Ping Identity > Blogs > PingTalk 

PingTalk Blog

In July, noted identity expert Bob Blakley called the National Strategy for Trusted Identities in Cyberspace (NSTIC) an historic opportunity to re-define identity and access management.

Last week, NSTIC fueled the opportunity by funding with $9 million five organizations (out of 186) that proposed pilot programs.

One of those selected was Criterion Systems, whose pilot proposal for an attribute exchange network (AXN) included a number of supporting organizations and companies including Ping Identity.

Team Criterion plans eight pilots for its program over the next two years that will address creation of the AXN, which ties together identity providers, relying parties and attribute providers into a federation that can more accurately validate an end-user's identity using selected data such as age, address, or mobile phone number aggregated from a number of trusted attribute providers.

The pilot services goals include replacing passwords, allowing individuals to prove online they are who they claim to be, and enhanced privacy.

Funded with nearly $4 million, the pilots involve retail, financial services, healthcare, and government entities. (Note: $1.97 million of the grant has been awarded; the other half hinges of Congressional budget approval in fiscal 2013).

It's a pilot for sure, but not a pie in the sky.

The groundwork was put down last year when ID Dataweb participated in creation of an attribute exchange infrastructure for a project called Street Identity.

The work fostered ID DataWeb's development of an Attribute Exchange Network (AXN), which uses open standards such as OpenID Connect and OAuth 2.0, and a set of open API end-point definitions.

The project eventually moved to trust-framework provider Open Identity Exchange (OIX), which created the Attribute Exchange Working Group (AXWG). The AXWG has ID Dataweb CEO David Coxe as co-chair. Coxe also is the co-founder of Criterion Systems, which provides information security, cloud computing, software development and other services to civilian agencies, the Department of Defense, and the intelligence community.

Criterion will use the ID Dataweb AXN platform and work to scale Street Identity's concepts with data-flow definitions and writing protocol exchanges that protect consent and privacy.

"This is a big generational leap from Street Identity," says Coxe. "It uses the same data flows, but it taps into a network as a means to simplify ramp-on for relying parties." Historically, relying parties, those that accept IDs from ID providers, have been the toughest link to add to the chain that holds together online federated identity. 

"[Ping] software is playing the role of relying party in the attribute exchange flow; initiating the initial OAuth calls to discover attribute providers affiliated with a user and redirecting to the exchange network," says Pam Dingle, senior technical architect in the office of the CTO at Ping Identity. "Then the software also would make requests for verified attributes."

Dingle says the pilot's ultimate goal is to create a model where relying parties can easily navigate the attribute exchange on-ramp and quickly begin asking for and accepting verified attributes.

"But the critical thing for me is that this whole thing remains standards based," she said.

Online enterprises will pay for the services of the attribute exchange, which will generate revenue for attribute providers and identity providers.

Consumers will use the service for free and have the ability to manage their own attributes. End-users will log-in with credentials supplied by their identity providers, such as government agencies, banks, e-mail providers or social network sites.

The user's digital credential, entered once with their trusted provider, will facilitate access across all services. The IDW AXN will support various trust elevation methods including interoperability between an identity provider credential, smart card credentials, and identity linkage to end-user devices, including computers and mobile phones.

According to Criterion Systems, "strengthening online trust will increase the number and speed of online transactions and decrease related risks and costs."

In addition to Ping Identity, technology partners include CA Technologies, Wave Systems, and Fixmo; online identity providers include AOL and Experian; attribute providers include LexisNexis Risk Solutions, Experian, PacificEast and Internet 2 Consortium/In-Common Federation.

Privacy expert Debra Diener and Thomas Smedinghoff, chair of the American Bar Association Identity Management Legal Task Force, also are participants in the pilot program.

In 2009, Inc. magazine recognized Criterion as the nation's No. 1 fastest growing government services company and No. 10 overall on the annual Inc. 500. Criterion is headquartered in Vienna, Va.

For a synopsis on the other four NSTIC pilots check out my story on my ZDNet column Identity Matters.

Add your comment