The Cover PagesThe OASIS Cover Pages: The Online Resource for Markup Language Technologies
SEARCH | ABOUT | INDEX | NEWS | CORE STANDARDS | TECHNOLOGY REPORTS | EVENTS | LIBRARY
SEARCH
Advanced Search
ABOUT
Site Map
CP RSS Channel
Contact Us
Sponsoring CP
About Our Sponsors

NEWS
Cover Stories
Articles & Papers
Press Releases

CORE STANDARDS
XML
SGML
Schemas
XSL/XSLT/XPath
XLink
XML Query
CSS
SVG

TECHNOLOGY REPORTS
XML Applications
General Apps
Government Apps
Academic Apps

EVENTS
LIBRARY
Introductions
FAQs
Bibliography
Technology and Society
Semantics
Tech Topics
Software
Related Standards
Historic
Created: June 24, 2008.
News: Cover StoriesPrevious News ItemNext News Item

Information Card Foundation Formed to Support User-Centric Digital Identity.

Contents

Equifax, Google, Microsoft, Novell, Oracle, and Paypal have announced the formation of the Information Card Foundation (ICF) as an independent, not-for-profit organization designed to advance the adoption and use of Information Cards across the Internet. ICF's mission is to advance the use of the Information Card metaphor as a key component of an open, interoperable, royalty-free, user-centric identity layer spanning both the enterprise and the Internet.

Information about ICF is provided through a 2008-06-24 press release, in web site documents, as well as through blogs and mailing lists. ICF is is working with or is planning to work with other supporting organizations, including: Concordia, The Fraunhofer Institute FOKUS, Identity Commons, Liberty Alliance, OpenID Foundation, and Open Source Identity Systems (OSIS). In principle, ICF working groups will collaborate with other identity-related organizations: "(1) Protocol, specifications and standards groups; (2) Organizations that promote user-centric identity principles; (3) Other groups to perform iteroperability certification tests in a pragmatic, inclusive process wherever possible to minimize cost and time-to-market, while meeting a quality metric." ICF is also affiliated with Identity Commons as a working group; this means ICF agrees to operate under the shared principles of all Identity Commons working groups.

The founding members of the Information Card Foundation "represent a wide range of technology, data, and consumer companies. Equifax, Google, Microsoft, Novell, Oracle, and PayPal, are founding members of the Information Card Foundation Board of Directors. Individuals also serving on the board include ICF Chairman Paul Trevithick of Parity, Patrick Harding of Ping Identity, Mary Ruddy of Meristic, Ben Laurie, Andrew Hodgkinson of Novell, Drummond Reed, Pamela Dingle of the Pamela Project, Axel Nennker, and Kim Cameron of Microsoft. Additional founding members are Arcot Systems,Aristotle, A.T.E. Software, BackgroundChecks.com, CORISECIO, FuGen Solutions, the Fraunhofer Institute, Fun Communications, the Liberty Alliance, Gemalto, IDology, IPcommerce, ooTao, Parity, Ping Identity, Privo, Wave Systems, and WSO2."

Published ICT ByLaws, IPR Policy, and Contribution Agreements govern the activities of ICT Working Groups. Working Groups may be proposed by Steering and Sponsor level members. All members may participate in a Working Group. Working Groups are designed to be temporary, and stay formed until the deliverables specified in their application are completed. "The IPR Policy covers the activities conducted by working groups. The ByLaws and IPR Policy stipulate that it requires a unanimous vote by the Board of Directors to create a specification. The IPR Process stipulates that it takes a supermajority (two-thirds - 2/3) to reference a specification (which would typically not be created by the ICF) as an ICF Recommendation. Normal working groups can be created by a simple majority board vote, and will produce whitepapers, reports, best practices documents, and other deliverables."

Information Cards, according to the ICF FAQ document, are the "digital, online equivalents of your physical identification credentials such as a drivers license, passport, credit card, club card, business card or a social greeting card. Users control the distribution of their personal information through each Information Card. Information Cards are stored in a user's own online wallet (called a 'selector') and 'handed out' with a mouse click just like a physical ID card."

Information Cards can be used to "log in to websites with a single click, create relationships with those you want to do business with, manage your personal data in one place that only you and those you allow have access, wield the claims that other people and institutions say about you, and prove that you are who you say you are without revealing details using trusted identity providers."

"For example, when logging into an alumni web site, an Information Card-carrying alumnus can simply click on his or her school alumni Information Card, rather than trying to remember his/her user name and password. When buying wine on-line, a user can present a 'I am over 21' card to the wine merchant backed by age verification from a trusted identity provider, e.g., a driver's license issuer or an age verification service. The actual birthdate information need not be revealed or recorded by the merchant."

