Business Models, Liability and Governance of Internet Identity

One of the key takeaways from the last board meeting was that the Open Identity Exchange (OIX) should take every opportunity to help inform and advance conversations about Internet identity with a focus on governance, liability and business models. This is true in public and private sector engagements in the US (NSTIC), the UK (tScheme), and elsewhere.

Here’s a brief overview in this regard:

Business Models:

OIX plans to build on the business model analysis that Kimberly Little of LexisNexis is now leading as part of the OIX Attribute Exchange Working Group. Kimberly is leading an expanded look at traditional and innovative attribute-based value creation models. Her team will build on the work the ISOC has initiated on attribute exchange in Trust Frameworks, the OASIS Trust Elevation Technical Committee, the proceedings from NIST’s ID Trust Conference, ABA Sub Committee on Identity, and others. Recent developments in public and private sectors in the US and UK show new approaches using postal services, state DMV’s and other traditional sources of public records, as well as innovations employing user-generated public records such as those found in social media websites.


OIX is closely aligned with the NSTIC Federal Funding Opportunity (FFO) grant proposal; “A Bridge of Bridges: Deploying Processes for Integrated Engineered Solutions to Online Liability, Identity Assurance, Security and Privacy,” with the University of Washington’s Center for Information Assurance and Cybersecurity (CIAC). This represents a unique collaboration between computer science, economics, electrical engineering, information science and law, who will join with the OIX, subject matter experts from the legal community, and the Cloud Security Alliance (CSA), to propose a uniquely-conceived, 18-month interdisciplinary research and pilot program to accelerate the development of trusted identities in cyberspace. The project will integrate extensible liability models with technical elements of the identity ecosystem, as conceived by the National Strategy for Trusted Identities in Cyberspace (NSTIC) by working cross-domain among academia, industry and government following the Pasteur Quadrant model. It will also leverage work already under way, such as the “High Assurance Cloud,” B2B online identity assurance systems, tools made publicly available to stakeholders (e.g., OIX), and initiatives for federated identity legal research like the American Bar Association (ABA), Federated Identity Working Group and the Trust Framework Market (e.g., OIX listing service).


The OIX Board of Directors has asked the OIX Advisory Board to review the proposed NSTIC governance structure. We are especially mindful of the potential of the NSTIC Steering Committee. This review and recommendations are important because the OIX Board requires a more complete understanding of NSTIC governance before it can determine if and how the OIX participates in the NSTIC going forward. The US government has drafted charters of the NSTIC Steering Committee, various working groups, management council, privacy committee and other groups intended to achieve its aspirational goals. The hope is that some of the practical, pragmatic and positive set of recommendations offered by the Advisory Committee can be adopted by OIX and other organizations.