OpenID is being promoted as a solution for digital identity and single sign-on across the internet. The OpenID specification is being updated to version ABC to improve the user experience and support new platforms like mobile. The OpenID Foundation is working to expand adoption of OpenID globally through collaboration and hosting summits. Trust levels and attribute verification are also being discussed to support identity assurance and sharing between services.

1. OpenID a katalyst for EU e-id [email_address]

2. As an ID expert we like to present this problem

3. For 25 years nobody really cares! Double digit growth eCommerce PKI Smartcards as a beer coaster Infocard not shipped Self asserted username-passwords is fine Employees bypass security systems to do their real work

4. eID the right tool at the right time?

5. Different use-cases, or just a different market approach towards a consumer accepted e-ID?

6. Additional trends that confirm a need for a different approach Password fatigue Mobile first Socialisation of the web Cloud – Services Integration

7. Registration fatigue ‘ GBA’

8. Consumers create single sign-on

9. A new identity console

10. Your digital identity on the social web 500M+ 175M+

11. Sharing your data under consent between services (oauth)

12. OpenID, one single digital identity for consumers? OpenID is a successful multichannel protocol to enable consumers and merchants to share identities Consumers do not understand OpenID as their single identity Identity providers want to promote their brand and competitive advantage Re-use exiting accounts, like Google, Facebook, Hyves, LinkedIn More on OpenID situation 2011 “OpenID Swot ”

13. The Evolution of Open Identity OpenID User must understand and remember URL Each OpenID Provider has different URL syntax This worked “OK” on tech-focused blogs, wikis, discussion groups, etc. but not well with broader audiences and applications Yahoo buttons, Google Friend Connect, Facebook Connect, ID Selector Content Provider Advisory Committee meeting in NYC First UX Summit at Yahoo Major OPs improving workflow User only needs to click on icon for preferred identity account Second UX Summit at Facebook Graphical interface of major Identity Providers, including proprietary solutions from Facebook, MySpace, & Microsoft 2007 2008-2009 2010

14. 2011 Challenges/Priorities OpenID foundation Challenge: Improve the OpenID “product” Finalize and implement OpenID ABC Outreach to other identity protocols (UX, Attributes, Consent) Challenge: Globalize OpenID Adoption Worldwide OpenID summits will improve specifications and adoption OIDF leaders organize, sponsor and speak at global identity events, OpenID summits Challenge: Build momentum and expand outreach Collaborate with related standards bodies and organizations Extend content curator program Challenge: Keep OpenID free and IPR protected Extend trademark protections globally

15. Working Group Current specification OpenID 2.0 used successfully in different use cases (also enterprise) New Spec in progress “OpenID ABC” Almost certainly not final branding! Spec work occurring in “Artifact Binding” working group Incorporates submissions to former “OpenID Connect” working group Points of departure Mobile phones and other limited platforms “ Facebook Connect” style functionality for easy registration Easier deployment than OpenID 2.0

16. The OpenID ABC product Artifact Binding UserInfo Endpoint Simple RPs Higher LoA Session Management Unregistered Clients OAuth 2 Integration Use of JWTs Single Logout

17. Protocol workgroup participants Key working group participants: Nat Sakimura – Nippon Research Institute – Japan John Bradley – Independent – Chile Breno de Medeiros – Google – US Paul Tarjan – Facebook – US Axel Nennker – Deutsche Telekom – Germany Kick Willemse – Independent – Netherlands Tony Nadalin – Microsoft – US Mike Jones – Microsoft – US By no means an exhaustive list! OpenID specs developed via an open process All free to participate

18. Discussion & Resources Artifact Binding Working Group Wiki Page http://wiki.openid.net/w/page/12995134/Artifact-Binding Artifact Binding Mailing List http://lists.openid.net/mailman/listinfo/openid-specs-ab

19. Specification Structure OpenID AB spec contains in two parts Core – abstract specification Binding – OAuth 2 based binding JSON Web Token (JWT) spec with signing Next version will add encryption Other specs like UMA are looking to adopt it Discovery a separate spec Will refer to OAuth 2.0 specs once finished

20. Spec Progress Current status Core – 70% done Bindings – 75% done (pending OAuth 2.0 completion) Discovery – 80% (working from SWD) JWT – 90% done for tokens and signature Encryption remains to be specified OAuth 2.0 – 95% Target: Complete drafts by Internet Identity Workshop (IIW) in May, Final IIW in November 2011

21. Visit our summits for updates and discussions http://Wiki.openid.net January 18 Completed OpenID Policy Summit hosted and sponsored by OIX in Washington DC March 8 Completed OpenID Retail Summit hosted by PayPal in San Jose May 2 12-5 PM OpenID Security Summit co-hosted by Symantec/Google in Mountain View May 10 8-12 AM OpenID Technology Summit at EIC co-sponsored by Google and Microsoft in Munich TBD TBD OpenID Asia/Pacific Technology Summit hosted by NRI in Tokyo July 19 8-12 AM OpenID Enterprise Summit hosted by Ping Identity in Keystone, Colorado Oct 10 TBD OpenID Technology Summit at RSA Conference co-hosted by Microsoft and Google in London November 12-5 PM OpenID Social Media Summit November hosted by FaceBook in Palo Alto

22. So what about trust levels? OpenID is not a trustscheme Do you really need a trust level or may self assertion, pre-registration or IDP whitelisting work for you? Local trust schemes, country specific US-Gov Profile OpenID ICAM profile Stork E-ID and ISO/IEC 29115 International movement towards trustschemes that make it possible to re-use existing identities, both private and public

23. The trust framework paradox? Identity = A collection of multiple attributes or claims about a person or system Name E-mail Date of Birth Profession Address Why do we want to define Levels of Assurance (LOA) on a single Identity Level and not attribute level?

24. Mapping attribute schemes is an important condition for LOA’s A datamodel for personal data SEMIC (EU) Attribute Exchange, Sreg in OpenID Open Social – Portable Contacts Social network specific Country specific

25. Trust scheme on attribute level A first scheme for e-mail by Google within OIX OpenID Summit certification list/ Google RP Possible methods of verification Self asserted Proof of Possesion Authentic Register Certificate of origin

26. Interested in helping shape the future of internet identity? OIDF Company/Organizational Membership Share experience and concenrs with important identity players like Google, Paypal, Microsoft, FaceBook, Ping, Deutsche Telekom Inclusion in OpenID Foundation press releases and industry events Corporate logo displayed on the OpenID Foundation website and materials OpenID Summits fees waived for all employees Propose and lead OpenID technical and marketing work groups Vote on ratification of OpenID specifications and recommendations OIDF Individual Membership Vote on OpenID workgroups, specifications, and community board members Use the OpenID Foundation Member logo and signature on your blog, email, website, apps Influence the technical development of OpenID technology and adoption Free pass to all OpenID Summits and discounts to conferences on internet identity Students and Professional Courtesy options available on request.