OpenID Summits Update 1

The OpenID Foundation’s 2011 series of OpenID Summits focus on use cases and topics of interest to key developers, executives and analysts in the identity industry.

The next summit explores security and the user experience in open identity technologies. It is co sponsored by Google and Symantec and will take place at 350 Ellis Street Mountain View, CA on the afternoon of May 2nd preceding the Internet Identity Workshop. We anticipate up to 70 attendees to include a variety of technical teams from Symantec and other Silicon Valley companies. The OIDF and co sponsors are reaching out for fresh perspectives from opinion leaders in the mobile platform, risk management and high assurance/multi factor identity space. We will post an Eventbrite notice soon. Send your suggestions for speakers, panels and topics to

While much attention has been directed at identity providers, we want to frame the OpenID security/user experience issues in a bucket we call relying parties best practices (RPBP)

In December, The Open Identity Exchange (OIX) and the Center for Democracy and Technology (CDT) co sponsored a OpenID Policy Summit with invited experts from the American Bar Association’s Committee on Identity and Harvard’s Berkman Center for Law and the Internet. The May 2nd OpenID Security Summit is the technology counterpoint to the policy work done in Washington DC with the advocacy, academic and legal communities. The focus of both Policy and Security Summits are on RPBP (relying party best practices) a linchpin of any deployment or trust framework especially those involving government agencies. The user experience / security issues of RPBP are a key common denominator as they impact all stakeholders in the ecosystem and relies on OpenID for interoperability across a diverse set of use cases.

We plan to publish a briefing paper providing summaries of the presentations with feedback from the audience, links for more information, etc. The Security Summit paper will report on the Summit’s discussion of RPBP (relying party best practices) and provide an overview of the security concerns of relying parties. In this way we hope to further the understanding of OpenID as it is today and how security concerns will impact OpenID as it evolves.

Don Thibeau
OIDF Executive Director