OASIS to Define Trust Elevation Standard for Authenticating e-Identity Credentials
19 Oct 2011 – The OASIS international open standards consortium has begun work to define a set of standardized protocols that online service providers may use to elevate trust when authenticating electronic identity credentials. The goal of the new OASIS Electronic Identity Credential Trust Elevation Methods (Trust Elevation) Technical Committee is to extend interoperability among online service providers (such as banks and health care providers) and make e-transactions easier for end users.
The OASIS Trust Elevation protocol will be vendor-neutral and product-agnostic. It will promote interoperability among multiple identity providers as well as among federations and frameworks. The work will reconcile the fundamental gap between credential-based trust approaches (used in e-gov) and transaction risk mitigation-based trust approaches (used in B2B).
The Trust Elevation Committee was formed in response to governments calling for national and global identity infrastructures to be developed through private sector cooperation among providers, users, and subjects of trusted identity systems.
"We are pleased to be a co-founder and convener of the OASIS Trusted Elevation Technical Committee," said Jeremy Grant, Senior Executive Advisor for Identity Management at the U.S. National Institute of Standards and Technology (NIST). "The group's focus on identifying and analyzing the broad range of products, services and techniques used to ensure high levels of trust in online transactions will help to create new solutions to support the National Identity for Trusted Identities in Cyberspace (NSTIC). The insight gained about how these techniques work--and how well they work--will be a valuable addition to our existing knowledge on using credential-based techniques for assuring high levels of trust in online transactions."
The OASIS Trust Elevation Committee currently has more than 40 members representing financial services companies, healthcare organizations, government agencies, academia, software providers, and other groups from around the world. The Committee is co-chaired by Abbie Barbir of Bank of America and Don Thibeau of Open Identity Exchange (OIX).
"We intend to analyze and build on what’s out there, re-using existing definitions of policy concepts, such as identity tokens and personally-identifiable data wherever possible," said Thibeau. "The Committee will provide functional comparisons of alternative assurance level schemes, making it easy to map our trust elevation processes to a wide variety of regulatory frameworks."
Participation in the Trust Elevation Technical Committee is open to all interested parties. Archives of the Committee's work are accessible to both members and non-members, and OASIS invites public review and comment.
Support for Trust Elevation
"Axiomatics is proud to take part in the OASIS Trust Elevation Technical Committee. As a global leader in context-aware authorization based on XACML, we advocate the use of standards. We believe it is important to provide a standardized baseline for authentication based on electronic identity. We feel it is important to take part in this initiative to raise awareness of the different authentication alternatives and to produce best practices and recommendations for online security."
--David Brossard, VP Product Marketing & Customer Relations, Axiomatics
"As more and more critical transactions take place online, the need for strong and robust identity authentication tools has become more critical than ever. The adoption of interoperable electronic identity authentication technologies at varying levels will enhance security and ease of use for users. We are excited to participate in the newly formed OASIS Trust Elevation Technical Committee, which will examine trust elevation methods in use globally today, and work to identify standard protocols to ensure that trusted transactions can be conducted with multiple partners at different levels of trust."
--Brendan M. Peter, Director, Global Government Relations, CA Technologies
"There is an important connection between the Open Identity Exchange attribute binding pilots Google and Verizon are sponsoring and the OASIS Trust Elevation Technical Committee's work. The OIX pilots could be helpful because they are real time, transparent tests of technology interoperability and the value of user asserted and permissioned attributes in the emerging identity ecosystem. Together, the OIX pilots and the OASIS Trust Elevation Committee work represent important and constructive steps towards new approaches to identity verification for step up multi-factor authentication solutions."
-- Don Thibeau, Chairman and President, OIX
OASIS Trust Elevation Technical Committee
OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence and adoption of open standards for the global information society. OASIS promotes industry consensus and produces worldwide standards for security, privacy, cloud computing, SOA, Web services, the Smart Grid, content technologies, business transactions, emergency management, and other applications. OASIS open standards offer the potential to lower cost, stimulate innovation, grow global markets, and protect the right of free choice of technology. OASIS members broadly represent the marketplace of public and private sector technology leaders, users, and influencers. The consortium has more than 5,000 participants representing over 600 organizations and individual members in 100 countries.
OASIS Senior Director of Communications and Development