OASIS starts work on online eID standard
The OASIS international open standards consortium has begun work to define a set of standardised protocols that online service providers may use to elevate trust when authenticating eID credentials.
According to the organisation, the goal of the new OASIS Electronic Identity Credential Trust Elevation Methods (Trust Elevation) Technical Committee is to extend interoperability among online service providers (such as banks and health care providers) and make eTransactions easier for end users.
It says the OASIS Trust Elevation protocol will be vendor-neutral and product-agnostic. It will promote interoperability among multiple identity providers as well as among federations and frameworks. The work will reconcile the fundamental gap between credential-based trust approaches, such as those used in eGovernment and transaction risk mitigation-based trust approaches, such as those used in Business-to-Business (B2B) transactions.
The Trust Elevation Committee was formed in response to governments calling for national and global identity infrastructures to be developed through private sector cooperation among providers, users, and subjects of trusted identity systems.
“We are pleased to be a co-founder and convener of the OASIS Trusted Elevation Technical Committee,” says Jeremy Grant, senior executive advisor for Identity Management at the US National Institute of Standards and Technology (NIST). “The group’s focus on identifying and analysing the broad range of products, services and techniques used to ensure high levels of trust in online transactions will help to create new solutions to support the National Identity for Trusted Identities in Cyberspace (NSTIC). The insight gained about how these techniques work – and how well they work – will be a valuable addition to our existing knowledge on using credential-based techniques for assuring high levels of trust in online transactions.”
The OASIS Trust Elevation Committee currently has more than 40 members representing financial services companies, healthcare organisations, government agencies, academia, software providers, and other groups from around the world. The Committee is co-chaired by Abbie Barbir of Bank of America and Don Thibeau of Open Identity Exchange (OIX).
“We intend to analyse and build on what’s out there, re-using existing definitions of policy concepts, such as identity tokens and personally-identifiable data wherever possible,” says Thibeau. “The Committee will provide functional comparisons of alternative assurance level schemes, making it easy to map our trust elevation processes to a wide variety of regulatory frameworks.”
Participation in the Trust Elevation Technical Committee is open to all interested parties. Archives of the Committee’s work are accessible to both members and non-members, and OASIS invites public review and comment.