white paper

San Francisco, CA -- After a year-long collaboration, the Information Card Foundation (ICF) was pleased to join the OpenID Foundation (OIDF) in announcing the launch of the Open Identity Exchange (OIX) at the RSA 2010 Conference.

OIX is the first open identity trust framework provider—a provider of certification frameworks for the providers and consumers of open identity credentials such as Information Cards and OpenID. OIX is based on a new approach to creating wide-area trust networks on the Internet called the Open Identity Trust Framework (OITF) Model. ICF, OIDF, and OIX have jointly published a white paper describing this model, including 12 "Principles of Openness" followed by OITF providers.

"This is a major step forward for the open identity industry," said ICF Executive Director Drummond Reed, who will also serve as the initial Executive Director of OIX. "To serve governments and other online communities that have requirements for specific levels of identity assurance, the industry needed to create a certification program for OpenID and Information Card providers. Now we have done that, and we have done it in a manner consistent with the open standards and open market approach upon which our technologies are based."

Washington D.C. - At the Open Government Identity Management Solutions Privacy Workshop held today in Washington D.C., Don Thibeau, Executive Director of the OpenID Foundation, and Drummond Reed, Executive Director of the Information Card Foundation, announced a joint white paper from both foundations. Entitled Open Trust Frameworks for Open Government, the paper explains the approach both foundations are taking to enable open, Internet-scale trust networks using OpenID and Information Cards.

"Open trust frameworks are the way to bridge open identity technologies like OpenID and Information Cards with the trust requirements of large communities such as the U.S. federal government," said Mr. Reed. "They are a practical solution to enabling government agency websites and applications to accept identities from non-governmental identity providers. This reduces friction and lowers costs while at the same time increasing security and privacy."

The focus of the workshop was the privacy implications of introducing open identity technologies to federal websites. Besides Mr. Reed, speakers on this topic included:

The European e-Identity Management Association (EEMA) held its annual conference in London last week, and Information Cards were a major topic. At the opening session on Thursday, 25 June, Kim Cameron of Microsoft gave an overview of claims-based identity and the role of Information Cards in a claims-based identity metasystem. He also mentioned his new white paper, Proposal for a Common Identity Framework: A User-Centric Identity Metasystem, co-authored with Reinhard Posch (federal CIO for the Austrian government since 2001) and Kai Rannenberg (the T-Mobile Chair for Mobile Business and Multilateral Security at Goethe University Frankfurt).

The second day of the conference featured an Identity Metasystems Roundtable, moderated by John Bradley, ICF Fellow and OASIS IDtrust Steering Committee Member, Tony Nadalin of Microsoft, and Drummond Reed, ICF Executive Director. It was an in-depth discussion covering many current topics in the Information Card and IMI ecosystem, including:

SPECIAL TO RSA-San Francisco-April 20, 2009-At the RSA Security conference beginning today at the Moscone Center in San Francisco, the Information Card Foundation (ICF) announced publication of a new white paper on Information Cards by noted industry analyst Craig Burton. The Information Card Ecosystem: The Fundamental Leap from Cookies and Passwords to Cards and Selectors explains why the Information Card metaphor is being recognized across the industry as the future of digital identity both in the enterprise and on the Internet.

"This is the first analysis of digital identity that explains why Information Cards are an inevitable next step in the evolution of relationships on the Internet, just as cookies were in the 1990's," said Mr. Burton, principal analyst at Burtonian and former CTO of Novell. "Cookies solved the problem of how a user could share information across the pages of the same website. For example, without them, e-commerce shopping carts would not work. Information Cards solve the next wider problem: how a user can safely share private information across completely different websites of their choosing."

The paper uses the common example of booking travel. Today, a traveller must re-enter their trip details into every travel site they visit. Even though that travel site may set a cookie to recognize the returning user, that's all the cookie can "remember". With Information Cards, the traveller will be able enter the trip details once, then use an Information Card to securely and privately share it with each travel site they wish in one click.