OpenID » Don Thibeau

Introducing the 2011 OpenID Community Board Representatives

Amanda Richardson — Fri, 17 Dec 2010 01:47:34 +0000

Dear Members,

Thank you for voting for those who will represent you at this pivotal time for OpenID. This is to introduce the newly elected community directors of the OpenID Foundation Board. In 2011 Brian Kissel and Allen Tom will be fulfilling the second year of their terms as community representatives. Marc Frons has resigned from the second year of his service because of pressing business issues at the New York Times.

Mike Jones, Chris Messina, Nat Sakimura and John Bradley bring deep domain expertise in online identity to their board service. I think it’s fair to say their election reflects a community-wide acknowledgement of the consistency and quality of their contributions in recent years. The election of Kick Willemse and Axel Nennker signals an important shift towards more international leadership on the board. At last week’s Identity Next Conference and at the Identity Summit in Geneva, Nat, John, Kick and Axel led discussions expanding a more global view of OpenID’s adoption and updating its technology with our colleagues in the EU. Nat, Mike, Kick and John have been elected to two years terms. David Recordon will represent Facebook in 2011.

It’s important to acknowledge the contributions of Luke Sheppard, Mike Ozburn, Dick Hardt, Joseph Smarr, Daniel Jacobson and Rob Harles. Each contributed the energy, talent and diversity of views that makes the foundation an occasionally frustrating, increasingly complex and unique resource in online identity. Because of their efforts, the 2011 board starts the new year with a mandate for building momentum around the merged AB/Connect working group and the restructuring the OIDF to be a more effective, more international organization.

Technology development and board deliberations rarely follow a graceful upward curve. With the push/pull of competing business models and the cross jurisdictional impact of online identity, it’s easy to underestimate the time and commitment required of directors to reconcile corporate, community and global interests in a rapidly changing identity ecosystem. The board has important work to do right from the start of 2011. It must leverage and deploy the unique assets of the foundation, its leadership as a convener of OpenID Summits, its authoritative voice in standards development, and most importantly its growing worldwide community.

This is to you to engage with this new board from the start. We will soon publish a calendar of OpenID Summits, reorganize our governance and advance the utility of our “product” through the AB/Connect working group. Blog your views at openid.net, serve on work groups and contribute to the development of one of the most important technologies of our time.

Don Thibeau
Executive Director

From the Executive Director: Notes from Washington, DC

Amanda Richardson — Thu, 23 Sep 2010 23:45:09 +0000

As mentioned earlier on some of the foundation’s lists, the National Center for Biotechnology Information, division of National Library of Medicine/NIH, has deployed a hybrid login using multiple options including Google, Verisign and PayPal via OpenID, NIH proprietary, eRA, and Shibboleth. The National Center for Biotechnology Information (NCBI) hybrid login facility is just one example of the leadership NIH has shown in identity management in the government space. Other OpenID providers are also in the process of being certified for use on the NCBI website.

Google’s work at the NCBI/NIH is an example of collaboration fostered by the OpenID Foundation over the two years. The NIH, OpenID Foundation and participating community members and companies have recently begun some exciting work to disambiguate authors of scholarly works using the OIX Trust Framework, the newly formed Open Researcher & Contributor ID (ORCID) organization and the National Library of Medicine. NIH/NLM is part of a public private effort to use OpenID and other protocols to help validate authorship. I encourage those interested to become engaged with this transformative work.

The National Institutes of Health (NIH) have a history of innovation in the area of federated identity management. It has accepted Shibboleth logins from the InCommon federation for over two years, and added OpenID support this year. The OpenIDs it accepts have been certified by the Open Identity Exchange (OIX) to meet the requirements of the Federal Identity, Credential, and Access Management (FICAM) subcommittee of the Federal CIO Council. Google, PayPal, and other OpenID identity providers were among the first to be certified under the FICAM schema.

NIH offers an innovative federated login service called iTrust, that provides a proven and cost-effective federated login solution to departments and agencies across the federal government. Since June, there have been 18,900 new NIH iTrust user logins, 77% of which are OpenIDs. This is even though there was no announcement of the new login capability. Via iTrust, NIH is openly encouraging other agencies to adopt the use of OpenID and other portable identity credentials. The NIH, OpenID Foundation member companies are playing a key role in the future of online identity for this global community of authors, librarians and researchers.

theSocialWeb.tv on the launch of the Open Identity Exchange

Chris Messina — Tue, 09 Mar 2010 19:48:22 +0000

theSocialWeb.tv visits Citizen Space in San Francisco during the RSA Conference to sit down with Don Thibeau of the OpenID Foundation and Drummond Reed of the Information Card Foundation to discuss the launch of the Open Identity Exchange, the result of a year-long collaboration between the two foundations.

John McCrea and Chris Messina dive into the details of this announcement and what it means for the social web.

You can also download the video to watch it later.

