September 9, 2009 at 6:34 pm #80019
Big news today as a pilot for OpenID is being used in government
Washington, DC -- Ten large companies, including Yahoo, PayPal, Google and AOL, have signed on to support a new pilot program designed to let people participate in government web sites without having to create new usernames and passwords. Under the program, citizens will be able to access the sites using the identities they've already created through the companies, which also include Equifax, VeriSign, Acxiom, Citi, Privo and Wave Systems. The idea is to let people access special features of the sites without revealing their personal information to the government. The National Institutes of Health (NIH), for example, plans to let people use the IDs to conduct customized library searches, access training resources, register for conferences and use of medical research wikis. "Open government cannot and will not compromise either security or privacy," said Drummond Reed, executive director of the Information Card Foundation. "By working with private industry, the U.S. government is harnessing the innovation and efficiencies of the open market and letting citizens choose their preferred means of engaging with government agencies." The pilot is being conducted by the Center for Information Technology (CIT), NIH, Department of Health and Human Services (HHS) and related agencies.
September 10, 2009 at 12:34 am #80039
This is a good thing, but before anyone suggests this for something like Forge.mil or Forge.gov, or any 'Apps for America'-style participation endeavor, remember that in certain cases, anonymity is not productive or conducive to community & security.
What kind of vetting will Equifax, VeriSign, et. al do to verify that the users being granted credentials aren't from terrorist organizations, for example?
September 12, 2009 at 12:33 am #80037
Interesting. I can't wait to see how this goes. I agree with guy and Jerry, vetting may be an issue. But, I hope that will be worked out as the program goes along.
September 14, 2009 at 3:26 am #80035
To Guy Martin: Exactly. One of the biggest problems with using OpenID in government network space is precisely the inability to authenticate identity. Hopefully we've already taken two steps forward in cybersecurity and this is only one step back. This will be difficult for anyone to stop, especially given the new administration's fascination with all things Google.
September 14, 2009 at 2:34 pm #80033
USDA has been using a SOMEWHAT different variation of this for several years now, It is called Eauthentication The PRIMARY difference with this "NEW" application is the level of "security" where about all Level 1 provides is SOME assurance that you are in fact a member of Homo-Sapien community. The higher levels require MORE authentication up to highest US government security clearances.
To see the level 1 in use goto USDA training site
September 28, 2009 at 11:21 pm #80031
There is an interesting update I just found - OpenID as a tech is actually very cool - my concern was going to be in how validation/vetting of identity was done (which OpenID specifically doesn't get involved in).
It references the GSA Trust Framework Provider Adoption Process, which appears to take some of this vetting into account. I do still hold to my previous statement that since OpenID doesn't take security/vetting into account, it is going to be a tough sell to .mil sites to use the tech, unless a much stronger vetting process is guaranteed on the front-end of any OpenID transaction.
They even admit at the end of the article: "We won't necessarily know the individual we are doing business with, but we can create a live experience that they can get used to using and be able to have a richer experience in doing online interactions with the federal government". This is a laudable goal, but let's just keep in mind that anonymity is usually inversely proportional to trust, and that a subset of federal sites (such as Forge.mil, a proposed Forge.gov, etc.) won't be able to operate in that kind of environment.
September 29, 2009 at 2:13 am #80029
Does anyone know someone at CIT that I can contact to learn more about this pilot?
September 30, 2009 at 1:38 pm #80027
The OpenID concept is a good one, and the questions about true identity are valid. However, the 'special features' or services that Dot Gov sites would provide would NOT be those used for actual business, but rather for the kind of information or collaboration that are not necessarily full access. As an example, my bank or brokerage might allow me some specialized features like research or social collab features with only an OpenID account, as a convenience for not registering with the site to get these faetures, BUT would require fully authenticated account registration for doing business. The Dot Gov sites would do the same.
Information gathering or forum participation might only need my Farnham identifier, but serious stuff like my taxes or social security information would need Barry's real information, and both parties need assurance that we are who we say we are. Multi-level communications in the digital arena is a useful state of operation, but needs user education.
September 30, 2009 at 6:58 pm #80025
Thanks. I'll reach out to him. Still trying to figure out how to support this.
September 30, 2009 at 6:59 pm #80023
Barry: I hope they are talking to you before they make final policy from OMB!
September 30, 2009 at 7:39 pm #80021
Have just spent close to 3 hours in attempting to get a DOD activity to recognize my government PIV card, with the "final" solution being "we are NOT required to recognize and or accept any PIV card other than DOD's"
You must be logged in to reply to this topic.