"Information Cards can be issued to users by organizations for general or specific use. Users can also create their own Information Cards as a shortcut to avoid the endless process of filling out web forms. But more importantly, the infastructure behind the cards allows for trusted sources (a bank, a credit union, a government office, etc.) to verify specific information ('claims') made by a user. In other words, Information Cards give users the ability to make claims about themselves, verified by qualified third parties, while using the Internet."

In "A Personal Perspective on the Information Card Foundation Launch," Microsoft's Mike Jones refects on digital identity aspirations formulated in 2005 white paper ("Microsoft's Vision for an Identity Metasystem"), noting the significant groundwork that has been laid for the formation of the Information Card Foundation:

"... the identity industry saw it as vitally important, and made it happen through concerted, cooperative effort. Key steps along the way included the Laws of Identity, the Berkman Center Identity Workshops in 2005 and 2006, the establishment of OSIS, the formation of the Higgins, Bandit, OpenSSO, xmldap, and Pamela projects, publication of the Identity Selector Interoperability Profile, the Open Specification Promise, the OSIS user-centric identity interops, the OpenID anti-phishing collaboration, the Information Card icon, and of course numerous software releases by individuals and companies for all major development platforms, including releases by Sun, CA, and IBM.

Of course, despite all the groundwork that's been laid and the cooperation that's been established, the fun is really just beginning. What most excites me about the group of companies that have come together around Information Cards is that many of them are potential deployers of Information Cards, rather than just being producers of the underlying software."

Information Card Foundation Goals

From the ICF web site:

In order to fulfill its mission, the ICF will:

  • Promote interoperability via recommendations, technical interop events, and working group reports for Information Card technology, policy, and user experience
  • Provide guidance and support for projects advancing Information Card infrastructure on the widest possible range of platforms, including freely available open source implementations
  • Encourage the development of policy frameworks, identity rights agreements, auditing mechanisms, and other means of ensuring that Information Cards meet social and legal requirements
  • Engage in promotional and marketing activities to encourage the adoption of Information Cards
  • Create and maintain an open community portal that:
    • Provides easy access to tools and resources about Information Cards
    • Supports a community of designers, architects, and developers working on Information Card-based projects, protocols, and applications
    • Promotes Information Cards to users, sites, communities, governments, and any other interested audience

Rationale for the Information Card Foundation

From the ICF FAQ document:

Why is the needed? When the Internet began, there was no need for an identity verification system. But today the Internet has grown from simply a network of university and government research computers to an essential part of our international economic ecosystem. As a 1990's cartoon famously said, "on the Internet no one knows you're a dog," and that's the problem. There is no way for you to assert claims about yourself, verified by qualified 3rd parties. Businesses need to obtain and store more personal information to minimize their risk. Criminal phishing exploits this weakness. We each have to remember and store dozens if not hundreds of usernames and passwords, or default to a few, often left exposed so we can easily find them. Identity theft is a thriving business. Fraud dampens economic growth.

No single company can succeed in building a user-centric, vendor-independent, platformneutral identity framework by itself. Furthermore, no single entity can be trusted to handle all the identity information associated with each person. The goal of the ICF is to help create the infastructure components that enable our complex and messy economic and social networks to support at least the same set of identity capabilities online as they have offline. Similar to the development of our transportation infastructure of roads, traffic signals, sidewalks, bike paths, etc., our digital lives need a way for us to prove we are who we say we are without revealing more than is necessary, and with mutual control for making or severing our business and social digital interactions. Doing this requires a community of dedicated individuals — architects, designers, developers, users — together with businesses that cross technological, financial and commercial fields...

Blogs, News (Selected)

  • "A Personal Perspective on the Information Card Foundation Launch." By Mike Jones (Microsoft). Blog: 'Self-Issued: Musings on Digital Identity'. June 24, 2008. "The Internet is still missing a much-needed ubiquitous identity layer. The good news is that the broad industry collaboration that has emerged around Information Cards and the visual Information Card metaphor is a key enabler for building it, together in partnership with other key technologies and organizations." See also the excerpt above.

  • Information Card Foundation Formed." By Kim Cameron. Blog; Identity Weblog. June 24, 2008. "It's a great day for Information Cards, Internet security and privacy... I enjoy having been invited to join the foundation board as one of the representatives of the identity community, rather than as a corporate representative; Mike Jones will play that role for Microsoft. Beyond the important forces involved, this is a terrific group of people with deep experience, and I look forward to what we can achieve together. One thing for sure: the Identity Big Bang is closer than ever. Given the deep synergy between OpenID and Information Cards, we have great opportunities all across the identity spectrum..."

