On September 2021, more than 150 co-authors released the GAIN Digital Trust whitepaper which called for the creation of a globally interoperable network for high-trust identity assurance. When the OpenID Foundation’s Chairman, Nat Sakimura, announced this international collaboration at the European Identity Conference, he described the authors’ shared vision: An internet where people can trust one another.
The paper itself was a “no logo, pro bono, open source” collaboration among the authors, which included many members of the OpenID Foundation. It was published and remains supported by 5 non-profit organizations who subscribe to its central aims. Along with the OpenID Foundation, those organizations include:
- The Cloud Signature Consortium is committed to driving the standardization of highly secure and compliant digital signatures in the cloud.
- The Global Legal Entity Identifier Foundation enables people and businesses to make smarter, less costly, and more reliable decisions about whom to do business with through its Global Legal Entity Identifier (LEI) System and partner network.
- The Institute of International Finance, in its mission to support the global financial industry, has pursued the Open Digital Trust Initiative with OIDF with the aim of creating a vibrant marketplace for Digital Trust Services to confirm identities and manage risk.
- The Open Identity Exchange is an identity community that seeks to develop the guidance and tools required to enable every individual to have a trusted, universally accepted identity.
GAIN Technical Proof of Concept (POC)
One key benefit of the approach proposed in the white paper is that there are many existing standards to build upon, such as OpenID Connect, Financial Grade API, and OIDC for Identity Assurance. The OpenID Foundation has committed to host the GAIN Proof-of-Concept (POC) Community Group to facilitate implementation of standards and certification tools that support the GAIN vision.
What hypotheses will the POC test?
The POC is pulling together a test bed where key technical hypotheses can be tested over the course of 2022. Since the Community Group is still forming, this list may not be exhaustive and will be updated as new members join and feed into the group.
- A Global Assured Identity Network can be built on top of existing networks and solutions
- Identity Information Providers (IIPs) from different jurisdictions can be part of a network for assured identity
- IIPs with different architectural approaches (e.g. federated, self-sovereign) can pass assured identity data into a network through interoperable interfaces to Relying Parties (RPs)
- IIPs can offer a variety of APIs – built to serve different purposes – into the network
- The network can support multiple protocols – e.g. OpenID Connect, DIDComm, WACI, etc
- RPs can access assured identity data from different IIPs with a single credential and a single technical integration
- RPs can use different authorization flows, e.g. redirect or decoupled
This list is non-exhaustive and under development with the Working Group.
- OpenID Connect Core
- OpenID Connect Federation
- OpenID Connect for Identity Assurance 1.0. – 3rd Implementer’s Draft
- Financial Grade API
- LEI Code Structure
- DNS-Based Service Discovery
- Enrollment in the POC is open to the public including organizations and individuals. If you are interested in becoming a member of the POC, please complete the registration form and sign the Participation Agreement.
- A hardcopy of the Participation Agreement can be found here if digital signature does not work for you.
Online Meeting Venue and Schedule
- Bi-weekly calls on Thursday at 11am UTC
- Bi-weekly calls on Thursday at 7pm UTC
- Location: https://meet.goto.com/520132557
- The most efficient way to monitor GAIN POC activity is by subscribing to the mail list: https://lists.openid.net/mailman/listinfo/openid-gain-poc
- Note that only members that have signed a Participation Agreement are able to publish to the list. All other subscribers are “read-only”.