OpenID Makes Big Progress in Government

Home Forums Miscellaneous OpenID Makes Big Progress in Government

This topic contains 10 replies, has 6 voices, and was last updated by  Guy Martin 9 years, 3 months ago.

  • Author
    Posts
  • #80019

    Steve Ressler
    Keymaster

    Big news today as a pilot for OpenID is being used in government

    Washington, DC — Ten large companies, including Yahoo, PayPal, Google and AOL, have signed on to support a new pilot program designed to let people participate in government web sites without having to create new usernames and passwords. Under the program, citizens will be able to access the sites using the identities they’ve already created through the companies, which also include Equifax, VeriSign, Acxiom, Citi, Privo and Wave Systems. The idea is to let people access special features of the sites without revealing their personal information to the government. The National Institutes of Health (NIH), for example, plans to let people use the IDs to conduct customized library searches, access training resources, register for conferences and use of medical research wikis. “Open government cannot and will not compromise either security or privacy,” said Drummond Reed, executive director of the Information Card Foundation. “By working with private industry, the U.S. government is harnessing the innovation and efficiencies of the open market and letting citizens choose their preferred means of engaging with government agencies.” The pilot is being conducted by the Center for Information Technology (CIT), NIH, Department of Health and Human Services (HHS) and related agencies.
    http://openid.net/2009/09/09/yahoo-paypal-google-equifax-aol-verisign-acxiom-citi-privo-wave-systems-pilot-open-identity-for-open-government-2/

  • #80039

    Guy Martin
    Participant

    This is a good thing, but before anyone suggests this for something like Forge.mil or Forge.gov, or any ‘Apps for America’-style participation endeavor, remember that in certain cases, anonymity is not productive or conducive to community & security.

    What kind of vetting will Equifax, VeriSign, et. al do to verify that the users being granted credentials aren’t from terrorist organizations, for example?

  • #80037

    Amanda Blount
    Participant

    Interesting. I can’t wait to see how this goes. I agree with guy and Jerry, vetting may be an issue. But, I hope that will be worked out as the program goes along.

  • #80035

    George Scoville
    Participant

    To Guy Martin: Exactly. One of the biggest problems with using OpenID in government network space is precisely the inability to authenticate identity. Hopefully we’ve already taken two steps forward in cybersecurity and this is only one step back. This will be difficult for anyone to stop, especially given the new administration’s fascination with all things Google.

  • #80033

    Henry Brown
    Participant

    USDA has been using a SOMEWHAT different variation of this for several years now, It is called Eauthentication The PRIMARY difference with this “NEW” application is the level of “security” where about all Level 1 provides is SOME assurance that you are in fact a member of Homo-Sapien community. The higher levels require MORE authentication up to highest US government security clearances.

    To see the level 1 in use goto USDA training site

  • #80031

    Guy Martin
    Participant

    There is an interesting update I just found – OpenID as a tech is actually very cool – my concern was going to be in how validation/vetting of identity was done (which OpenID specifically doesn’t get involved in).

    There is a good article on this that just came out in Government Computer News.

    It references the GSA Trust Framework Provider Adoption Process, which appears to take some of this vetting into account. I do still hold to my previous statement that since OpenID doesn’t take security/vetting into account, it is going to be a tough sell to .mil sites to use the tech, unless a much stronger vetting process is guaranteed on the front-end of any OpenID transaction.

    They even admit at the end of the article: “We won’t necessarily know the individual we are doing business with, but we can create a live experience that they can get used to using and be able to have a richer experience in doing online interactions with the federal government”. This is a laudable goal, but let’s just keep in mind that anonymity is usually inversely proportional to trust, and that a subset of federal sites (such as Forge.mil, a proposed Forge.gov, etc.) won’t be able to operate in that kind of environment.

  • #80029

    Scott Burns
    Participant

    Does anyone know someone at CIT that I can contact to learn more about this pilot?

  • #80027

    Barry Everett
    Participant

    The OpenID concept is a good one, and the questions about true identity are valid. However, the ‘special features’ or services that Dot Gov sites would provide would NOT be those used for actual business, but rather for the kind of information or collaboration that are not necessarily full access. As an example, my bank or brokerage might allow me some specialized features like research or social collab features with only an OpenID account, as a convenience for not registering with the site to get these faetures, BUT would require fully authenticated account registration for doing business. The Dot Gov sites would do the same.

    Information gathering or forum participation might only need my Farnham identifier, but serious stuff like my taxes or social security information would need Barry’s real information, and both parties need assurance that we are who we say we are. Multi-level communications in the digital arena is a useful state of operation, but needs user education.

  • #80025

    Scott Burns
    Participant

    Thanks. I’ll reach out to him. Still trying to figure out how to support this.

  • #80023

    Scott Burns
    Participant

    Barry: I hope they are talking to you before they make final policy from OMB!

  • #80021

    Henry Brown
    Participant

    Have just spent close to 3 hours in attempting to get a DOD activity to recognize my government PIV card, with the “final” solution being “we are NOT required to recognize and or accept any PIV card other than DOD’s

You must be logged in to reply to this topic.