[OpenID] OpenID + Government

Peter Williams pwilliams at rapattoni.com
Wed Aug 12 14:44:42 UTC 2009 


So there i am in 2006 trying to let our 100k realtors use their rsa
tokencodes at lots of other websites in the realty universe.

Sounds simple, no?

And I walk into this religion style war of words, of spin meistering,
claim and counterclaim ...and a omnipresent culture of the putdown.
Generally: an intense over sensitivity, in the saml camp. And it's not
because realty is a hot new market for websso sales!

As a lapsed security engineer, i love seeing the passion (and i also
love the saml product we selected, which we use everyday at a cost of
deployment now of about $2000 partner link (taking about 3 days, in
most cases)). But the "edginess" I see displayed across not one but
several companies is a real issue for going further with saml. I feel
like I'm stepping across a precipice.

And the edginess gets noticibly stronger the moment i talk about
(also) using openid in our customers trust networks.

Now you are a good person to challenge on the bretts topic of "GSA has
declared openid as inherently unable to address more than loa1
assurance requirements". A firm you associate with has been using
openid (with a custom extension albeit) for banking transactions-
which are not trivial transactions for which low assurance is
appropriate.how can I reconcile those 2 statements?

Now I feel I'm being spun to even more. Brett made, in literary
analysis, a reaching for that "defining" gsa classification. And in
that act of reaching underminded his case for being impartial. A good
politician doesn't reach for the very classification device that
devides folks. He or she enables (almost magically) a acceptable
tradeoff.

Is kantara going to formally disarm the samlista brigade and move
forward, or have we just got a new name for the same old warhorse?



Grudgingly, they acceptedn




On Aug 12, 2009, at 4:10 AM, "Paul Madsen" <paulmadsen at rogers.com>
wrote:

> Peter, a good theory. But you forget to mention that NORAD
> intentionally
> scrambled the fighters late to allow the planes to get to the towers.
>
> Peter Williams wrote:
>> My value- such as it is- is as an outsider.
>>
>> I measured 4 sources:
>>
>> Sun Micro rsa conference presentation on their openid pilot;
>> rationales for never being an rp
>> Ping identity factors gating speed of adoption of openid2 -
>> privileged acess
>> Scott cantors view on openid2 generally, and saml as used in xrd;
>> raw opinion, shared freely
>> How the uk jisc pilot of openid framed the basis for it's total
>> adoption failure in uk academia. Was it geared to fail?
>>
>> Given these 4 inputs, I simply conjectured a link (liberty). I
>> tested my conjecture by being a bit outlandish. CoMpared to the
>> norm (fox news and msnbc), I was MILD in the imputations. Lots of
>> Ifs, buts, shoulds, mays....that mature heads would recognize as
>> method.
>>
>> Don't get upset. It's just an experiment.
>>
>> Little, powerless, clueless, skilless, informationless peter throws
>> tiny word stone at mighty million dollar liberty standards lobbying
>> machine ...and gets "over the top" reaction.
>>
>> Why? Why such sensitivity?
>>
>>
>>
>> On Aug 11, 2009, at 5:29 PM, "John Bradley"
>> <john.bradley at wingaa.com<mailto:john.bradley at wingaa.com>> wrote:
>>
>> Peter, Brett
>>
>> As a member of Liberty, Kantara, ICF, and OIDF.   I can say that I
>> have never seen any indication of Liberty plotting against openID
>> or info-card.  (I do go to most of the secret meetings)
>>
>> The issue with physical access is more one of not trying to boil
>> the ocean.
>>
>> There is real desire by real government RPs to use open
>> technologies and work with commercial identity providers.  There
>> are RPs I am working with who want this yesterday.
>>
>> This first step is hard enough.  Many people have been working hard
>> for many months.
>>
>> One of the ways we have been able to make progress is by limiting
>> the scope.
>>
>> We could have done physical access, LoA 4,  p-cards and other things.
>>
>> The initial program by the GSA is a start not an end to the process.
>>
>> There will be changes to the initial profiles and additional
>> profiles as time and requirements permit.
>>
>> This first step is a scary amount of work,  give us time please.
>>
>> John B.
>>
>> On 11-Aug-09, at 5:04 PM, <mailto:openid-general-request at lists.openid.net
>> > openid-general-request at lists.openid.net<mailto:openid-general-request at lists.openid.net
>> > wrote:
>>
>> Date: Tue, 11 Aug 2009 13:43:29 -0700
>> From: Peter Williams
>> <<mailto:pwilliams at rapattoni.com>pwilliams at rapattoni.com<mailto:pwilliams at rapattoni.com
>> >>
>> Subject: Re: [OpenID] OpenID + Government
>> To: Brett McDowell
>> <<mailto:email at brettmcdowell.com>email at brettmcdowell.com<mailto:email at brettmcdowell.com
>> >>
>> Cc: OpenID List <<mailto:general at openid.net>general at openid.net<mailto:general at openid.net
>> >>
>> Message-ID: <<mailto:7911DEBA-C04B-4CC7-8A4B-967626522E9A at rapattoni.com
>> >7911DEBA-C04B-4CC7-8A4B-967626522E9A at rapattoni.com<mailto:7911DEBA-C04B-4CC7-8A4B-967626522E9A at rapattoni.com
>> >>
>> Content-Type: text/plain; charset="us-ascii"
>>
>> If the infocard stack is technically reputable, can you explain why
>> an
>> accredited provider would be excluded from using it (and openid) from
>> making assertions of physical presence?
>>
>> _______________________________________________
>> general mailing list
>> general at lists.openid.net<mailto:general at lists.openid.net>
>> http://lists.openid.net/mailman/listinfo/openid-general
>> _______________________________________________
>> general mailing list
>> general at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-general
>>

More information about the general mailing list