For the Record: The IPSIE WG and OpenID Foundation Processes

Published November 14, 2024

We recently shared some exciting news about a new Working Group, Interoperability Profiling for Secure Identity in the Enterprise (IPSIE). However, there have been some misunderstandings in the media coverage that followed the OpenID Foundation’s announcement. The OIDF is keen to clarify our ways of working and affirm that all the usual due processes have been followed during IPSIE's formation. 

Background

  • The OpenID Foundation (OIDF) is committed to a world in which everyone can assert their identity wherever they choose. We do this by defining identity standards that are secure, interoperable, and privacy-preserving.
  • OIDF’s Working Groups, through which much of this work is delivered, are underpinned by trust. They provide a safe space for competing organizations to come together and agree on common rules and practices that will solve mutual challenges. 
  • The outcomes of these groups are OIDF Standards – a culmination of the valuable feedback of all the OIDF members in those groups – which go on to become trusted by millions of organizations across the globe. 
  • All the organizations and individual contributors involved in OIDF’s Working Groups are respected thought leaders in their fields and OIDF is proud to be able to bring together their valuable contributions.

Introducing IPSIE

Last month, seven members of the OpenID Foundation proposed the IPSIE Working Group under a new proposal and charter to the OpenID Foundation Specifications Committee. That proposal was then supported by the Specifications Council, which means that the new IPSIE Work Group would address a new and relevant area of specification development aligned to the OpenID Foundation’s Mission and Vision.

There are many specifications underlying the Identity and Access Management (IAM) functions in enterprise operations. Achieving interoperability between them and optimizing for security is the challenge at the heart of the IPSIE Working Group charter.

The IPSIE Working Group will develop secure-by-design profiles of these existing specifications with a primary goal of achieving interoperability and security-by-design by minimizing optionality in multiple specifications that are used in enterprise implementations.

Key clarifications: 

  • No one entity or member can create an OpenID Foundation Working Group on their own. A minimum of five active members in the OpenID Foundation are required to propose a new Working Group. In the case of the IPSIE Work Group, there were seven proposers, thus conforming to the usual due process. 
  • No single entity or individual controls the substance of the work conducted within a Working Group. The IPSIE Working Group is a collaboration hosted by the OIDF and made up of many member organizations and individuals, including leading global tech firms and startups, who have committed to working together to address this key industry challenge. 
  • The IPSIE Working Group is in its early days, so there is no new security standard yet. This is work in progress and any proposed standards will follow a rigorous process of community contributions, community feedback, and refining as per the OpenID Foundation Process document. 
  • Since there are no IPSIE Specifications yet, there are no products or services on the market that are based on IPSIE specifications or that can be considered conformant to an IPSIE specification. 
  • Proposers are not Contributors or Adopters. Proposers agree to a problem statement and express willingness to collaborate. At the stage of proposing a WG and until Contribution Agreements are signed, no intellectual property has been contributed to the WG.
  • Consensus is a core value of how the OpenID Foundation conducts the development of standards, and the OpenID Foundation follows the World Trade Organization guidelines for standards bodies. No single entity or individual can make a decision for the group.

These distinctions are important. The work of Standards organizations, like the OIDF, the IETF, the W3C, ISO, and others, are all underpinned by trust. Standards organizations provide safe spaces for government, individuals, and private entities - many of whom often compete - to agree upon common rules and practices. This ensures a level playing field and protects businesses and consumers by promoting security and portability. 

As part of the inquiry into the misunderstanding, the OpenID Foundation Board did recognize that we lack a clear policy on how OpenID Foundation members, contributors, and implementers should refer to OIDF processes and work groups in media and marketing channels. We are working actively to close this policy gap to offer the OpenID Foundation community better clarity and avert future misunderstandings. As always, the Foundation values the trust the community places in OIDF processes and specifications and appreciates the lengths our community goes to sustain the trust that helps deliver on our Mission and Vision.  

To become a member of the IPSIE WG you can find more information here

Full information on the OIDF Process Document is here.  

To become a member of the OpenID Foundation link here.  

About the OpenID Foundation

The OpenID Foundation (OIDF) is a global open standards body committed to helping people assert their identity wherever they choose. Founded in 2007, we are a community of technical experts leading the creation of open identity standards that are secure, interoperable, and privacy preserving. The Foundation’s OpenID Connect standard is now used by billions of people across millions of applications. In the last five years, the Financial Grade API has become the standard of choice for Open Banking and Open Data implementations, allowing people to access and share data across entities. Today, the OpenID Foundation’s standards are the connective tissue to enable people to assert their identity and access their data at scale, the scale of the internet, enabling “networks of networks” to interoperate globally. Individuals, companies, governments and non-profits are encouraged to join or participate.
 
Find out more at openid.net.



Tagged