Bret
Thanks
for checking in. Here’s an update on where we, the OpenID
Foundation, and our partner the Information Card Foundation stand on
certification.
Like
Kantara, we continue a robust dialogue with the GSA ICAM, its new privacy committee
and others leading the government’s “Open Identity for Open Government”
initiative. The good news is while much talking continues about policy interop,
real technical interop progress continues. At the December 10th,
2009, iTrust Forum held at the NIH Campus in Bethesda, MD over 200 people
attended in person, with additional participants viewing the proceedings
through web meeting sessions. The NIH project leaders said the feedback was “extremely
positive” to the first live demonstrations of real users and real applications
using government profiles for OpenID with Google, Yahoo! and other identity
providers. Going from the US CIO’s announcement in September to going “live”
in December, ain’t bad at all, even for government work!
As
noted below, in November 2009 the OIDF and Information Card Foundation (ICF)
boards agreed to form a joint steering committee (JSC) to examine options and
recommend a strategy in response to the government’s request. While the joint steering
committee decided
to defer action on strategic partnerships, they did unanimously recommended a conservative, phased
approach, focused on the government use case and endorsed a set of resolutions intended
to bring
multiple certification options to the open identity ecosystem. On January 08, 2010
the ICF board voted to accept the JSC resolutions and plans to forward implementation
recommendations to the OIDF. On January 20, 3010 the OIDF board will consider
these recommendations and resolutions.
That’s
where we stand. The community at large has benefited from many individuals’
contributions at the technical and policy layers. Companies like Google, PayPal,
VeriSign and Microsoft have contributed the resources and leadership needed to
get us to where we are today. The new OpenID Board starts 2010 with lots on its
plate. Certification is one of many issues that will shape the success we all
hope for in 2010. I will update you and others after the two boards’
votes are in, the dust settles and a path forward is clarified. The RSA conference
in March seems a sensible checkpoint for a concrete view of certification and our
contributions to a public private partnership for increased citizen interaction
with a more open government.
Don Thibeau
don@OIDF.org
Executive Director
The OpenID Foundation
From: Brett McDowell
[mailto:email@brettmcdowell.com]
Sent: Wednesday, January 13, 2010 12:14 PM
To: Don Thibeau (OIDF ED); Drummond Reed
Cc: Brian Kissel; Paul Trevithick; Nat Sakimura;
community@kantarainitiative.org
Subject: Re: OIF RFI Package
I'm following-up to see when we
should plan on hearing back from the OIF JSC regarding next steps.
I'd also like to point out that our
Identity Assurance Program is live in pilot now. Any IDP/CSP and any
Assessor/Auditor can apply online here:
Best Regards,
|| Brett McDowell, Executive Director, Kantara Initiative
On Dec 23, 2009, at 11:15 AM, Brett
McDowell wrote:
To: Don and other representatives
from the Open Identity Framework (OIF) Joint Steering Committee (JSC)
Thank you for the detailed update
and for helping us set expectations regarding next steps. We look forward
to a fruitful collaboration in 2010.
Enjoy the Holidays!
Brett McDowell, Executive Director,
Kantara Initiative
On Dec 23, 2009, at 9:11 AM, Don
Thibeau (OIDF ED) wrote:
Brett:
This is to bring you up to date on developments regarding the RFI issued by the OpenID and Information Card Foundations. On Monday of this week the Joint Steering Committee (JSC) of the two boards met to finalize recommendations to be discussed in the January meetings of the two foundations. The JSC accepted a recommendation from Drummond and me to defer action on strategic partnerships until the New Year. This is to allow more time to discuss how best to work together with partners. I think it’s fair to say we needed more time to understand the long term financial and legal implications of how best to respond to the GSA ICAM and others interested in certification. The JSC is taking a conservative approach in considering how best to bring certification options to the open identity ecosystem.
Thank you for your thoughtful response to our questions. It was helpful to all involved. We will keep you informed as the two boards consider the best path forward individually and together.