OpenID Foundation and Information Card Foundation publish vision for open government through open identity technologies

Chris Messina — Thu, 13 Aug 2009 17:00:15 +0000

Announce availability of joint white paper: “Open Trust Frameworks for Open Government“

Washington, D.C.—August 13, 2009–The OpenID Foundation (OIDF) and the Information Card Foundation (ICF) announced today they have published a white paper outlining their approach to open trust frameworks for certification under the U.S. General Services Administration’s Trust Framework Adoption Process (TFAP). Open trust frameworks provide a way for citizens to easily and safely engage with government websites: a key step in making open government a reality.

“Open trust frameworks are the way to bridge open identity technologies like OpenID and Information Cards with the trust requirements of large communities such as the U.S. Federal Government,” said Drummond Reed, executive director of the Information Card Foundation. “They are a practical solution to enabling government agency websites and applications to accept identities from non-governmental identity providers. This reduces friction and lowers costs while at the same time increases security and privacy.”

“The fact of the matter is you can’t have open government with broad citizen engagement without trust frameworks and open standards,” adds Don Thibeau, executive director of the OpenID Foundation. “OpenID and Information Cards offer an open standards approach for achieving this via the Internet and other public networks.”

The paper, “Open Trust Frameworks for Open Government” and coauthored by Thibeau and Reed, is available for download at the OpenID Foundation and The Information Card Foundation websites. More information on U.S. General Services Administration’s Trust Framework Adoption Process is available on the government’s IDManagement.gov website.

-more-

About the OpenID Foundation
OpenID Foundation (OIDF) is a non-profit open source community whose mission is to drive the broad adoption of OpenID technology. The Foundation fosters and promotes the development and adoption of OpenID as a framework for user-centric identity on the Internet. OpenID allows users to sign in to multiple websites without needing to create new passwords. OIDF is headquartered in San Ramon, Calif. www.openid.net

About the Information Card Foundation
The Information Card Foundation is an international non-profit whose mission is to advance simpler, more secure, and more portable digital identity on the Internet. Information Card technology gives users greater control over personal information while at the same time enabling more beneficial digital relationships with businesses. Steering members of the foundation include Deustche Telecom, Equifax, Google, Intel, Microsoft, Novell, Oracle, and PayPal. ICF is headquartered in Boston, MA. Visit the ICF website at www.informationcard.net.

Interview with Don Thibeau, OIDF’s Executive Director

Chris Messina — Mon, 10 Aug 2009 21:15:29 +0000

This is an interview framed by Chris Messina, an OpenID board member and elected community representative with Don Thibeau, Executive Director of the OpenID Foundation.

So, how have your first months with the foundation been?

Fast paced—I am amazed at the level of activity, complexity of issues and the volume of opinions. The Foundation is evolving rapidly from within; the range of membership interest is increasing. While from the outside; the diversity of adoption and adopters is exploding. It’s a wild ride.

OpenID is surfing huge wave of mainstream interest in social media, in open government and in industry positioning for open web realities. I’ve kept a low profile for three reasons. One: there are much better evangelists in the community than me; two: I’ve been tending to legal, financial, “plumbing” issues. We needed to fix the “foundation of the foundation” to respond to legitimate demands from the community for more services and better tools at the same time as giving member companies the accountability they require. Lastly, the CIO of the government called the OpenID board to a meeting in Washington to ask for our help with the President’s “Open Government” initiative. It was a memorable meeting for two reasons; it took place at the White House Conference Center and I’ve never seen OpenID Foundation board members wearing suits and ties.

What kind of unexpected challenges and opportunities have you encountered?

I knew I had a cool job when a friend mentioned NASA was using OpenID to task satellites. Like many agencies, NASA Goddard has been experimenting with the use of various open standards (Geospatial and others) including OpenID and Information Cards. We are also hearing from state, local and foreign governments about their desire to use OpenID. Maybe because I live in DC, I see the OIDF participation in government standards or “sausage making” as common sense. GSA, NIST and other government forums are exactly where collaboration is expected and beneficial to OpenID. All the while, I’ve been playing catch-up to make the Foundation run smoother. I live in Washington D.C. and work with Board members on the East and West coasts, in Bangalore and Tokyo. These challenges come with the territory. So, I am long on opportunities and short on time.

How do you feel about the progress you and the rest of the board have made in the past months?

One clear consensus view is we want more done sooner. It’s a good problem. It reflects the dynamism of today’s identity ecosystem and the pressure we all feel to the have Foundation matter on issues we care about. For good reasons and bad, all too often the Foundation operated at a suboptimal level. Now we are working to improve the quality of membership services, specification processes and web tools. The engine of the OIDF remains its working groups and committees. We live and die by the level of community participation and the quality of Board leadership.

While there are boards with members with fancier titles, the OpenID Board is made up of people responsible for getting things done in their companies and among their peers. This Board is still new; a mash up of companies, personalities and passions. My job is to be an honest broker of ideas and build an environment so we can stay focused on a protocol specific agenda and add value in this rapidly evolving identity ecosystem.

Let’s get in to some specifics: you mentioned that one of your top three priorities was to “build a foundation for growth” by making sure that the “Foundations’ finances and governance issues are solid”. Can you elaborate on specific steps that you’ve taken so far and what kind of progress you’ve made?

