The Information Card Foundation (ICF) has been affiliated with Identity Commons since ICF's founding in June of 2008. Identity Commons is currently a loose-knit affiliation of different groups and organizations working together to create an identity layer for the Internet. It is perhaps best-known for its semi-annual conference, Internet Identity Workshop (now known as “IIW”), which brings together a wide range of people active in the Internet identity community to forge the protocols, policies, and partnerships necessary to produce an identity layer serving all constituencies: people, for-profit companies, non-profit organizations, and governments.
The current Identity Commons is actually the second generation of an organization originally founded by Owen Davis and Andrew Nelson in 2002. That organization subsequently transformed itself in 2005 into the current Working Group structure in order to foster collaboration between a diverse set of groups that include legally incorporated entities such as the ICF, the OpenID Foundation, and XDI.org, as well as internal Identity Commons Working Groups that are not separate legal entities, such as IIW, OSIS, ID Legal, Project VRM, and Kids Online.
Although Identity Commons has always been a non-profit corporation, the second-generation entity has never raised funds beyond its modest operating expenses (less than $5000 per year). This past summer, interest grew in creating a third generation of Identity Commons that could serve as a much more robust “upside-down umbrella” organization for funding and coordinating work across the entire ecosystem of efforts on Internet identity, data sharing, and relationship management.
I'm pleased to announce that as of October 1, Mary is the new Executive Director of ICF. Mary brings a wealth of experience and relationships within user-centric identity community. Having worked alongside Mary in a number of settings, I have every confidence that she'll guide the ICF admirably as we begin our next phase of growth and evolution.
Mary succeeds Drummond Reed, another person well known in the identity community. Drummond's passion for building standards, trust frameworks, and supporting organizations within what might be called the emerging Personal Data Ecosystem has grown to the point where several weeks ago he told the ICF board that he wanted to focus on it full time and that we should initiate a search for his successor.
In February 2009 Drummond was asked by this board on rather short notice if he would serve as our E.D. He cheerfully accepted and immediately tackled the considerable challenge of getting the new ICF website, communications strategy, and organizational infrastructure ready for the successful launch at RSA several weeks later. Since then Drummond has continued to do an exemplary job promoting the cause of Information Cards in countless public and private venues. He has also devoted a significant portion of his time to co-founding, in partnership with the OpenID Foundation, the OIX organization. Drummond also worked alongside Mary Ruddy, John Bradley and other ICF board members to get Information Card technology to be accepted by the US ICAM program. All of these projects have been successful in no small part due to Drummond's tireless efforts, and have benefited from his professional manner and genuine enthusiasm.
--Paul Trevithick, ICF Board Chair
Seattle WA – September 27, 2010 – Last month, at the Privacy Identity Innovation 2010 conference in Seattle, Microsoft Senior Program Manager Christian Paquin hosted a session on the U-Prove minimal disclosure technology. ICF Executive Director Drummond Reed interviewed Christian for the following in-depth Q&A about U-Prove.
Q: First, can you tell me what is U-Prove?
A: U-Prove is an innovative privacy-enhancing security technology that can help people protect their identity-related information. U-Prove combines the security of PKI (public key infrastructure) with the flexibility of federation technologies that allow people to link identities across domains. And it does all this while providing privacy-by-design. That makes the U-Prove technology ideally suited to protect claims (attributes) in user-centric identity systems.
Q: Microsoft made a major announcement about U-Prove at RSA in March. What was the essence of that announcement?
A: The initial release of the U-Prove technology we announced at RSA consisted of two parts. First, we released the U-Prove specifications, published under the Open Specification Promise (OSP), so anyone can implement and use them freely and for any purpose. The first specification describes the core cryptographic protocols, and the second is a WS-Trust / OASIS IMI profile (the protocol used for Information Cards). We also released two open-source Software Development Kits (SDK) – one in C#, one in Java – implementing the core cryptographic specification.
The annual summer Catalyst conference put on by the Burton Group is happening again this coming week in San Diego. A large number of Information Card Foundation members and directors will be in attendance. Here is a list of all the events that are of particular interest to ICF members and others involved with open identity technologies:
Munich, Germany -- Information Cards and ICF members were very active in the European Identity Conference (EIC) in Munich this past week. To begin with, ICF board member Kim Cameron accepted the European Identity Award for “Best Innovation” on behalf of Microsoft for its U-Prove minimal disclosure technology. The award was shared with IBM for its similar Idemix technology. Both solutions were lauded by EIC host Kuppinger Cole as pioneering efforts in enhancing online privacy and security.
Mr. Cameron also gave a keynote address, “Federated Directory meets Minimal Disclosure: Mortal Enemies or Soul Mates?” in which he showed how cloud computing, social networks, and enterprise collaboration demand federation of directory information across trust boundaries to create a distributed information fabric. Mr. Cameron then asserted that, by using technologies like U-Prove, these federations can be built to be consistent with the requirements of minimal disclosure.