  • "A Unifying Visual Metaphor." By Charles Andres (ICF Executive Director). Blog. June 24, 2008. "The prospect of digital identity working at Internet scale — and Internet strength — has occupied the attention of many in the industry for the better part of a decade. Perhaps that should come as no surprise: cross-domain authentication and authorization has long been one of the thorniest problems in networking... Inspired by [previous] efforts, the growing Information Card community realized that to bring this metaphor to full fruition required taking the same step: coming together into a common organization that would unify our efforts to create an interoperable identity layer. From one perspective this could be looked at as completing the 'third leg of the stool' of what is often called the Venn of Identity (SAML, OpenID, and Information Cards). But from another perspective, you can see it as one of the logical steps needed towards the cooperative convergence among identity systems and protocols that will be necessary to reach a ubiquitous Internet identity layer — the layer that completes the hat trick..."

  • "The Information Card Foundation: Helping Scale Mount Identity." By Drummond Reed. Blog (Equals Drummond). June 24, 2008. "YAF? ('Yet Another Foundation?')... Last spring I had the pleasure of working with Eve Maler on an IEEE article called the Venn of Identity, based on Johanne's Ernst's original diagram of the three 'pillars' of Internet identity development: SAML/ID-WSF, OpenID, and information cards. The paper was an opportunity to compare and contrast the strengths and weaknesses of all three approaches. I could not leave it without the feeling that the ultimate solution — the 'TCP/IP of identity' as it is often called — lies somewhere in the overlapping middle... I'll sum it up this way: ever since the 'i-card' session at the Berkman Identity Mashup in June 2006, I've been convinced that identifiers (OpenID) and claims (information cards) are both essential tools for scaling the mountain. And I've always felt that assertions (SAML) and identity services (ID-WSF) could not be left behind either. So while it may appear from a distance like introducing the Information Card Foundation adds another divergent element to an already confusing landscape, I see just the opposite..."

  • "ICF — Information Card Foundation." By Pamela Dingle (Pamela Project and Nulli Secundus). Blog. June 25, 2008. "... It has been a real eye opener to see this entity come to exist, and to see the huge commitment that has been necessary to attain organizational escape velocity. To me, the ICF is about enablement. We now have a place where interested parties can collaborate to create value; a place with a well-defined legal context, and the ability to allocate funds to achieve community goals. I believe that we have a good mix of people contributing to the ICF at the governance level: we have zealots & skeptics, dreamers & realists, Enterprise representation as well as Consumer representation, protocol people & implementers, big business and grassroots organizations. I think this kind of diversity will keep us from drowning in our own self-made koolaid..."

  • "Getting beyond passwords..." By Jonathan Marsh. Blog: Design by Committee. June 25, 2008. "...great news - I think InfoCards have the potential to solve some real problems with managing identities and securing them against theft. Despite the client-side technology being available in Vista for a year plus, we're still slow to see installations emerge in the marketplace. The only use I make of InfoCard (and then still pretty rarely) is in the WSO2 Mashup Server, which has both InfoCard and OpenId support (though you can use an old fashioned username/password). Managing identity and security without complicating the user experience is still a challenge. I'm hoping the Information Card Foundation can encourage broadly useable solutions as it gets rolling..."

  • "Beyond Microsoft — Information Card Foundation Announced." By Martin Kuppinger. Analyst Report.

  • "Technology Leaders Favor Online ID Card Over Passwords." By Laurie J. Flynn. From New York Times June 24, 2008.

  • "What the Heck is Information Card Foundation?' By Joe Wilcox. From Microsoft-Watch. June 23, 2008.

  • "Information Card Foundation Launched." By Robert Vamosi. From CNET News.com. June 23, 2008.

From the Announcement

June 24, 2008. Australia, Canada, France, Germany, India, Sri Lanka, United Kingdom, United States. [complete text, with links]

An array of prominent names in the high-technology community today announced the formation of a non-profit foundation, The Information Card Foundation, to advance a simpler, more secure and more open digital identity on the Internet, increasing user control over their personal information while enabling mutually beneficial digital relationships between people and businesses.

Led by Equifax, Google, Microsoft, Novell, Oracle, and PayPal, plus nine leaders in the technology community, the group established the Information Card Foundation (ICF) to promote the rapid build-out and adoption of Internet-enabled digital identities using Information Cards.

Information Cards take a familiar off-line consumer behavior — using a card to prove identity and provide information — and bring it to the online world. Information Cards are a visual representation of a personal digital identity which can be shared with online entities. Consumers are able to manage the information in their cards, have multiple cards with different levels of detail, and easily select the card they want to use for any given interaction.

"Rather than logging into web sites with usernames and passwords, Information Cards let people 'click-in' using a secure digital identity that carries only the specific information needed to enable a transaction," said Charles Andres, executive director for the Information Card Foundation. "Additionally, businesses will enjoy lower fraud rates, higher affinity with customers, lower risk, and more timely information about their customers and business partners."

