Skip to main content
About the City of Osmio

Building Authenticity on the Internet

The City of Osmio serves as a certification authority, putting its duly constituted public authority behind its digital identity credentials and other digital certificates. The City of Osmio’s Vital Records Department provides identity credentials that carry a measure of their own reliability. Osmio’s credentials provide accountable anonymity, letting the user assert their identity without disclosing their identity, much as your car’s license plate makes you accountable without disclosing the identity of the driver or owner unless there’s been an accident.

Osmio addresses the concerns of thought leaders about centralized authority. Just as you own the city where you live, Osmio is owned by, and governed by, its residents and residents of online communities that accept Osmio as their administrative capital.

How You Can Participate

Decades ago, the inventors of PKI thought that they had created the remedy for the inauthenticity problems that were just starting to plague the nascent information highway.

And they were right!

But the brilliant mathematicians who invented PKI had difficulty communicating with those who needed to be involved in PKI’s deployment. For more, check out these videos: What is Authenticity?  Ten Reasons Why PKI Failed To Gain Traction.

The City of Osmio is here to remove those obstacles to the effective deployment of PKI.

Like the city where you live, Osmio is owned by you, its resident. And just as the city where you live depends upon involved citizens for effective governance, Osmio is governed by the participation of active citizenry. Take a look at our various commissions and consider joining one of them. Some call for specialized skills but others will benefit from anyone who can invest the required time and attention.

Participate in one of our commissions to contribute your expertise toward greater authenticity and accountability on the internet.

Certification Practice Statement

The Osmio Vital Records Department Certification Policy and Practice Statement is the principal statement of policy governing the Osmio VRD. This Certification Policy (CP) sets forth the business, legal, and technical requirements for providing certification services, to include: (1) approving, issuing, managing, using, revoking and renewing digital certificates to Subjects; (2) maintaining an X.509 Certificate-based public key infrastructure in accordance with the Certificate Policies determined by the Osmio Certification Practices Board; and (3) managing Osmio VRD repository operations, in accordance with the specific requirements of this Certification Policy.

What is Authenticity?

Authenticity is pervasive accountability combined with privacy. It’s what enables the real world to work and what we are introducing to the digital world. Authenticity establishes a genuine, one-to-one relationship between a digital identity and a real-world person. Watch the video below.

About Our Name

Osmio is the Italian word for osmium, an elemental metal. Osmium is the least susceptible to distortion by pressure. There was once a project by a major software corporation called Palladium that intended to provide global digital identity management. Wes Kussmaul's global digital identity effort needed a name and given osmium was stiffer than palladium, it was an appropriate choice.

What is Optimocracy?

In Optimocracy, anyone can be a voting member of a commission or other governing body, without campaigning for election or appointment. The only requirements are:

- The member must have, and use, an identity credential with a minimum Identity Quality score as set by the Chief Moderator of the community

- The member must demonstrate ongoing participation in the commission (or other governing body) by digitally signing its periodic checkpoints and polls, and must contribute to its deliberations at a minimum level set by its moderator.

What is ID-PKI?

When you type a username and a password or you use your fingerprint, someone can capture that username or password or fingerprint as it's sent to the server.  

In an ID-PKI system you don't send a password at all. Instead, when you send your ID, the server uses it to make a “proof puzzle” which it sends to your phone or computer.

The server says: “You claim to be Jane Jones. If you send me the solution to this proof puzzle, that proves that you have the isolated secret number that corresponds to Jane's ID. In that case you must really be Jane.”

If someone captures every bit of that exchange – the username, the puzzle, the whole thing – it will be of no use to them. Every puzzle made with that ID will be different. A solution to a previous puzzle is useless. So the first thing to know about ID-PKI is that it totally eliminates this common way that thieves break in.

What is IDQA?

Identity Quality Assurance, or IDQA, tells you and other "relying parties" at a glance just how reliable is another person's claim of identity.

Our Key Ceremony

On September 12, 2017, keyholders and authenticity entrepreneurs gathered in Geneva, Switzerland for the key generation and signing ceremony for the City of Osmio, a citizen-driven duly constituted public authority and certification authority.

It represents an historic part of the deployment of the Quiet Enjoyment Infrastructure, which is a step toward bringing real authenticity, privacy, and security to the internet.

The Osmio Charter

Osmio’s practices are built on a set of principles called the Quiet Enjoyment Infrastructure. In QEI, integrity comes from the accountability of individual people. Certificates attest to the identity of people, not objects such as websites or servers or companies. Your building’s occupancy permit is signed by people – by licensed professionals including an architect, contractor, and building inspector.

Osmio does provide for traditional applications of digital certificates such as websites, software code, etc. But with Osmio, sites are signed by signing officers: professionally licensed individuals who assume personal and professional responsibility for the legitimacy of the use of a web domain.

Professional Licensing

Years ago, people knew they could trust the assertions of an organization because those assertions were signed by a professionally licensed and professionally liable individual such as Arthur Andersen. Then the law changed so that a group of people collectively calling itself Arthur Andersen could sign those assertions. That meant that no individual's good name and professional livelihood was jeopardized if the assertions proved untrue.

The lack of individual assertions of identity, sites, and content on the internet means that inauthenticity, fraud, and malware runs rampant. How can you trust that people you deal with online are who they say they are? How can you trust that a piece of software doesn't contain some hidden agenda?

The City of Osmio brings back individual accountability for claims and representations made in online spaces. Perhaps one of Osmio’s professional licenses represents a skill of yours. If you have a demonstrable track record of integrity, this could be a new source of income for you.