OIX - We have joined


What is OIX?

The Open Identity Exchange (OIX) is a non-profit corporation serving as an independent, neutral provider of certification trust frameworks for open identity technologies.

Who is leading OIX?

The Board of Directors includes Kennie Kwong, Lead Member of Technical Staff, AT&T; Jack Jones, Booz Allen Hamilton; Jeffrey Broberg, Advisor, Security Solutions, Product Management, CA Technologies; Ron Carpinella, VP Identity, Equifax; Daniel Elvester, Senior Director, Business Development, Experian; Andrew Nash, Director of Identity Products, Google; Dennis Becker, Vice President, Emerging Markets, LexisNexis Risk Solutions; Farhang Kassaei, Senior Director of Identity Services, PayPal; Nico Popp, Vice President of Identity and Authentication Services, Symantec; Paul Florack, Vice President – TSD Product Management, Transaction Network Services; and Peter Tippett, Vice President of Technology and Innovation; Verizon. The Chairman of the OIX Board of Directors and Executive Director is Don Thibeau, who currently serves as the Executive Director of the OpenID Foundation.

Why was OIX formed?

Just as certain activities in the physical world—driving a car, flying in an airplane, applying for a mortgage—require identity credentials, so do certain activities in the digital world. However until recently digital identity credentials were largely confined to closed systems that served a defined population of known users, such as a single website, or a corporate or university network. The rise of the Internet and the Web—interconnecting millions of different websites and systems—demands new digital identity solutions like OpenID and Information Cards that “open up” closed systems to qualified users from anywhere on the Internet.

What problem is OIX solving?

Open identity technologies reduce the friction of using the Web, much like credit cards reduce the friction of paying for goods and services.  However, they also introduce a new problem: who do you trust? In other words, how does a relying party know it can trust credentials from an identity service provider without knowing if that provider’s security, privacy, and operational policies are strong enough to protect the relying party’s interests?  This is not a technology problem. It is a business, legal, and social problem that must be solved with policy-based solutions like OIX.

The key challenge to providing identity assurance at Internet scale is removing the need for direct trust agreements between identity providers and relying parties. To solve this problem, the open identity community, led by members of the OpenID Foundation and Information Card Foundation, developed the Open Identity Trust Framework (OITF) model. This model “breaks apart” centralized control of certification into separate functions in order to create an open competitive market for each function.

What are the benefits of an open market model for identity assurance?

Open market models reward good market behavior in a virtuous cycle. Having trust frameworks, trust framework providers, identity providers, relying parties, and assessors competing directly with each other for business means:

  • More choice for users and websites about the policies that will apply to their interactions.
  • Market pricing for services throughout the open identity infrastructure.
  • Economies of scale as service standardization lowers costs for all parties.
  • Diversity from head to foot of the "long tail", which is especially important to preserve the diversity of contexts and policies necessary for a healthy online ecosystem.

How will OIX benefit consumers?

Consumers of identity management services (either from identity providers or relying parties) will benefit first from the increased adoption of open identity technologies from certified providers -- for example the availability of OpenID and Information Cards to use at US federal government websites. They will also benefit from the standardized identity, security, and privacy policies that OIX trust frameworks will propagate. Lastly, the OIX Listing Service will permit consumers to compare the technical and policy standards of various identity providers and relying parties, helping advance competition and increase quality throughout the industry.

Just in case.....

What is the OpenID Foundation?

The OpenID Foundation (OIDF) was formed in June 2007 to help promote, protect, and enable the OpenID technologies and community. The OIDF does not dictate the technical direction of OpenID; instead it will help enable and protect whatever is created by the community.  OpenID is a Web registration and single sign-on protocol that lets users register and login to OpenID-enabled websites using their own choice of OpenID identifier. With OpenID, a user can operate their own OpenID service (such as on their blog), or they can use the services of a third-party OpenID provider (most major Web portals, such as AOL, Google, and Yahoo, now offer OpenID service).

What is an identity provider?

An identity provider is the website or service providing a security credential on behalf of the user.

What is a relying party?

A relying party is the website or service that requires a security credential from the user.

What is a trust framework?

In digital identity systems, a trust framework is a certification program that enables a relying party to trust the identity, security, and privacy assurances from an identity provider.