Insights & Analyses

How can you tell open identity is done right? When it’s boring

April 28, 2017

If open identity standards do not excite you, that’s quite alright with Open Identity Exchange President and Chairman Don Thibeau, because that means the standards are working as they should.

“The fact of the matter is that identity can be boring, and maybe should be boring,” Thibeau said on the latest episode of the State of Identity podcast. “Because if we do it right, it becomes plumbing, and if plumbing is right, people really don’t notice it — they just take advantage of it, and use the results of it for lots of good things.”

Ideally, an open standard works so well that it essentially disappears. In the identity realm, it should be integrated into an identity systems builder or service provider that is ultimately shared with clients in a seamless and unobtrusive manner.

To Thibeau, evidence that it’s working can be found in the standards that are now being built on top of the OpenID Connect platform, which allows computing clients to verify the identity of an end-user based on authentication and basic profile information.

For example, the GSMA Mobile Connect online identity program, tied to a user’s mobile phone, is built on OpenID Connect, and is one of the most widely adopted standards in the industry.

Even unlikely players are coming on board. Thibeau said he was surprised when, about a year ago, Oracle joined the board of the OpenID Foundation, giving it a say in how identity standards will be implemented in the years to come.

“They recognized that identity is this kind of horizontal, cross-cutting function within enterprises,” he said.

For more, subscribe to the State of Identity podcast on iTunes, and tune in every week for new episodes.