Please let us know if you have any questions or suggestions during this next phase of deliberations.
Best wishes for the New Year.
Don Thibeau
Executive Director
The OpenID Foundation
On Dec 8, 2009, at 9:54 AM, Brett
McDowell wrote:
Kantara Initiative wishes to thank the
Open Identity Framework Joint Steering Committee (OIF JSC) for providing us
with a copy of the RFI.
·
We
are pleased to provide this preliminary response and thank the members of
the Kantara
Assurance Review Board for their efforts to develop a thoughtful,
detailed response on a tight timeline during a US-holiday week,
·
We
see significant synergy between the Kantara
Identity Assurance Program and the OIF program, as we understand it
from the preliminary material provided,
·
We
agree that technical interoperability is an essential enabler of an overall
trust framework and rely on the Kantara interoperability programs (based in
part on the Liberty Alliance Interoperable(TM) Program) to provide assurance of
independently verified interoperability between products and services,
·
We
welcome discussions with representatives of the OpenID Foundation and
Information Card Foundation’s joint Steering committee so that we can
better understand your proposed program and explore meaningful avenues of
cooperation, and
·
We
believe that by working together we can produce and deploy, in a timely
fashion, one or more high-quality trust frameworks that serve the needs of a
broad marketplace.
We welcome the opportunity to provide our
response and hope to engage in meaningful and fruitful discussions shortly.
<Kantara OIF JSC Response
12.8.09.pdf>
Brett McDowell | http://info.brettmcdowell.com |
http://KantaraInitiative.org
On Dec 4, 2009, at 10:43 AM, Brett
McDowell wrote:
I'm pleased to report that last
night I received the following invitation from Don Thibeau on behalf of the OIF
JSC for Kantara Initiative to take the time we need to develop our response to
the RFI.
[please accept this] invitation for Kantara to take the time it needs to form its response to our RFI. We want to make sure you have all the information and time you need.
While I'm at it, I'll also share
the update that our Board of Trustees formed a subcommittee yesterday to
explore our response to the RFI. This subcommittee has already received a
contribution from the ARB for consideration.
Have a great weekend,
Brett McDowell | http://info.brettmcdowell.com |
http://KantaraInitiative.org
On Nov 24, 2009, at 10:19 AM, Brett
McDowell wrote:
I'd like to publicly thank Don
Thibeau, Drummond Reed and the members of the OIF JSC for including Kantara
Initiative in their outreach.
Don has already made the attached
RFI package public over on the OIDF mailing lists but since I've started
getting questions from members of Kantara Initiative asking to see the
RFI package I realized I need to explicitly share it with our community since
many of you are not subscribed to OIDF lists.
As I reported to Don, my next step
is to discuss this with the Assurance Review Board, the oversight body for our
Identity Assurance Accreditation and Certification Program. If you have
ideas, comments, recommendations, questions, or concerns please send them to me
directly, or to this public mailing list, or to the ARB@kantarainitiative.org mailing
list (depending on the level of disclosure you are comfortable with) -- and,
yes ARB@ has SPAM controls so your message will go in queue momentarily, but it
will be pushed through quickly.
Note that due to the nature of the
ARB being the deliberative body deciding who passes or fails accreditation and
certification applications, they operate under terms of confidentiality and
they will honor any request you have to keep your comments confidential if you
call that out explicitly in your email. As a reminder, the ARB is
comprised of representatives from Aetna, BT, GSA, KPMG, and
SUNET.
Thank you in advance for
contributing to the process.
Brett McDowell | http://info.brettmcdowell.com |
http://KantaraInitiative.org
Begin forwarded message:
From: "Don Thibeau \(OIDF
ED\)" <don@oidf.org>
Date: November 22, 2009 7:05:44 PM EST
To: "'Brett McDowell'" <email@brettmcdowell.com>
Subject: OIF RFI Package
Dear Brett:
Thanks for your interest in working
with the OpenID and Information Card Foundations. Here is the latest chapter in
our conversations that began in last spring.
