 * Trustmarks and Implications on the Identity Systems
 * Registries as Trusted Third Parties
 * Implications of the UK IDAP Internet Living Verification Alpha Project
 * Central and Local Government Identity Hub Integrations
 * Security Shared Signals
 * Mobile Identity Good Practice Guides

Working Groups
OIX operates a series of Working Groups to facilitate the development of trust frameworks and trust framework infrastructure. OIX Working Groups are open to employees and contractors of all OIX members, whose participation is covered by the OIX Membership Agreement. In addition, non-members may participate in an OIX Working Group at the invitation of a Working Group member by filling out and submitting the OIX Contributor Agreement.

Online Attribute Exchange Trust Framework Working Group
The purpose of this Working Group is to draft the OIX Attribute Exchange Trust Framework Specification to be posted on the OIX website. The Attribute Exchange Trust Framework is intended to facilitate the exchange of identity attributes or claims between attribute providers and relying parties utilizing consumer consent and control of these exchanges. The AX working group is defined by a charter and chaired by Dave Coxe from ID Data Web.

Telecom Data Trust Framework Working Group
The Telecom Data working group will develop a trust framework that will allow commerce providers, like retailers and etailers, to obtain or verify identity information without interfering in the relationship between a subscriber and a Telecom Service Provider. It will provide a secure and controlled solution for how a telephone number may be used to access identification information while holding private subscriber data “in trust”. The Telecom Data working group is chaired by Scott Rice from PacificEast and guided by a charter.

Projects
OIX members work together to jointly fund and participate in pilot projects (sometimes referred to as alpha projects). These “lab experiments” test business, legal, and/or technical concepts or theory and their interoperability in real world use cases.

Identity Assurance Programme Alpha Projects
Through OIX, the UK Cabinet Office has directed funding to facilitate and coordinate the rapid formation, deployment, and analysis of Alpha Projects: small scale, low risk tests of interoperable components that address key challenges to realizing the IDAP goals of convenient, secure, and privacy-enhancing digital transactions. The Alpha Projects aim to advance the development of the IDAP, but provide technology-agnostic use cases with global implications for public-private identity transactions.

Attribute Exchange Network (AXN) Pilots
OIX members also have funded pilot projects that seek to test certain conditions and assumptions within a particular trust framework. For example, "Street Identity" was a 2011 model that separated identity providers and attribute providers, providing evidence for a number of potentially powerful capabilities.

Open Identity Trust Framework
The Open Identity Trust Framework was first introduced in the organization's first White Paper, "An Open Market Solution for Online Identity Assurance," which detailed OIX's solution to Internet-scale identity assurance. The problem that arises in open identitytransactions is one of trust, such as whether a relying party can trustcredentials from an identity service provider without knowing whether thatprovider’s security, privacy, and operational policies are strong enough toprotect the relying party.

Therefore, it is necessary to establish asystem that enables parties to trust each other's information when makingtransactions.In digital identity systems, a trustframework is a pre-negotiated set of business, legal, and technical agreementsthat bind all stakeholders with mutual assurance that online transactions arereliable and repeatable.

Every trust framework is defined by a set ofpolicymakers that represent a trust community—a set of parties who need tomaintain trust in online interactions. Technically these policymakers are theauthors of the trust framework specification and the authority for its content.The trust community is also responsible for maintaining and overseeing thetrust framework specifications.

Once a trust framework has been specified,the policymakers may contract with one or more trust framework providers (TFPs)to administer it. The TFP first must publish the trust framework so it ispublicly accessible. The TFP then must accept applications from businesses andother groups that wish to join the trust framework as identity serviceproviders and verify that they comply with the framework's requirements. Italso must publish updates to the trust framework as it is revised.

OIX is building a global listing service called OIXnet, outlined below. The OIXnet registry is a database of (white-lists) databases, a machine-readable information repository of trust frameworkparticipants, processes and certifications.

OIXnet
One of the newest projects the Open Identity Exchange is working on is OIXnet. The potential growth of open identity exchanges is currently limited due to a lack of trust between internet stakeholders. Trust is essential to the expansion of any market because it makes transactions reliable and repeatable. OIXnet seeks to solve this dilemma by creating an online registry of trusted identity data, which would ease information sharing between online parties. OIXnet would centralize trusted identity metadata to facilitate global interoperability among identity federations in commercial, non-profit, and public sectors. The resulting open identity market could grow more quickly as the volume and velocity of trusted transactions increase. OIXnet is currently in the planning and design stages with potential pilots scheduled to debut later in 2013. An OIXnet Working Group is currently involved in the planning, design and due diligence stages to test the OIXnet hypothesis and help shape OIXnet. Potential pilots are scheduled to debut later in 2013.