Int'l Presence of OpenID

From IIW

Issue/Topic: International Presence of OpenID (Strategy Session)

Session: Wednesday 2H

Conference: IIW-11 November 2-4, Mountain View, Complete Notes Page

Convener: Henrik, Sha-Mayn The, Nat Sakimura

Notes-taker(s):

Tags:

Discussion notes:


Goal is to discuss the state of OpenID in Europe and Asia and brainstorm strategy of pushing OpenId in the region.

Note from OpenID foundation director: join the foundation and vote so that OpenID can do something for your region.

Background of the EU situation:

  • Nov 1 German eID
  • July 1 Denmark OCES II
  • (2008) Belgian
  • 2011 Poland
  • 2010/9 wp.pl becomes OpenID provider (largest portal in poland)

Denmark

  • Banking - 2 factor login: user/password/number on the card (150 numbers at a time)
    • tax office is an IDP
    • private identity vs government identity

Germany

  • state-sponsored identity poofing
  • privatized postal service also does manual identity verification
  • Microsoft working closely with German govt as a testbed

In Europe, notion of level of assurance is not well known.

  • Holland has trust framework with 3-4 IDPs and brokers
  • Certified providers not necessarily state-owned
  • Belgium is an exception where government provides credentials

For China

  • state already knows who you are?
  • mainly social networks enabling federated login e.g. tencent (qq), renren. also e-commerce: taobao (IDP), 360buy.com (RP)
  • telcos interested but haven't found the business value
  • a general strategy is to implement OpenID in open source products (most Chinese sites use open source)
  • but need more big IDPs to get big sites interested in becoming RPs. Action item: get AOL, Yahoo, Google etc to write a white paper of why/how it's good to be an IDP

Japan

  • trust framework - Japanese govt just recently published public docs about the need for a trust framework
  • IDPs: docomo/kddi
  • identity proofing by private companies e.g. Yahoo Auctions does door-to-door identity verification.