Help reshape Identity security: Join the IPSIE working group

At Oktane this year, we announcedthat the OpenID Foundation (OIDF) has launched a working group devoted to creating the first unified enterprise Identity security standard. Called Interoperability Profiling for Secure Identity in the Enterprise (IPSIE), the group aims to tackle key challenges that underlie Identity security in today's enterprise environments.

Okta knows that to solve the Identity security challenges afflicting the world, we need to pursue standardization that ensures security by default, consistency, and interoperability across enterprise technologies. This will foster an open ecosystem where building and using secure enterprise applications is easy for everyone. That's why we became involved in this initiative, bringing together others in the industry who share this vision. I, along with my peers who work in companies such as Microsoft, Ping Identity, Beyond Identity, SGNL, and others, worked together to create the IPSIE working group charter. We were thrilled that it was accepted by the OIDF Specifications Council within just a few weeks of submission!

Now that the working group is formed, we're focused on achieving the group's purpose. This starts with developing profiles of existing specifications, including OpenID Connect, Shared Signals, OAuth 2.0, SCIM, and others. These specifications are commonly used in enterprise Identity today but contain significant optionality that reduces the likelihood that independent implementations will interoperate. We'll do this while prioritizing secure defaults. Our aim is to have the first draft of the IPSIE specification published in early 2025. That's step one in a multi-step process. We'll work toward final specifications that will, at various stages, be voted on by OpenID Foundation members. When the working group has reached a consensus, after a public review period on each draft, the standard will be finalized. (You can learn more about the OpenID Foundation IPSIE working groupand details on the OpenID Foundation's working group processes.)

While the IPSIE working group has just kicked off and hasn't published a draft specification yet, the feedback I've received from Okta customers and partners about the IPSIE WG and its mission has been extraordinarily positive. Many have shared that they believe this is what's needed, this is what they've been waiting for, and standardization offers the solution to many of their Identity security challenges. SaaS builders, as well as enterprise developers, seem eager to adopt the standard once it is stable-and we certainly hope they do!

Okta has a lot to contribute to the working group. We recently published 125 integrationswith large SaaS providers that adhere to modern Identity security best practicesto enhance Identity security and reduce operational burdens- from SSO and lifecycle management to Identity automation, security posture visibility, and remediation. These integrations incorporate some of the capabilities proposed in the IPSIE working group charter and Okta looks forward to contributing these ideas to the working group for consideration and critique. In the future, we hope every application will support these features in a standardized way.

Okta believes that standardization is the key to solving our cybersecurity challenges today, and standardization can't be solved by one Identity vendor, one SaaS provider, or one enterprise. It takes developers from all levels of the ecosystem to create this solution. If you'd like to get involved, visit the OpenID Foundation IPSIE working group page. We'd love to have your participation.