I have a library of embarrassing old USENET postings and Digg comments already, once I saw my Digg comments show up for my name in Google I was done. The last thing I want is that identity verifiably linked to me, so I won't be getting too excited about this stuff.

OpenID supporters, however, cannot prevent the government from opening an Identity provider site using such an identifier as its basis. This does not require me to use that OpenID as my online identity, however.

However, this would tarnish OpenID in the eyes of many people who don't realize these distinctions. If I were on the OpenID steering group, I would discourage this move by the government to use OpenID.

The worst thing about the Act is that it's trying to make the common driver license--which last time I checked was a document authorizing you to operate a motor vehicle--into an identification credential validating citizenship. Even though we already have a document designed to serve that purpose. It's called a passport.

But the problem is that the passport isn't widely adopted (in the US). So rather than fix that adoption problem, they're trying to change the document more people have already adopted.

In my opinion, we shouldn't be asking the driver license credential to be doing more than it should. In that same respect, we should not be asking OpenID to do more than it should.

I am not the only person who is interested in controlling the flow of information about me (or some part of it) but other people/organisations are as well and their interests not necessarily fit with mine. What I need in this situation is as much control over the information about myself as possible. But first of all I need to be aware of the possible consequences of giving some info about me to some particular party - this means, I need to know if I can trust those people.

I think what is needed most of all to preserve freedom for internet users is proper information about different authentication / activity tracking schemes - what could be the consequences of using them. It's like the information about phishing sites - if you know enough about phishers' techniques you will be able to avoid being fooled.

So we need to know the possible consequences. Will I be able to use several OpenID identities for different sites - for example National ID enabled identity for one site and for example Blogger identity for another? Is it possible to find out my National ID identity through my Blogger identity (supposed that they are both OpenID)? If I have control over what identity to use and it's impossible or very hard to track one identity using another then I'm quite satisfied. Then I have a choice which people / sites / etc to trust more and which less. But in order for this to happen on the mass scale people need to be aware of possible threats to their freedom / privacy so I think some healthy bit of alarmism is very good in this situation.

And, for the central point of the article, I can see the point on privacy, but I cannot see the source of your fears: I will always be able to use any number od different account types (or simply different open-id's) for different transaction types. Maybe I will use my "national" open-id for my online bank transactions (who cares, since my bank transactions are already bound to my identity), another one to comment on blog post, and another one for dating sites.

Sometimes you may want to. Sometimes not. If it's required - you've lost your freedom of choice.

I addressed this in my post *OpenID: A great thing… going amok?* back when the Estonian news broke:

http://tinyurl.com/2a239y

Am I against OpenID? No.
Am I against National Identity? Probably.
Does it matter what my opinion is? No.

Does it matter that this could take away my free will?

Absolutely.

I'd love to have some way to prove that I am, in fact, me. So when I open a new bank account, credit card, loan, or anything else important, I have to prove that I am in fact ID# 123. That would be great. And if you had this, you could have a wallet with a single card in it - a smart card that is used solely to prove that you are you. Then Visa, your bank, your online Schwab account, etc. would just use that identifier and authentication. (And it could be 2-factor, so secure.)

I can see the benefit of anonymity (this very post is anonymous), and I don't trust the govt, but I think there must be a way to create some sort of national ID authentication service with strong authentication. The current system seems the worst of both worlds - neither truly anonymous (since you DO have info about yourself all over the net), nor truly secure.

Or perhaps I'm just dreaming.

"The government of Estonia has already implemented a National ID system there that serves as an OpenID and now OpenID vendor TrustBearer is explicitly targeting the "national and government ID card" market."

The Portuguese Citizen's Card, still being implemented and already with 27k users(available in azores and a few portuguese districts) - http://www.cartaodocidadao.pt/index.php?lang=en - offers the same funtionality. I think it's a big win for us, drivers's licence, id card, and a few other credentials all in a single place, safe authentication(you can read about it on the website, tech details I believe), access to your personal data is logged.

You can download software to be used with a special reader, like a smart card, sort of.

