OIDF Workshops for GSMA — Fall 2021

The OpenID Foundation and the GSMA partnered on a series of workshops during fall 2021 for the IDG and IDC groups at GSMA responsible for standards development.

Workshop #1: “Strategic Overview of the Identity Landscape, and How OpenID Foundation Standards Help MNOs Serve Their Communities” 

Thursday, October 28, 2021

Workshop Overview:

The OpenID Foundation was founded in 2007 to offer interoperable and open identity standards. Standards like OpenID Connect and the Financial Grade API are used in billions of user and entity transactions to support use cases like Login with Google, Microsoft Azure cloud services, and Open Banking in the UK, Brazil and Australia.  The OpenID works with other non-profit standards bodies like the IETF, W3C, FIDO, GSMA, and ISO to ensure our standards “knit into the fabric” of the internet and are globally scalable. Our community of volunteers seek to address some of the most intractable security, private and identity challenges of our time. In this session we will share our view of the identity landscape, and how OIDF standards offer foundation capabilities not only vital to existing identity services, but uniquely positioned to support the identity ecosystem changes ahead. We’ll also introduce one thesis on how structural change can be achieved: the GAIN whitepaper (Global Assured Identity Network) and how MNOs can take part. We’ll also give some examples of roles MNOs may wish to play in this emerging landscape, and how OIDF standards fit, for instance:

    • MNOs that want to be an Identity Service Provider
      • MNO fit: MNOs with strong market leverage in their users lives
      • OIDF Standards: OpenID Connect + MODRNA
      • Live Example: ZenKey  (Verizon, T-Mobile, AT&T joint entity)
    • MNOs that want to Verify Attributes
      • MNO as verifier of user data like mobile number, billing address, etc
      • MNO fit: MNOs interested in monetizing their data, strengthening identity services for the wider ecosystem
      • OIDF Standards: OpenID Connect for Identity Assurance
      • Live examples:
        • BankID, SecureKey in financial services examples
        • GAIN whitepaper as model for MNOs and other regulated entities to offer attribute verification for users and entities in a globally interoperable model for relying parties
    • MNOs that want to Provide signals to other & 3rd party entities
      • MNO fit: Monetize data, strengthening identity services for the wider ecosystem, reducing cost of ownership (MNOs and other entities develop and use this information for internal risk management now, this federates it using standards)
      • Types of signals: e.g. SIM card change, phone number change, etc which a third party entity can consume and use for internal decision making
      • OIDF Standard: Shared Signals & Events
      • Examples:
        • ZenKey signals
        • Google, Amazon, Microsoft effort to exchange signals
    • MNO as a Relying Party for third party identity services   
      • MNO fit: all incremental and step function improvements using emerging data capabilities (government issued IDs, verified claims, interoperable services like GAIN)
      • Benefit: Better user and entity experiences, better risk management/ compliance, potentially lower costs for fraud (e.g. a new device sold to a fraudster), operations
      • OIDF Standards: OpenID Connect for Identity Assurance, OpenID Connect Self Issued Identity Provider
    • MNOs that need to conform to Open Data Regulations   
      • MNO Fit: MNOs in markets like Brazil, Australia, Canada and the UK know that Open Data mandates from their central government are likely in the next 2-5 years. How might Open Banking standards apply to Open Data?
      • OIDF Standard: Financial-Grade API for use in all Open Data use cases
      • Examples:
        • Open Banking in UK, Australia, Brazil, Russia, Germany, US, Canada, Middle East
    • MNO Identity services for employees, systems, and thing
      • Identification of employees, Employee access to applications, permissioned access for third party services to MNO services and vice versa, permissioned access for staff to devices and devices to services (e.g. IoT, fleets, Bring your own device, sharing economy)
      • OIDF Standards: OpenID Connect

Workshop Presenters:

Bjorn Helm (Verizon, Distinguished Member of Technical Staff, & Vice-Chair OpenID Foundation)
Gail Hodges (Executive Director, OpenID Foundation)



Workshop #2: OpenID Foundation Standards – The Building Blocks that will Help Serve the Identity Needs of the Users

Monday, November 29, 2021

Workshop Overview:

In this workshop, the Foundation shared our view of the identity landscape, and how OIDF standards offer foundation capabilities not only vital to existing identity services, but uniquely positioned to support the identity ecosystem changes ahead. This workshop included case studies of each OIDF standard, although technologists will enjoy the technical deep dive on each standard. Attendees will leave with a strong sense of each standard, use cases, benefits, and how it could fit into their own roadmap.

Workshop Agenda:

3:00 to 3:10pm CET Introduction by Workshop Hosts Gautam Hazarii, Helene Vigue – GSMA

Dawid Wroblewski – Deutsche Telekom, Chair IDG

Bjorn Hjelm –  Vice-Chair OpenID Foundation

3:10-3:30 Convergence of Traditional & New Identity Paradigms Gail Hodges – Executive Director, OpenID Foundation
3:30-3:50 OpenID Foundation MODRNA Standard 

•Objectives, MNO Use cases

•Standard review, Current discussions/ links to GSMA work

•How to join

Bjorn Hjelm – Vice-Chair OpenID Foundation


3:50-4:30 OpenID Connect for Identity Assurance  

•Objectives, MNO Use cases

•Standard review

•Reference implementation: (yes.com)

•Global Assured Identity Whitepaper

Mark Haine — Considrd Consulting & Co-chair eKYC & IDA WG



To join POC: GAINPOC@oidf.org

4:30-4:40pm Break
4:40-5:00 OpenID Connect Grant Management 

•Objective: consent management

•Use cases

•Standard review

Dima Postnikov – Principal Identity Architect & OIDF Contributor
5:00-5:20 Shared Signals & Events

•Objectives, MNO Use cases

•Standard review

•Reference implementation

Atul Tulshibagwale — Google & Co-chair Shared Signals and Events WG
5:20-5:40 Open Banking & Open Data and the Financial-Grade API Security Profile

•Open Banking/Data Regulation & MNO implications

•FAPI as dominant security profile standard

•Use cases (UK, Brazil, Australia)

Joseph Heenan – Authlete & OIDF Certification Program & Contributor
5:40-6:00pm Call to Action

Questions & Wrap

Helene Vigue, Gautam Hazari, Dawid Wroblewski

Bjorn Hjelm, Gail Hodges