First, we’ve outsourced all non-essential functions like accounting, administration, etc. to companies that do that for a living for other open standards groups. This gives member companies the accountability they require to contribute financially and the community the confidence they need to contribute expertise. Second, we’ve put our money where our mouth is. The budget invested scarce resources in only those plans that protect IP, promotes adoption and evolves OpenID. As Raj Mata, our treasurer said; “We will not have a “feed the beast” budget.” The Board agreed to fund only those things a Foundation like ours can and must do.
The investment in “plumbing” will result in easier “on ramps” for individual members and corporate sponsors. Memberships will be processed faster, budgeting standardized. Better tools for committees and working groups are some of our success metrics. I need to demonstrate the OIDF’s capacity to provide thought leadership and tangible participation benefits. Chris Messina is leading a volunteer effort with Michael Olson (of JanRain) and “Content Wrangler Extraordinaire” Amanda Richardson to update our web workplace and community participation.

Now let’s cover some specific areas of emphasis for OpenID. What can you tell us about the progress with improving OpenID’s usability?

This is a key concern throughout the community. We have to do better. We are planning a series of usability events in the fall. These will focus on usability in government adoption as well as in new areas of adoption. We are planning open use case workshops with the National Institutes of Health, the National Library of Medicine and the National Cancer Institute to refine interoperability and look at usability through the eyes of scientists collaborating worldwide. Luke Shepard of Facebook and Alan Tom of Yahoo, our usability committee co-chairs, are looking at several options in the Bay Area to bring new energy and approaches to OpenID usability. Google has long standing and deep domain expertise in usability and our efforts can now include new players like Sears and Kmart. I know the developers in “My-Sears” usability labs in Chicago are looking forward to meeting their peers in the Bay Area and throughout the community.

OpenID’s growth has been exponential, but its adoption has been asymmetrical. Usability is the key to a more balanced evolution. We need more relying parties involved in this adoption dynamic than we’ve seen to date. But as with security, I believe the more platforms are built where OpenID can be used, the more value gets created. It will be fascinating to see how this “network effect” plays out.

What’s new with OpenID, security and privacy?

With the growing mainstream interest in OpenID comes good and bad. We are open to misunderstanding from non-technical audiences and increased scrutiny by privacy advocates and interest groups. I think OpenID can benefit from the mainstream media’s excited embrace of social web tools and therefore be enriched by mainstream adoption. I am a fan of Facebook’s Tim Sparapani, a former civil liberties attorney. He is one of the most articulate voices in the community on privacy. In many ways, privacy has become a commodity. Travelers exchange it for safety; celebrities exchange it for well, celebrity, and we all exchange it for a few cents off at the checkout aisle in the Safeway. We know that the social web is, by definition, interactive, that it takes information about what I’m typing in order to send things to me.

Privacy is an issue. It is not a crisis. The industry has done the right thing by getting ahead of this curve and saying, we have to be able to be part of a coordinated effort to address the public and address people in Washington DC, especially those interested in “open government.” One of the principles the Board wants to embed is a self-regulatory, self-certifying system. We’re committing to collaborating with the entire identity ecosystem in order to educate the public continuously about both benefits and risk mitigation.

Security is another issue the Board has invested in. The government interest in OpenID forces a deep dive into these issues. I am reminded daily about OpenID’s security challenges. I welcome the worries. It’s understandable given the denial of service attacks we’ve seen recently. My response is an invitation to join the effort to shape our standard. OpenID is a new protocol it is undergoing a rigorous real time shakedown. Andrew Nash, a board member of both the OpenID and Information Card Foundations, put together a team at PayPal to help OpenID get traction in of our toughest challenges. That’s the kind of leadership that will help get traction on one of the Foundation’s highest priorities.

Lastly, what should we be looking forward to over the next three to four months?

Some call government adoption the “mother of all use cases.” We been collaborating with ICF and other groups on a theme we call “Open Trust Frameworks for Open Government.” Our working hypothesis is the US Government’s pilot adoption of OpenID protocols is a “forcing function” and will yield benefits throughout the open identity community. As a forcing function, the government’s technical “profile” for OpenID and accompanying certification requirements (Trust Framework Adoption Program) are, in effect, use case constraints. I believe the size, influence and market value of a government wide adoption offers timely, material and strategic benefits to member companies and the community at large. OpenID OPs who want to participate in adoption of OpenID “are forced” ( no one forces Google to do anything…) to complete a set of tasks based on the GSA’s limited, paired down set of technology features, certification requirements and privacy controls.

The OpenID Foundation and other identity protocol organizations have invested significant resources in this public/private collaboration. These industry leading groups have clear expectations of significant positive returns in several areas. Vivek Kundra, US CIO told the OIDF that the government intends to leverage the large and growing OpenID installed base and corporate sponsorship to further its open government goals. So the OIDF believes this forcing function will further its mission by accelerating adoption and improving and streamlining how government agencies, contractors and citizens use OpenID.

But only time will tell, this public/private industry initiative will be successful if the current collaboration expands to meet the increased challenges of the next phase: a public-facing launch of our open trust framework and pilot programs at the NIH and other agencies.