OIDF & GSMA Workshops — Fall 2021

The OpenID Foundation and the GSMA are partnering on a series of workshops during faoo 2021 for the IDG and IDC groups at GSMA responsible for standards development.

Workshop #1: “Strategic Overview of the Identity Landscape, and How OpenID Foundation Standards Help MNOs Serve Their Communities”

Thursday, October 28, 2021

Workshop Overview:

The OpenID Foundation was founded in 2007 to offer interoperable and open identity standards. Standards like OpenID Connect and the Financial Grade API are used in billions of user and entity transactions to support use cases like Login with Google, Microsoft Azure cloud services, and Open Banking in the UK, Brazil and Australia.  The OpenID works with other non-profit standards bodies like the IETF, W3C, FIDO, GSMA, and ISO to ensure our standards “knit into the fabric” of the internet and are globally scalable. Our community of volunteers seek to address some of the most intractable security, private and identity challenges of our time. In this session we will share our view of the identity landscape, and how OIDF standards offer foundation capabilities not only vital to existing identity services, but uniquely positioned to support the identity ecosystem changes ahead. We’ll also introduce one thesis on how structural change can be achieved: the GAIN whitepaper (Global Assured Identity Network) and how MNOs can take part. We’ll also give some examples of roles MNOs may wish to play in this emerging landscape, and how OIDF standards fit, for instance:

    • MNOs that want to be an Identity Service Provider
      • MNO fit: MNOs with strong market leverage in their users lives
      • OIDF Standards: OpenID Connect + MODRNA
      • Live Example: ZenKey  (Verizon, T-Mobile, AT&T joint entity)
    • MNOs that want to Verify Attributes
      • MNO as verifier of user data like mobile number, billing address, etc
      • MNO fit: MNOs interested in monetizing their data, strengthening identity services for the wider ecosystem
      • OIDF Standards: OpenID Connect for Identity Assurance
      • Live examples:
        • BankID, SecureKey in financial services examples
        • GAIN whitepaper as model for MNOs and other regulated entities to offer attribute verification for users and entities in a globally interoperable model for relying parties
    • MNOs that want to Provide signals to other & 3rd party entities
      • MNO fit: Monetize data, strengthening identity services for the wider ecosystem, reducing cost of ownership (MNOs and other entities develop and use this information for internal risk management now, this federates it using standards)
      • Types of signals: e.g. SIM card change, phone number change, etc which a third party entity can consume and use for internal decision making
      • OIDF Standard: Shared Signals & Events
      • Examples:
        • ZenKey signals
        • Google, Amazon, Microsoft effort to exchange signals
    • MNO as a Relying Party for third party identity services   
      • MNO fit: all incremental and step function improvements using emerging data capabilities (government issued IDs, verified claims, interoperable services like GAIN)
      • Benefit: Better user and entity experiences, better risk management/ compliance, potentially lower costs for fraud (e.g. a new device sold to a fraudster), operations
      • OIDF Standards: OpenID Connect for Identity Assurance, OpenID Connect Self Issued Identity Provider
    • MNOs that need to conform to Open Data Regulations   
      • MNO Fit: MNOs in markets like Brazil, Australia, Canada and the UK know that Open Data mandates from their central government are likely in the next 2-5 years. How might Open Banking standards apply to Open Data?
      • OIDF Standard: Financial-Grade API for use in all Open Data use cases
      • Examples:
        • Open Banking in UK, Australia, Brazil, Russia, Germany, US, Canada, Middle East
    • MNO Identity services for employees, systems, and thing
      • Identification of employees, Employee access to applications, permissioned access for third party services to MNO services and vice versa, permissioned access for staff to devices and devices to services (e.g. IoT, fleets, Bring your own device, sharing economy)
      • OIDF Standards: OpenID Connect

Workshop Presenters:

Bjorn Helm (Verizon, Distinguished Member of Technical Staff, & Vice-Chair OpenID Foundation)
Gail Hodges (Executive Director, OpenID Foundation)