"The creation of the ICF is a welcome development," said Jamie Lewis, CEO and research chair of Burton Group. "As a third party, the ICF can drive the development of Information Card specifications that are independent of vendor implementations. It can also drive vendor-independent branding that advertises compliance with the specifications, and the behind-the-scenes work that real interoperability requires."

The Information Card Foundation will support and guide industry efforts to enable the development of an open, trusted and interoperable identity layer for the Internet that maximizes control over personal information by individuals. To do so, the Information Card infrastructure will use existing and emerging data exchange and security protocols, standards and software components.

Businesses and organizations that supply or consume personal information will benefit from joining the Information Card Foundation to improve their trusted relationships with their users. This includes financial institutions, retailers, educational and government institutions, healthcare providers, retail providers, travel, entertainment, and social networks.

The Information Card Foundation will hold interoperability events to improve consistency on the web for people using and managing their Information Cards. The ICF will also promote consistent industry branding that represents interoperability of Information Cards and related components, and will promote identity policies that protect user information. This branding and policy development is designed to give all Internet users confidence that they can exert greater control over personal information released to specific trusted providers through the use of Information Cards.

"Liberty Alliance salutes the open industry oversight of Information Card interoperability that the formation of ICF signifies," said Brett McDowell, executive director, Liberty Alliance. "Our shared goal is to deliver a ubiquitous, interoperable, privacy-respecting federated identity layer as a means to seamless, secure online transactions over network infrastructure. We look forward to exploring with ICF the expansion of the Liberty Alliance Interoperable(tm) testing program to include Information Card interoperability as well as utilization of the Identity Assurance Framework across Information Card deployments."

As part of its affiliations with other organizations, The Information Card Foundation has applied to be a working group of Identity Commons, a community-driven organization promoting the creation of an open identity layer for the Internet while encouraging the development of healthy, interoperable communities.

Updates

  • [November 13, 2008] "Equifax Unveils Online Identity Card. Designed to Help Businesses Lower Fraud Risk, Strengthen Customer Relationships." Announcement. — Equifax Inc. has unveiled the Equifax online identity card or I-Card, with a beta test of a first-of-its-kind digital identity management solution that is designed to make online transactions easier and more secure for both consumers and businesses. Information cards (I-cards) are the online equivalent of a driver's license, passport, or similar ID and allow consumers to 'click-in' to web and e-commerce sites that accept the I-card and conduct online transactions with greater security and control and without having to fill in forms or remember multiple passwords. It is anticipated that this ease-of-use and security will, over time, facilitate relationships between consumers and businesses by reducing the need for companies to retain customers' personal identification information, which could also result in the reduction of risks posed by data breaches. Equifax is partnering with Parity, a leader in user-centric identity management, to offer the Equifax I-Card that enables people to verify their identity online... The Equifax I-Card is part of the growing trend to provide increased anonymity and security for a consumer's financial and credit information online. Equifax is working with Parity to help deliver this solution. It also used its premier authentication solution, eIDverifier, as well as multiple data sources for identity verification along with open source technology that is endorsed by The Information Card Foundation (ICF), an industry consortium of consumer, data and technology companies. The Equifax I-Card is among the first commercial I-card-based products to re secure digital identity on the Internet. Led by Deutsche Telecom, pid build-out and adoption of Internet-enabled digital identities using information cards..."

  • [September 24, 2008] ICF.general. Google Groups. General discussion on Information Cards and the Information Card Foundation, open to anyone to join or post. See the welcome posting by Charles Andres. Executive Director, ICF: "... This discussion group will be general and will encourage cross-posting from other groups who are working on parts of the digital infastructure that are relevant to information cards. This includes SAML, OpenID, Vendor Relationship Management, data portability, Security, encryption, identity policy, data breaches, interoperability, certification, and much more.

  • [September 8, 2008] "International Support Grows Across Industries for Information Cards as Preferred Online Method for Protecting Personal and Business Information." Announcement September 8, 2008. New members now include: Deutsche Telekom AG, Intel, Cryptopro of Russia, Eduserv of the United Kingdom, ETRI of South Korea, Figlo of the Netherlands, and Wisekey S.A. of Switzerland. Paul Trevithick, CEO of Parity Communications and Chairman of the Information Card Foundation: "The international interest and rapid growth of the ICF indicates a strong, sustained focus in every part of the world on securing personal information. Information Cards are the bridge to easier Internet transactions for individuals and businesses..." [source PDF]


Hosted By
OASIS - Organization for the Advancement of Structured Information Standards

Sponsored By

IBM Corporation
ISIS Papyrus
Microsoft Corporation
Oracle Corporation

Primeton

XML Daily Newslink
Receive daily news updates from Managing Editor, Robin Cover.

 Newsletter Subscription
 Newsletter Archives
Bottom Globe Image

Document URI: http://xml.coverpages.org/ni2008-06-24-a.html  —  Legal stuff
Robin Cover, Editor: robin@oasis-open.org