Bret
Thanks for checking in. Here's an update on where we, the OpenID
Foundation, and our partner the Information Card Foundation stand on
certification.
Like Kantara, we continue a robust dialogue with the GSA ICAM, its new
privacy committee and others leading the government's "Open Identity for
Open Government" initiative. The good news is while much talking continues
about policy interop, real technical interop progress continues. At the
December 10th, 2009, iTrust Forum held at the NIH Campus in Bethesda, MD
over 200 people attended in person, with additional participants viewing the
proceedings through web meeting sessions. The NIH project leaders said the
feedback was "extremely positive" to the first live demonstrations of real
users and real applications using government profiles for OpenID with
Google, Yahoo! and other identity providers. Going from the US CIO's
announcement in September to going "live" in December, ain't bad at all,
even for government work!
As noted below, in November 2009 the OIDF and Information Card Foundation
(ICF) boards agreed to form a joint steering committee (JSC) to examine
options and recommend a strategy in response to the government's request.
While the joint steering committee decided to defer action on strategic
partnerships, they did unanimously recommended a conservative, phased
approach, focused on the government use case and endorsed a set of
resolutions intended to bring multiple certification options to the open
identity ecosystem. On January 08, 2010 the ICF board voted to accept the
JSC resolutions and plans to forward implementation recommendations to the
OIDF. On January 20, 3010 the OIDF board will consider these recommendations
and resolutions.
That's where we stand. The community at large has benefited from many
individuals' contributions at the technical and policy layers. Companies
like Google, PayPal, VeriSign and Microsoft have contributed the resources
and leadership needed to get us to where we are today. The new OpenID Board
starts 2010 with lots on its plate. Certification is one of many issues that
will shape the success we all hope for in 2010. I will update you and
others after the two boards' votes are in, the dust settles and a path
forward is clarified. The RSA conference in March seems a sensible
checkpoint for a concrete view of certification and our contributions to a
public private partnership for increased citizen interaction with a more
open government.
Don Thibeau
don@OIDF.org
Executive Director
The OpenID Foundation
http://openid.net
From: Brett McDowell [mailto:email@brettmcdowell.com]
Sent: Wednesday, January 13, 2010 12:14 PM
To: Don Thibeau (OIDF ED); Drummond Reed
Cc: Brian Kissel; Paul Trevithick; Nat Sakimura;
community@kantarainitiative.org
Subject: Re: OIF RFI Package
I'm following-up to see when we should plan on hearing back from the OIF JSC
regarding next steps.
I'd also like to point out that our Identity Assurance Program is live in
pilot now. Any IDP/CSP and any Assessor/Auditor can apply online here:
http://kantarainitiative.org/confluence/display/certification/Assurance+Cert
ification+Application+Overview
Best Regards,
|| Brett McDowell, Executive Director, Kantara Initiative
On Dec 23, 2009, at 11:15 AM, Brett McDowell wrote:
To: Don and other representatives from the Open Identity Framework (OIF)
Joint Steering Committee (JSC)
CC: community@kantarainitiative.org
Thank you for the detailed update and for helping us set expectations
regarding next steps. We look forward to a fruitful collaboration in 2010.
Enjoy the Holidays!
Brett McDowell, Executive Director, Kantara Initiative
On Dec 23, 2009, at 9:11 AM, Don Thibeau (OIDF ED) wrote:
Brett:
This is to bring you up to date on developments regarding the RFI issued by
the OpenID and Information Card Foundations. On Monday of this week the
Joint Steering Committee (JSC) of the two boards met to finalize
recommendations to be discussed in the January meetings of the two
foundations. The JSC accepted a recommendation from Drummond and me to
defer action on strategic partnerships until the New Year. This is to allow
more time to discuss how best to work together with partners. I think it's
fair to say we needed more time to understand the long term financial and
legal implications of how best to respond to the GSA ICAM and others
interested in certification. The JSC is taking a conservative approach in
considering how best to bring certification options to the open identity
ecosystem.
Thank you for your thoughtful response to our questions. It was helpful to
all involved. We will keep you informed as the two boards consider the best
path forward individually and together.