So, using that kind of auth system with an OpenID account is really great usability-wise.

IMO, OpenID has 2 flaws, first, the identifier, using a url is a bit complicated to the average user, people don't memorize urls like pip.verisignlabs.com/username as easy as they memorize username@gmail.com, or simply, username.

Second: multiple providers, which means a bigger diversity of identifiers, and differences in the implementation of the specification when it should be all the same, that extra 'texture' can be bad to users, 'cos it's more than a difference in funtionality, the provider itself will look and feel very different, feel because the authentication system can change from provider to provider, one can use email as an identifier, other your blog url, or things like http://flickr.com/photos/username, which is even semanticaly incorrect(photos inst. people).

What I mean is, openID needs to be simplified, and centralized, having different providers isn't an advantage at all, it's like saying the web is better because we have different browsers, the specification is well defined, rendering this page with IE or FF should return the same result: the best, the one the web dev. intended.

A single provider with multiple servers provided by the partners involved in the initiative.

Well, it isn't a proper comparison but I hope you get the base idea.

Now, Citizen's Card+OpenID's cool, but very primitive.

dreaming is cool, this way more complicated, rudderless reality isn't :D

Man, great point. I'm going to repeat this over and over whenever participating in a conversation about the use of a drivers license as a National ID.

I can see why people would be paranoid about privacy, but, to be honest, I think the privacy fears are overblown. It is routed in conservative males afraid that their porn-viewing habits will be outed, or their prurient purchases will somehow see the light of day. I do not want to shatter any worldviews, but anyone who has worked for a retailer--or in any business service sector--can attest to how easy it is to obtain/exploit people's personal information. It is the nature of a digital age: everything is traceable and obtainable. And our habits will always be monitored because there is money to be made in knowing what people look at, buy, and interact with.

Maybe if a verified ID were implemented in some form or another it would cut down on perceived anonymous flaming, careless commenting and offensive posts of all kinds. These things only exist because people "think" the Net is some faceless wonderland anyway.

I agree, however, with others' comments about Passports being underused in the States. Make a national initiative to promote people getting one--or maybe the government should start issuing them to toddlers like SSNs.

Wouldn't it be great if you could confirm that your vote counted because you used an OpenID? Wouldn't it be great if you could authenticate and receive a whole bevy of services from the government and not have to share your social security number all over the place?

Maybe I'm a little optimistic but I see positives far outweighing the negatives.

For the record, of the 40 Vidoop employees, only 4 have any kind of military background and not all of those are engineers ... :-)

More information on the Estonian OpenID implementation can be found at David Recordon's and Martin Paljak's presentation from the Web 2.0 Expo in Berlin:
http://www.slideshare.net/daveman692/web-20-expo-berlin-openid-emerging-from-web-20-163963/

Centralizing a system removes incentives for innovation. What if one provider can make an easier to use system than another. A person only needs one provider anyway so the difference in implementation is moot. What if you like to remember a url rather than a name. At least with a url you can be sure it's unique where a login name like "martin" is almost always taken. When the web started no one remembered arbitrary strings like "bob three seven one at web mail dot com" People likely put spaces in there and wrote "at" instead of typing the little symbol when you hold shift and hit "2". People will learn to remember it.

However, if it is a pseudonym which is hosted in various places and given out separately to each RPs with some assertion on the identity’s attribute, such as age, is not so bad. You will be able to get the service that you deserve, and you still do not get to be correlated at the RPs.

Of course, this OP may be able to determine your Real Identity, but that is depending on the operation principle of the OP. It might just use the National ID for the registration and discard the National ID itself right after that.

In fact, coupling of OpenID with this kind of government or otherwise authoritative certification document for the registration purpose serves to enhance privacy. You can prove some of your attribute and still you are anonymous. This has not been possible hitherto.

Thus, I would argue that coupling of National ID type of thing and OpenID is privacy enhancing.

Remember, Certification, Registration, Authentication, Authentication Assertion, Authorization is all different things. It is awfully wrong to use the certificate (such as National ID) as the authentication identity, but, for registration purposes, it is quite useful.