Shopping for Identity Providers – What do I need to know before I put my identity in your provider

From IIW

Session Topic: Shopping for an Identity Providers: What do I need to know before I put my identity in your provider?

Wednesday 3E

Convener: Matt Berry

Notes-taker(s): Dan Sanford

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

IIW18 Wed3E.jpg

Things to consider


strong authentication

privacy policy



operational security

scopes and types of information


information required for identity proofing

How do I measure it?

Could certify operational security and privacy policy

Lots of discussion - what is an IDP (e.g. )

  • abiility to export data
  • ability to provide data to a third party'

how (when and why) will privacy policy change? Lots of discussions about who measures, what and how much IdP describes this information? Are we willing to pay for it?

Government or others can monitor changes and/or validating that entities do what they intend to, or possibly even meet some standard (e.g. w3c recommended policy standards for website - has gone nowhere)

Lots of discussion of standards for these things to consider that we would want that don't exist right now - which is something that we would want to consider if they were available.