October is National Cybersecurity Month

October is National Cybersecurity month so a shout out goes to our colleagues at The National Cyber Security Alliance NCSA’s mission is to educate and therefore empower a digital society to use the Internet safely and securely at home, work, and school, protecting the technology individuals use, the networks they connect to, and our shared digital assets. NCSA builds strong public/private partnerships to create and implement broad reaching education and awareness efforts to empower users at home, work and school with the information they need to keep themselves, their organizations, their systems, and their sensitive information safe and secure online and encourage a culture of cybersecurity.

OASIS launched the Electronic Identity Credential Trust Elevation Methods (Trust Elevation) Technical Committee http://www.oasis-open.org/committees/trust-el/charter.php. The initial deliverable is a comprehensive list of current methods to authenticate identities online to the degree necessary for high value and sensitive transactions. This is expected to be a key input to new real world solutions that use a step-up approach to multi-factor authentication. The Technical Committee is Co Chaired by Abbie Barbir, Senior Vice President Bank of America and Don Thibeau of OIX and OpenID Foundation.

OIX Member AT&T has come out with Personal Levels of Assurance (PLOA), a white paper that introduces a new approach for determining transaction-based assurance.PLOA White Paper – v1. This fresh new thinking focuses on determining the lifecycle of LOA settings for an individual based on the current condition of all attribute declarations whether they are validated or not. One of the most significant suggestions in At&t’s approach to federated assurance is de-coupling enforcement points from decision points by adoption of a standard, open protocol. This is the kind of open identity protocol organizations like the OpenID Foundation consider as part of its mission. Even though the technology being implemented may resemble authorization, it is truly speaking to the assurance of the authentication and therefore should be considered a new element to the three A’s.The At&t team postulates that there should be a fourth A added to the typical security list of AAA – Authentication, Authorization, and Audit (AAA) shall be joined by their new sibling Assurance. OIX provides legal and best practices research in online identity particularly in the area of trust frameworks.

Content and contributors to work like this will be featured at the Open Identity Exchange Attribute Summit upcoming meetings in Washington DC on November 9 and 10OIX, Booz Allen Hamilton and Experian to present a panel noting OIX’s growing interaction with EU and UK initiatives like those in the UK Government Cabinet Office, iScheme, federatedbusiness.org, The OIX board will take up the question of how best to engage with tScheme in the UK and discuss the value of a ‘formal partnership’. tScheme was formed over ten years ago as an industry body but with UK Government observers on its board, which gave rise to the term co-regulatory body that is used when describing tScheme’s function. The Government observers are Cabinet Office, Business Information and Skills, department of Work and Pensions and the department for Education. tScheme has thus a long history working with and supporting the UK Government, hence is heavily involved in the current Cabinet Office Identity Assurance Program, as well as the role as the UK’s assurance regime for the Oil & Gas Trust Scheme; the Employee Authentication Scheme for access to Government data by local Authority employees; and the Identity & Access Management program supporting the access to databases relating to Police Intelligence by members of UK Police Forces.

We are entering the implementation phase for one of the most mature and value adding initiatives the Publish Trust Framework in the Open Identity Exchange. We have posted the project update at www.PublishTrust.org for your review.The Publish Trust Project examines the feasibility of adding trust values to online identities for authors of scholarly publications, thus enabling them to reliably aggregate previous and current works and connect with other experts in their field. The first experiment uses VIVO as a semantic identity platform with the OIX Trust Framework to produce two-factor assertions of authorship from scholarly publishers of peer-reviewed works and authors.

The OpenID Foundation and the Open Identity Exchange are sponsoring an Open Identity Summit in Tokyo Japan on December 1. The event is taking place as part of Japan’s Internet week and will feature technical discussions about OpenID Connect and Account Chooser as well as policy and rule making in Japan’s identity ecosystem. The Japanese and South Korean government has initiatives underway similar to the US NSTIC. Please note Howard Schmidt comments at

Advancing the National Strategy for Trusted Identities in …
The White House
The solution proposed by NSTIC is a user-centric “Identity Ecosystem” built on the foundation of private-sector identity providers.