Please let us know if you have any questions or suggestions during this next
phase of deliberations.
Best wishes for the New Year.
Don Thibeau
don@OIDF.org
Executive Director
The OpenID Foundation
http://openid.net http://openid.net/
On Dec 8, 2009, at 9:54 AM, Brett McDowell wrote:
Kantara Initiative wishes to thank the Open Identity Framework Joint
Steering Committee (OIF JSC) for providing us with a copy of the RFI.
. We are pleased to provide this preliminary response and thank the
members of the Kantara
<http://kantarainitiative.org/confluence/display/certification/Assurance+Rev
iew+Board+Charter> Assurance Review Board for their efforts to develop a
thoughtful, detailed response on a tight timeline during a US-holiday week,
. We see significant synergy between the Kantara
<http://kantarainitiative.org/confluence/display/certification/Identity+Assu
rance+Certification+Program> Identity Assurance Program and the OIF
program, as we understand it from the preliminary material provided,
. We agree that technical interoperability is an essential enabler
of an overall trust framework and rely on the Kantara interoperability
programs (based in part on the Liberty Alliance Interoperable(TM) Program)
to provide assurance of independently verified interoperability between
products and services,
. We welcome discussions with representatives of the OpenID
Foundation and Information Card Foundation's joint Steering committee so
that we can better understand your proposed program and explore meaningful
avenues of cooperation, and
. We believe that by working together we can produce and deploy, in
a timely fashion, one or more high-quality trust frameworks that serve the
needs of a broad marketplace.
We welcome the opportunity to provide our response and hope to engage in
meaningful and fruitful discussions shortly.
Brett McDowell | http://info.brettmcdowell.com
http://info.brettmcdowell.com/ | http://KantaraInitiative.org
http://KantaraInitiative.org/
On Dec 4, 2009, at 10:43 AM, Brett McDowell wrote:
I'm pleased to report that last night I received the following invitation
from Don Thibeau on behalf of the OIF JSC for Kantara Initiative to take the
time we need to develop our response to the RFI.
[please accept this] invitation for Kantara to take the time it needs to
form its response to our RFI. We want to make sure you have all the
information and time you need.
While I'm at it, I'll also share the update that our Board of Trustees
formed a subcommittee yesterday to explore our response to the RFI. This
subcommittee has already received a contribution from the ARB for
consideration.
Have a great weekend,
Brett McDowell | http://info.brettmcdowell.com
http://info.brettmcdowell.com/ | http://KantaraInitiative.org
http://KantaraInitiative.org/
On Nov 24, 2009, at 10:19 AM, Brett McDowell wrote:
I'd like to publicly thank Don Thibeau, Drummond Reed and the members of the
OIF JSC for including Kantara Initiative in their outreach.
Don has already made the attached RFI package public over on the OIDF
mailing lists but since I've started getting questions from members of
Kantara Initiative asking to see the RFI package I realized I need to
explicitly share it with our community since many of you are not subscribed
to OIDF lists.
As I reported to Don, my next step is to discuss this with the Assurance
Review Board, the oversight body for our Identity Assurance Accreditation
and Certification Program. If you have ideas, comments, recommendations,
questions, or concerns please send them to me directly, or to this public
mailing list, or to the ARB@kantarainitiative.org mailing list (depending on
the level of disclosure you are comfortable with) -- and, yes ARB@ has SPAM
controls so your message will go in queue momentarily, but it will be pushed
through quickly.
Note that due to the nature of the ARB being the deliberative body deciding
who passes or fails accreditation and certification applications, they
operate under terms of confidentiality and they will honor any request you
have to keep your comments confidential if you call that out explicitly in
your email. As a reminder, the ARB is comprised of representatives from
Aetna, BT, GSA, KPMG, and SUNET.
Thank you in advance for contributing to the process.
Brett McDowell | http://info.brettmcdowell.com
http://info.brettmcdowell.com/ | http://KantaraInitiative.org
http://KantaraInitiative.org/
Begin forwarded message:
From: "Don Thibeau \(OIDF ED\)"
Date: November 22, 2009 7:05:44 PM EST
To: "'Brett McDowell'"
Subject: OIF RFI Package
Dear Brett:
Thanks for your interest in working with the OpenID and Information Card
Foundations. Here is the latest chapter in our conversations that began in
last spring.
