By Eve Maler, ForgeRock VP of Innovation and Emerging Technology
A lot of us doing digital identity know that innovation in this space comes in fits and starts. There have been times when the twice-yearly Internet Identity Workshops felt like exercises in marking time: Okay, if InfoCard isn’t quite it for consented attribute sharing, what’s the answer? And what do you mean everyone doesn’t yet have a server under their desks at home running an OpenID 2.0 identity provider?
At other times, there’s excitement in the air because we feel like we’re on to something big, and if we just align our polarities in the right way, we can really get somewhere. It’s out of these moments that OpenID Connect (a merger of ideas from Facebook and OpenID Artifact Binding folks) — for one example — was born.
I for one am feeling that excitement now. There’s a confluence of factors:
New purpose around individual empowerment in the post-Snowden era (privacy!)
New acceptance of web- and mobile-friendly tools (APIs!)
New use cases where things hook up to the Internet at crazy scale (IoT!)
User-controlled data sharing as a killer app for modern cloud services (relationships!)
The “new Venn of access control” that I talked about at ForgeRock’s Identity Relationship Management Summit in June is coming — and all of us practitioners have a chance to make dramatic progress if we can just…align.
There are a couple of key opportunities to do that in the short term: IIW XIX in Mountain View in three weeks, and the IRM Summit in Dublin — along with a Kantara workshop on the trusted identity exchange and the “age of IRM agility” — in four.
If you join me at these venues, you can catch up on important User-Managed Access (UMA) progress, and also hear about — and maybe get involved in — an exciting new group that Debbie Bucci of HHS ONC and I are working to spin up at the OpenID Foundation: the HEAlth Relationship Trust Work Group. The HEART WG is all about profiling the “Venn” technologies of OAuth, OpenID Connect, and UMA to ensure that patient-centric health data sharing is secure, consented, and interoperable the world over. (If you’re US-based like me and have visited a doctor lately, you’ve probably been onboarding to a lot of electronic health record systems — how would you like to help ensure that these systems are full participants in the 21st century? Amirite?)
See you there!
– Eve (@xmlgrrl)