Guy Martin

There is an interesting update I just found – OpenID as a tech is actually very cool – my concern was going to be in how validation/vetting of identity was done (which OpenID specifically doesn’t get involved in).

There is a good article on this that just came out in Government Computer News.

It references the GSA Trust Framework Provider Adoption Process, which appears to take some of this vetting into account. I do still hold to my previous statement that since OpenID doesn’t take security/vetting into account, it is going to be a tough sell to .mil sites to use the tech, unless a much stronger vetting process is guaranteed on the front-end of any OpenID transaction.

They even admit at the end of the article: “We won’t necessarily know the individual we are doing business with, but we can create a live experience that they can get used to using and be able to have a richer experience in doing online interactions with the federal government”. This is a laudable goal, but let’s just keep in mind that anonymity is usually inversely proportional to trust, and that a subset of federal sites (such as Forge.mil, a proposed Forge.gov, etc.) won’t be able to operate in that kind of environment.