Since March of this year, the OpenID and the Information Card Foundations
have collaborated on responding to US Government request to participate in
its "Open Identity for Open Government Initiative." Together with Kantara
and InCommon, we have contributed to the development of the U.S. General
Services Administration (GSA) Identity, Credential, and Access Management
(ICAM) identity standards and certification requirements. The impact of our
work with the government can be seen in the first set of deliverables at
www.IDmanagement.gov http://www.idmanagement.gov/ published in September.
As you know, ICAM's Trust Framework Provider Adoption Process (TFPAP)
<http://www.idmanagement.gov/documents/TrustFrameworkProviderAdoptionProcess
.pdf> established a new way to enable citizens to easily and safely engage
with government websites, and ICAM's Identity Scheme Adoption Process (ISAP)
http://www.idmanagement.gov/documents/IdentitySchemeAdoptionProcess.pdf
laid the techical foundation for government-approved profiles of open
identity specifications. ICAM's profiles for OpenID 2.0 and IMI 1.0
Information Cards profiles we published shortly afterwards.
The OIDF and ICF have been collaborating to develop an open approach to
trust frameworks that will meet the needs of our respective communities. Two
weeks ago at the OpenID Summit and again in three different sessions at the
Internet Identity Workshop (IIW), ICF Executive Director Drummond Reed and I
presented this approach to the community at large and asked for feedback,
challenges, and contributions. These sessions produced a wealth of
invaluable input and a strong concensus that OIDF and ICF should proceed
with this approach, which the community dubbed the Open Identity Framework
(OIF), as quickly as possible.
Immediately after IIW, the Boards of Directors of OIDF and ICF agreed to
form a joint steering committee (JSC) to refine strategic goals, investigate
operational alternatives, and guide deployment planning for the OIF. The JSC
is composed of four representatives of companies that are members of both
foundations and four community representatives, including the Chairs of both
foundation boards.
The JSC started by carefully considering the goals and objectives of the
Open Identity Framework (OIF) and weighing the tradeoffs between what
aspects should be outsourced vs. what aspects were strategic and thus should
remain "in-sourced". The JSC then asked Drummond and I to prepare the
attached Request For Information (RFI) to initiate discussions with
prospective outsourcing partners. Because the JSC wants to make
recommendations to the OIDF and ICF boards and set a course of action by
year's end, it wants to fast-track this RFI review process and expects a
report in 30 days.
The attached RFI has two objectives: 1) to solicit your informed
collaboration and feedback about how best to achieve the objectives of the
OIF, and 2) to identify the potential outsourcing partners with whom we
should proceed with more detailed negotiations. We have attached
supplemental material that fully describes our approach to the OIF with the
hope that it will be of benefit to your plans regardless of whether you
decide to respond as a potential outsourcing partner.
The JSC partner selection criteria focuses on cost efficiencies, execution
synergies, and compatible business models. You are welcome to provide
general feedback as well as respond specifically to any or all of the
activities described in the Outsourced Program Elements section. For needs
in that section where you feel your organization would be a good outsourcing
fit, please be specific as to how you would fulfill those needs. Please
include pricing estimates broken out for each outsourced program element-the
more detailed the better.
Please note that the OIDF and ICF reserve the right to change the timeline
or other portions of this RFI at any time, as well as to cancel or reissue
the RFI at any time without obligation or liability. Also, please designate
any information contained in your response that is proprietary or
confidential. While we will we will treat the material provided as business
confidential, please note that both the OIDF and ICF operate in a
transparent, open source business environment, so some commentary,
discussion, or speculation may occur on mailing groups, blog posts etc.
Please email your response as a word document attachment to don@oidf.org
before midnight EDT on 12/01/09. Of course, feel free to contact either
Drummond or myself with questions, and we would be happy to arrange telecons
or in-person meeting to discuss it as time permits.
Thank you again for your interest.
Don Thibeau
don@OIDF.org
Executive Director
The OpenID Foundation
http://openid.net http://openid.net/