Identity CoOp
Identity Coop (OpenID Connect, ID Assurance)
Tuesday 3D
Convener(s): Alan Viars
Notes-taker(s): Alan Viars
Tags for the session - technology discussed/ideas considered:
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
We discussed the concept of an “Identity CoOp” where member organizations would trust the identity assurance verification performed by agents/employees of other member organizations.
This would form “Circle of Trust” between Organizations.
The benefit of such a setup in a health care scenario, from a consumers point of view, would to allow a user to authorize access to data from different data sources without having to login to each provider individually (with separate usernames and passwords).
We discussed the potential issues with such a setup. These include:
- Introducing a new Identity Provider would be a heavy lift for data resource providers. In addition these organizations already have existing authentication mechanism and may be apprehensive to trust a 3rd party.
Key Takeaways
- Instead of trying to create a monolithic Identity provider, instead it might make more sense to profile OIDC and encourage organizations to comply with the profile.
- The core component of the profile would be verified person claims pertaining to identity assurance.
- A governance model would be needed to certify IDPs that met the specification and agreed to be part of the CoOp.
- If large IDPs, such as Microsoft, Apple, and Google participated, it could have a wide reach and provide a smoother user experience. This would not exclude a hospital or other data holder to have their own IDP that met the profile and CoOp membership requirements.
- It was unclear how such a model would work from a consumer’s perspective. Whould the login be a very long list of potential places to sign on?
- We discussed the “Interac” model in Canada and Identity brokers.
- Pointers were given to an open source OpenId Connect provider that supported verified person claims. https://github.com/TransparentHealth/vmi