Munich, Germany -- ICF Executive Director Drummond Reed, chair Paul Trevithick, and board members Kim Cameron, Pamela Dingle, Jörg Heuer, Anthony Nadalin, Andrew Nash, Axel Nennker, and Sandy Porter are all attending the European Identity Conference this week. Kim Cameron gave a keynote on the first day of the conference on Tuesday covering the next steps for federated identity management, including using Information Card tokens with Microsoft's recently announced U-Prove technology, and what Kim calls "federated directory systems".
The ICF directors and members will hold a special "birds of a feather" breakfast session on the final day of the conference, Friday May 7, starting at 8AM local time outside the main dining room of the conference location at the Deutschen Museum, Museumsinsel 1, 80538 München. We invite all interested ICF DACH chapter members, EIC attendees, and their guests to attend.
San Francisco, CA -- After a year-long collaboration, the Information Card Foundation (ICF) was pleased to join the OpenID Foundation (OIDF) in announcing the launch of the Open Identity Exchange (OIX) at the RSA 2010 Conference.
OIX is the first open identity trust framework provider—a provider of certification frameworks for the providers and consumers of open identity credentials such as Information Cards and OpenID. OIX is based on a new approach to creating wide-area trust networks on the Internet called the Open Identity Trust Framework (OITF) Model. ICF, OIDF, and OIX have jointly published a white paper describing this model, including 12 "Principles of Openness" followed by OITF providers.
"This is a major step forward for the open identity industry," said ICF Executive Director Drummond Reed, who will also serve as the initial Executive Director of OIX. "To serve governments and other online communities that have requirements for specific levels of identity assurance, the industry needed to create a certification program for OpenID and Information Card providers. Now we have done that, and we have done it in a manner consistent with the open standards and open market approach upon which our technologies are based."
Last December ICF Executive Director Drummond Reed spent a day in Victoria, B.C. with the identity management team in the Office of the CIO for the Province of British Columbia, including Ian Bailey, the Executive Director of Architecture and Standards, Charmaine Lowe, Director of Information Standards, and Patricia Wiebe, Senior Identity Architect. The following interview is based on many of the topics they discussed.
Q: Let’s start with the big picture: when did your office first begin to focus on identity management?
A: Back in 1996 we determined that identity management was going to be key to developing a shared services approach for the delivery of IM/IT services for government and started a program to develop a corporate identity management Technology was a real barrier for us at that point, but with the release of Windows Active Directory in 2000 we were able to consolidate most of our directories into a single centralized domain for government workers. Also at that time we were building our first version of an authentication service to support government’s interactions with businesses and citizens, and in 2002 we started our BCeID identity provider service. We learned a lot from those first efforts, particularly that directory centric solutions were not going to work in the long term.
Q: So you’ve been at this a long time. Overall, what are the goals of your IdM program, i.e., what’s your vision for what IdM can do for the BC government and the people of the province?
ICF will be an active participant in the OASIS IMI Interop to be held next week at the 2010 RSA Conference at the Moscone Center in San Francisco. The Interop will focus on demonstrations of the GSA ICAM IMI 1.0 Profile for use of Information Cards to U.S. government identity assurance levels.
Contributors to the ICF presence at the Interop include Avoco Secure, Azigo, the Province of British Columbia, Equifax, Meristic, Microsoft, Openinfocard, and PayPal. They will be demonstrating Information Cards, relying party sites, and selectors compatible with the GSA ICAM IMI 1.0 Profile.
The IMI Interop will be held in the OASIS booth (#2545) on the RSA show floor. The booth will be open:
- 6-8PM Monday March 1
- 11-6PM Tuesday March 2
- 11-6PM Wednesday March 3
- 11-3PM Thursday March 4
Currently IMI Interop presentations are scheduled every two hours during the day in the booth. Direct interop demonstrations will be going on continuously. We invite you to come by the booth and visit us.
ICF will also be participating in a major announcement about the establishment of new infrastructure for online identity assurance – watch for further information here.
Lastly, the ICF Board of Directors will hold a face-to-face meeting from 3-7PM on Thursday March 4 at SPUR, 654 Mission Street (two blocks from Moscone).
Avoco Secure today announced it will launch the first "universal identity broker", a new product call Open2Connect that will make it much easier and more seamless for users to access online resources such as websites, documents, etc. using any identification/authentication method, including username/password, Information Cards, OpenID®, X509 digital certificate, Windows Live® ID, SAML, etc.
The Open2Connect UIB system ensures that a user can utilise any preferred login method, as long as that method contains the information required by the site to allow access (called a "claim"). Examples of claims include names, email addresses, or account numbers. The UIB can also go a step further by controlling access to the web resource through associating levels of assurance with the login, for example specifying that the claim must originate from a specified source.
The whole login process is handled by the UIB: the user simply clicks on the login button as usual -- vital in retaining usability of websites. The UIB will then present the user with choices of login method from their preferred list -- showing only those that the website will accept (because they contain the correct claim). The communication between the login method, the identity provisioning site (as appropriate) and the website is all handled by the UIB.