RSA: Google, PayPal, Equifax, Others Form Open Identity Exchange - InformationWeek
Cloud // Cloud Storage
03:39 PM
Connect Directly

RSA: Google, PayPal, Equifax, Others Form Open Identity Exchange

The companies have created a non-profit to manage the process of certifying identity providers.

Google, PayPal, Equifax, VeriSign, Verizon, CA, and Booz Allen Hamilton on Wednesday at the RSA Conference announced that they have formed a non-profit organization to oversee the exchange of online identity credentials on public and private sector Web sites.

The organization, The Open Identity Exchange (OIX), will serve as a trust framework provider. A trust framework is a certification program that allows organizations and individuals to exchange digital credentials and to trust the identity, security, and privacy assertions associated with those credentials.

With help from the OpenID Foundation and the Information Card Foundation, OIX has been authorized to serve as a trust framework for the U.S. government. It will certify identity management providers to make sure they meet federal standards.

Google, Equifax, and PayPal will be the first three identity providers to issue digital identity credentials as a way to enable privacy-protected registration and login at U.S. government Web sites.

Verizon is expected to be the fourth, once it completes the certification process.

"We're pleased to be among the first organizations to be certified by the newly created OIX," said Google senior product manager Eric Sachs in a statement. "We've already seen encouraging implementations of identity technologies in the industry, and our hope is that the work of the OIX will expand on this progress to help facilitate more open government participation, as well as improve security on the Internet by reducing password use across websites."

The National Institutes of Health (NIH) Web site is the first government Web site to accept such credentials. Online visitors will be able conduct customized library searches, access training material and medical research wikis, and register for conferences while maintaining some privacy protection.

"Think about giving yourself single sign-on capability for all government services," said Ron Carpinella, VP of identity management at Equifax, in a phone interview. "In the current environement, you tend to have multiple user IDs and passwords wherever you go. I have 30 pages of user IDs and passwords because of all the different systems I have to engage with. Now, I can have essentially a single sign-on that can be shared across disparate government service providers. I don't have to register every time and place."

What makes these sorts of credentials compelling is that that they allow users to be authenticated without necessarily being identified. The technology could be used, for example, to allow someone to verify residency -- as a requirement for participation in a given online meeting -- without revealing a name or address.

Microsoft, which has done a lot of work on identity and trust, is conspicuous in its absence from the OIX founding group, but Carpinella says that he expects the company will participate.

As more government Web sites support these credentials, online visitors will be able to interact with these sites without having to register for each one or to remember separate site-specific passwords. Carpinella expects that in time OIX certified credentials will provide access to Web sites for the Department of Health and Human Services, Medicare and Medicaid, and the Social Security Administration, to name a few.

Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll