The Overview
In this episode of Identity. Unlocked, principal architect at Auth0 and podcast host, Vittorio Bertocci, focuses on the work of the eKYC and Identity Assurance Working Group in the OpenID Foundation. In order to explore the group and its work, Vittorio interviews Mark Haine, Director at considrd.consulting, and one of the Chairs of the eKYC and Identity Assurance Working Group.
The working group is named for two processes that are largely the same but represent different industries. eKYC or Electronic Know Your Customer is a process most closely tied to the financial industry, whereas identity assurance is the more generic counterpart present in most other sectors. Identity assurance is the process of establishing the Identity of someone you’re interacting with within a very reliable fashion, and while it was historically often carried out in person, the rapid transition to new technologies and options for remote engagement - all prompted by the COVID-19 pandemic - have created a need to find ways of moving identity assurance online and allowing for it to be done in a standardized fashion.
The working group charter, in summary, explains the group’s aim to deliver a tech solution that communicates verified claims and information about how they were verified. The information to be communicated is metadata about claims, answering questions of how and when claims were established. The working group represents many countries and industries and was launched in the context of the OpenID Foundation because of the natural connections between the foundation and the group’s initiative. Offering further detail on this project, Mark comments on the choice not to mandate but only to encourage the use of FAPI, level of adoption of the working group’s spec thus far, and - with regard to deliverables - what specification documents and definitions the group is working with. As the conversation winds to a close, Mark explains the danger of using scope, the TXN claim within the working group’s program, the PKI analogy for program service, and ways listeners can help by fostering awareness of the program and its many less obvious use cases.
Key Takeaways
[4:04] - Mark talks about the eKYC acronym, identity assurance, and standardization.
[7:13] - Mark summarizes the working group charter.
[9:28] - The working group is international and naturally connects to the OpenID Foundation.
[15:51] - Vittorio asks about program deliverables, focusing on specifications documents.
[20:53] - He asks about the TXN claim within the program, service arrangements, and more.
[24:23] - If Mark issued a to action, it would center on awareness.
Links/Resources:
Learn more about Mark Haine and the eKYC and Identity Assurance Working Group.
Connect with Vittorio Bertocci on Twitter
Learn more about Identity, Unlocked
Find out more on Auth0
Learn more about the sponsor for this season, the OpenID Foundation
About OpenID Foundation
The OpenID Foundation is a non-profit international standardization organization of individuals and companies committed to enabling, promoting, and protecting OpenID technologies. Formed in June 2007, the foundation serves as a public trust organization representing the open community of developers, vendors, and users. OIDF assists the community by providing needed infrastructure and helps in promoting and supporting the expanded adoption of OpenID. This entails managing intellectual property and brand marks as well as fostering viral growth and global participation in the proliferation of OpenID.
Identity, Unlocked
Identity, Unlocked is the podcast that discusses identity specs and trends from a developer perspective. Identity, Unlocked is powered by Auth0. Vittorio Bertocci is Principal Architect at Auth0 and applies his vast knowledge of the identity industry to Auth0 in all aspects of the company, including internal and external education, product innovation, and customer integration.
About Auth0
Auth0 by Okta takes a modern approach to customer identity and enables organizations to provide secure access to any application, for any user. Auth0 is a highly customizable platform that is as simple as development teams want, and as flexible as they need. Safeguarding billions of login transactions each month, Auth0 delivers convenience, privacy, and security so customers can focus on innovation. For more information, visit https://auth0.com.