In an effort to test assumptions and business, legal, and technical operability for the their trust framework, members of the Online Attribute Exchange Trust Framework Working Group have undertaken a series of pilot projects.
Beginning in the fall of 2011, OIX members Google and ID/Dataweb partnered to test a “Street Identity” model that separates identity providers and atrribute providers. In this model there are four parties involved:
- The user
- A “relying party” website that needs to get a trustworthy street address for a user, for example to see if that business has some historical records associated with the user at that address
- An “attribute provider” that has verified the user’s street address of the user, and is trusted by the RP to assert that address
- The user’s main “identity provider” that they most frequently use to login to websites
The end-user experience is that the user logs into the relying party by clicking the button of their identity provider, an agrees to both be logged into that website and to have their street address shared. However behind the scenes the relying party does not get the user’s address from the identity provider. Instead the identity provider gives the relying party a token that it must then send to the attribute provider to get a trustworthy assertion of the user’s street address. The separation of identity provider and attribute provider is the key goal that we want to show in the demos. It provides a lot of potentially powerful capabilities such as:
- Attribute providers charging relying parties for the information provided
- Improved usability on the relying party website by leveraging the user’s relationship with their main identity provider
- Improved control for the user by leveraging the identity provider’s experience with consent flows, and the attribute provider’s experience with special information or APIs.
To read more visit the OpenAXN Street Identity website.
Criterion Attribute Exchange Pilot
This NSTIC-funded pilot seeks to build off off the Street Identity concepts, expanding to previous pilot to include to data-flow definitions and protocol exchanges that protect consent and privacy. The Criterion Systems-led features OIX members ID/DataWeb, AOL, LexisNexis, Experian, CA Technologies, Ping Identity, PacificEast, and Wave Systems among others.
For more information read the Criterion White Paper: Federated Online Attribute Exchange Initiatives.