Comments for US Government Reviewing OpenID For Login on .Gov Sites

US Government Reviewing OpenID For Login on .Gov Sites

2009-08-10T18:49:38Z

Top government IT officials and representatives from online identity services met today in Washington DC to talk about plans to allow 3rd party certification bodies, called "Trust Framework Providers," to evaluate private sector OpenID and Info Card providers for use in logging into government agency websites.

The Open Government Identity Management Solutions Privacy Workshop is being held in Washington DC to draft a process for certifying existing identity providers for low-security government authentication transactions (so-called NIST level 1). If the plans move forward, we may someday be able to log in to government sites using our favorite OpenID-supporting website credentials. Google, AOL, Yahoo or other commercial accounts could become new keys to a consistent experience around the .gov web.

]]> The draft process for selecting approved Trust Framework Providers that will then certify individual identity providers is titled "Trust Framework Provider Adoption Process for Levels of Assurance 1, 2, and non-PKI 3" and is available for download as a PDF.

That draft includes requirements that OpenID or related Info Card identities not be used to authenticate people who are physically present (it's just for remote online access), that they not be used to transmit activity data or anything else beyond what is specifically requested by a government agency and that there be measures taken to continue protecting personal information if the identity provider goes out of business.

Identity providers will be evaluated on factors like an organization's technical implementation of authentication, its reputation and its business stability.

Providers who meet the requirements of the Trust Framework may be chosen to provide low-security authentication for users of government websites.

O'Reilly's Andy Oram posted an in-depth look at some of the issues raised by government support for OpenID last week.

"In considering government adoption," OpenID Foundation board member Chris Messina said of the Framework, "primary among our priorities is the protection of individual privacy while also considering ease of use and convenience. These factors cut to the core of the purpose of Trust Framework and feedback, therefore, is strongly encouraged on the document we've produced so far."

Keep your eyes peeled for an opportunity to comment publicly.

Government validation of federated identity could be a major boost for the ecosystem of the open, distributed web, and thus for innovation online. We hope the people making these plans can get it right and that the relevant government agencies can garner sufficient public support.

Comment from factoryjoe.com on 2009-08-10

2009-08-10T19:00:35Z

Thanks for the post Marshall. This is indeed important work, and getting solid, informed feedback on this is critical.

For those who want to more technical information about OpenID and privacy, I strongly recommend reading Will Norris' recent series of posts:

http://willnorris.com/2009/07/openid-directed-identity-identifier-select
http://willnorris.com/2009/08/best-practices-with-directed-identity
http://willnorris.com/2009/08/a-new-kind-of-openid-proxy

They provide a good outline for understanding how OpenID can be set up to support privacy and anonymity in government transactions.

Comment from Chris Baskind on 2009-08-10

2009-08-11T00:38:17Z

On Friendfeed, maybe. ;-)

Comment from lisa padilla on 2009-08-10

2009-08-11T00:42:00Z

OpenID is a huge win for the critical infrastructure of our government, true Marshall. Both are great signs that unified login and intelligent aggregation will save people time and sanity.

Comment from Ravi Sharma on 2009-08-13

2009-08-14T03:23:24Z

I hope they know what they are doing...This will increase a lot of phishing as OpenID is still insecure.

Comment from Marshall Kirkpatrick on 2009-08-14

2009-08-14T08:18:14Z

i guess FB buying FriendFeed is bigger news than OpenID for .gov sites. http://bit.ly/gTnaO so goes the world [from http://twitter.com/marshallk/statuses/3235779760]

Comment from muhabbet on 2009-09-03

2009-09-04T01:21:13Z

thank you.

Comment from ed hardy on 2009-09-06

2009-09-07T00:44:02Z

Nevertheless, really, much that even Coach is a hot commodity now will quickly be a hot commodity in Whether you want traditional bridal trinkets or modern bridal
ed hardy mens t-shirts jewelry or has really took the Louis Vuitton Speedy drawing and made a different yet horrific account.

Comment from sohbet on 2009-09-10

2009-09-11T02:54:18Z

Thank Marshall nice the .gov siter will be more security sites any more.

Comment from firma on 2009-09-14

2009-09-15T03:28:21Z

I think that the goverment must not rely on openid it can be hacked.

Comment from coldjung on 2009-10-29

2009-10-29T14:19:50Z

Thank Marshall nice the .gov siter will be more security sites any more.

Comment from nuioy0072651 on 2009-11-29

2009-11-30T02:07:46Z

Well, it seems like another blog, but while though i have gone through it, i found it with huge interesting topics and all that. This seems like very informative and i' love to recommend everyone as this blog giving a huge interest to everyone need. I do love this blog and hopefully i would be in touch with it as it becomes my favorite one. lol..Thanks!

Comment from Anuwat on 2009-12-29

2009-12-29T17:01:51Z

I thank you for this informative article. And I thank you for this I follow your vendors. It’s verry good. I wish you continued success.
seo บ้าน

Comment from SEO on 2010-01-11

2010-01-11T20:38:22Z

This is fantastic. Here’s to open government and the open web! I believe OpenID will continue to be the most convenient and trustworthy open identity standard on the Web. Open standards create a better Internet for everyone, and the U.S. government's adoption of OpenID is a huge endorsement of OpenID and a big step forward for open standards. SEO Rider