Open Identity Exchange OIX
The Open Identity Exchange (OIX) is a technology agnostic, non-profit trade organization of leaders from competing business sectors focused on building the volume and velocity of trusted transactions online. OIX enables members to expand existing identity services and serve adjacent markets. Members advance their market position through joint research and engaging in pilot projects to test real world use cases. The results of these efforts are published via OIX white papers and shared publically via OIX workshops.
OIX members work together to jointly fund and participate in pilot projects (sometimes referred to as alpha projects). These pilots test business, legal, and/or technical concepts or theory and their interoperability in real world use cases.
OIX operates the OIXnet trust registry, a global, authoritative registry of business, legal and technical requirements needed to ensure market adoption and global interoperability.
The partnership eventually developed a trust framework model. Further meetings were held at the Internet Identity Workshop in November 2009, which resulted in OIDF and ICF forming a Joint Steering Committee. The committee’s task was to study the best implementation options for the newly created framework.
The US Chief Information Officer recommended the formation of a non-profit corporation, the Open Identity Exchange (OIX). In January 2010, the OIDF and ICF approved grants to fund the creation of the Open Identity Exchange. OIX was the first trust framework provider certified by the US Government. Booz Allen Hamilton, CA Technologies, Equifax, Google, PayPal, Verisign, and Verizon, all members of either OIDF and ICF, agreed to become founding members of OIX.
The Open Identity Exchange was formed in 2010 and addressed the increasing challenges of building trust in online identity:
- Relying Parties must be able to trust that the Identity Provider is providing accurate data
- Identity Providers must be able to trust that the Relying Party is legitimate (i.e. not a hacker, phisher, etc.)
- Direct RP-to-IDP trust agreements are a common solution, but are impossible to manage at Internet scale