Identity Standards & Self-Certification

Identity Systems at Scale: The Value of Standards, Certification, Trust Frameworks & Registration

Open standards like HTTP, OAuth, and OpenID Connect allow competing organizations to add value to their services, platforms, and products by ensuring interoperability across commercial, banking and government ecosystems.

Open standards can be a powerful tool set for developers. But identity systems require rules that address liability as well as ensure technical conformance. This presentation is a pragmatic look at ensuring conformance to open standards via self-certification using the groundbreaking OpenID Certification Program as a case study. We’ll look at how technology tools like standards and self-certification can be fit for purpose with governance rules that define the business, legal and technical requirements of identity systems. We'll pay particular attention to how trust frameworks assign and enforce liability in complex identity systems. We'll outline how registering trust frameworks ensure the transparency needed to build and maintain the trust needed in identity systems at scale.

The presentation concludes with presenting current, real world use-case of identity systems at scale. We'll highlight how technology tools and governance rules are enabling global identity projects by taking a close look at the Open Banking initiative in the UK. Open Banking is developing API specifications and standards to give UK consumers and businesses real control of their finances.

Key Takeaways:

• A standard is only as good as its implementations. Therefore, the OpenID Foundation purposefully established a lightweight, low cost self-certification program to help ensure that high-quality OpenID Connect implementations became the norm in the marketplace.
• We’ll continue to look at how trust frameworks assign and enforce liability in complex identity systems building on prior presentations and discussions on this topic.
• Finally, we’ll take a close look at the Open Banking initiative in the UK where API specifications and standards are being developed to give UK consumers and businesses real control of their finances. The end goal is enabling the use of APIs to open up data, processes and business functions to an ecosystem of customers, employees, third-party developers, vendors and partners.

Presentation deck

Identity Systems at Scale: The Value of Standards, Certification, Trust Frameworks & Registration

Click here to download the slide deck. Please note that downloads are only available for event participants and subscribers. You'll need to log in to download it.

When Standards don't Suffice

Implementing or moving to standards is rarely a straight forward effort; rather, the specific use cases of an organization require often more than current standards address. In the face of this gap, it's important to have a process for evaluating when and how to extend existing standards. In this talk we will cover this process in the context of real life examples.

Key Takeaways:

• process to evaluate a use case's applicability to existing standards
• method/principles for extending standards
• example use cases and resolutions

Presentation deck

When Standards don't Suffice

Click here to download the slide deck. Please note that downloads are only available for event participants and subscribers. You'll need to log in to download it.

Improving Security and User Experience Using Open Standards

Presentation deck

Improving Security and User Experience Using Open Standards

Click here to download the slide deck. Please note that downloads are only available for event participants and subscribers. You'll need to log in to download it.