Since March of this year, the
OpenID and the Information Card Foundations have collaborated on responding to
US Government request to participate in its “Open Identity for Open
Government Initiative.” Together with Kantara and InCommon, we have
contributed to the development of the U.S. General Services Administration
(GSA) Identity, Credential, and Access Management (ICAM) identity standards and
certification requirements. The impact of our work with the government can be
seen in the first set of deliverables at www.IDmanagement.gov published in September. As you
know, ICAM’s Trust Framework Provider Adoption Process (TFPAP) established a new way to enable
citizens to easily and safely engage with government websites, and ICAM’s Identity Scheme Adoption Process (ISAP) laid the techical foundation for
government-approved profiles of open identity specifications. ICAM’s
profiles for OpenID 2.0 and IMI 1.0 Information Cards profiles we published
shortly afterwards.
The OIDF and ICF have been
collaborating to develop an open approach to trust frameworks that will meet
the needs of our respective communities. Two weeks ago at the OpenID Summit and
again in three different sessions at the Internet Identity Workshop (IIW), ICF
Executive Director Drummond Reed and I presented this approach to the community
at large and asked for feedback, challenges, and contributions. These sessions
produced a wealth of invaluable input and a strong concensus that OIDF and ICF
should proceed with this approach, which the community dubbed the Open Identity
Framework (OIF), as quickly as possible.
Immediately after IIW, the Boards
of Directors of OIDF and ICF agreed to form a joint steering
committee (JSC) to refine strategic goals, investigate operational alternatives,
and guide deployment planning for the OIF. The JSC is composed of four
representatives of companies that are members of both foundations and four
community representatives, including the Chairs of both foundation boards.
The JSC started by carefully
considering the goals and objectives of the Open Identity Framework (OIF) and
weighing the tradeoffs between what aspects should be outsourced vs. what
aspects were strategic and thus should remain “in-sourced”. The JSC
then asked Drummond and I to prepare the attached Request For Information (RFI)
to initiate discussions with prospective outsourcing partners. Because the JSC
wants to make recommendations to the OIDF and ICF boards and set a course of
action by year’s end, it wants to fast-track this RFI review process and
expects a report in 30 days.
The attached RFI has two
objectives: 1) to solicit your informed collaboration and feedback about how
best to achieve the objectives of the OIF, and 2) to identify the potential
outsourcing partners with whom we should proceed with more detailed
negotiations. We have attached supplemental material that fully describes our
approach to the OIF with the hope that it will be of benefit to your plans
regardless of whether you decide to respond as a potential outsourcing partner.
The JSC partner selection criteria
focuses on cost efficiencies, execution synergies, and compatible business
models. You are welcome to provide general feedback as well as respond
specifically to any or all of the activities described in the Outsourced
Program Elements section. For needs in that section where you feel your
organization would be a good outsourcing fit, please be specific as to how you
would fulfill those needs. Please include pricing estimates broken out for each
outsourced program element—the more detailed the better.
Please note that the OIDF and ICF
reserve the right to change the timeline or other portions of this RFI at any
time, as well as to cancel or reissue the RFI at any time without obligation or
liability. Also, please designate any information contained in your
response that is proprietary or confidential. While we will we will treat the
material provided as business confidential, please note that both the OIDF and
ICF operate in a transparent, open source business environment, so some
commentary, discussion, or speculation may occur on mailing groups, blog posts
etc.
Please email your response as a
word document attachment to don@oidf.org before midnight EDT on 12/01/09.
Of course, feel free to contact either Drummond or myself with questions, and
we would be happy to arrange telecons or in-person meeting to discuss it as
time permits.
Thank you again for your interest.
Don
Thibeau
don@OIDF.org
Executive Director
The OpenID Foundation
http://openid.net
<oif-rfi-v7.doc>
<oif-admin-process-flow-v5.doc>
<oif-tfp-doc-list-v3.doc>
<oif-overview-v11.ppt>