Login

Please login to Techworld.com

Forgot password?
Need your new account confirmation email resent?
Forgot email?

Not a member yet?

Register for a Techworld Account and enjoy unlimited access to our extensive white paper library and exclusive Enterprise multi-user software trials. Account members can also comment on articles and access best practices guides.

Security

Top How-Tos / Advice articles

Google, PayPal launch Open Identity Exchange

Online privacy and security supported

By Ellen Messmer | Network World US | Published: 11:45, 05 March 2010

A group called the Open Identity Exchange officially launched this week to support government guidelines for online privacy and security and undergo certification to assure compliance. Founding members include Google, Equifax, PayPal and Verizon, among others.

According to OIX chairman Dan Thibeau, the organisation was created to show support by the private sector for standards from the US government's Identity, Credential and Access Management (ICAM) Subcommittee of the Information Security and Identity Management Committee established in September 2008 by the Federal CIO Council. ICAM, co-chaired by the General Services Administration and the Deptartment of Defence, is composed of chief privacy officers within the federal government who have agreed on a set of privacy and security policies and technologies related to online interactions with citizens.

The federal government's CIO Vivek Kundra "reached out to private industry on this," Thibeau says, noting Kundra encouraged the formation of OIX as a way to get online service providers on board with the federal government's vision for privacy and security of information related to individuals' email and web interactions.

Thibeau says federal civilian agencies, in particular, want to be able to expand electronic exchanges with citizens under the ICAM-envisioned authentication framework. The initial focus of the OIX effort is related to the simplest, and acknowledged lowest, level of assurance that pertains to privacy issues in interactions such as OpenID-based email that citizens might use with federal agencies.

The privacy issue at stake is that federal agencies, when interacting with citizens online, do not want email or web usage information about individuals to be sold to a third party, nor should that email information be used to advertise to the person, Thibeau says. The membership of the OIX formally agrees to those restrictions, what Thibeau calls "rules and tools", and in addition, OIX members agree to undergo an audit to ensure compliance.

Exact aspects of that are still in review, but OIX anticipates it will publish a list of accredited auditors for this purpose, and it will be up to the OIX members to pay for this process.

Send to a friend

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.