[OpenID] TransparencyCamp and OpenID (U)

Tue Mar 10 22:06:39 UTC 2009

On Tue, Mar 10, 2009 at 1:03 PM, Dickover, Noel, CTR, NII/DoD-CIO <
Noel.Dickover.ctr at osd.mil> wrote:

> UNCLASSIFIED
>
> A question I had, assuming somebody
> hasn't already asked it from you - in writing the Directive, how would we
> include the use of OpenID and OpenAuth?  We would want to specify the
> generalized category that those fit into, but would need to allow for
> potential competitor standards that might emerge in the future.
>

One point of clarification: "OpenAuth" is a trademark owned by AOL; "OAuth"
is probably what you're thinking of. It's important to keep the two out of
the same sentences. ;)

To answer your question, I might suggest including these technologies in the
realm of "Identity" or "Social Media" technologies. OpenID is a technology
that helps people identify themselves to you; we typically use email
addresses for that purpose today, but an OpenID should become a more
convenient alternative in the future (even if that includes email addresses
as OpenIDs).

> So if you were writing this, what paragraph would you include that would
> specify things like OpenID in order to address the whole privacy issue?
>  And
> again, as we discussed at TransparencyCamp, that would involve two options
> for Citizens in participating on Federal sites - to  either use external
> servers to register for govt sites, or a single govt server for all govt
> websites which might result in better level of service.  And also to have a
> plaec to authenticate Federal employees to external sites like Twitter,
> which would start to address the problem of others acting as if they were
> from govt accounts.

I think the first thing to make clear is that OpenID should be considered an
important, but optional, convenience for making it easier for people to
interact with and take advantage of government websites and services. Few
people are looking for MORE accounts online, and OpenID is a vendor-neutral
way to address this growing dilemma (of account proliferation).

With regards to privacy, I think this is where the optional bit is
essential. As it is, the government makes various uses of my phone number,
my email address and my social security number to identify me; using a
web-friendly identifier as an alternative would be convenient for me and
allow me to choose a provider that I trust (which may so happen to be my
email provider in the case of Google, Yahoo et al).

I largely favor the government accepting third-party OpenID Providers for
authentication, just as they do allow for email provider choice. Pushing
people through a central government-issued OpenID provider seems fraught
with trouble — yet another account to forget since people would only need it
for irregular interactions with the government (simply an extension of the
current problem with government-issued accounts).

Of course, where there is a need for remote authentication between
government agency websites, I think it's worth considering using OpenID in
these cases — if anything to lower the cost of implementation and
support-over-time thanks to the maintenance efforts of the OpenID open
source community (which admittedly needs to see more activity).

For government employees, I do think that it would be useful for a central
agency (whichever one already issues government credentials) to operate an
OpenID Provider to enable government employees to authenticate and act
within the capacity of their government purview on third-party sites.

Let's keep this conversation going though — I think this is a great context
(this list, that is) to have this discussion!

Chris

>
> v/r
> Noel Dickover
> DoD CIO, IT Investments and Commercial Policy Directorate
> Social Software and Emerging Technologies
> 703-601-4729x152
> Noel.Dickover.ctr at osd.mil
> https://www.dodtechipedia.mil - Join the Fight!!!
>
>
>
> -----Original Message-----
> From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
> Behalf Of David Recordon
> Sent: Wednesday, March 04, 2009 1:18 PM
> To: general at openid.net
> Subject: [OpenID] TransparencyCamp and OpenID
>
> This weekend both Chris Messina and I went to TransparencyCamp in DC and
> talked to a bunch of people there about OpenID.  We shot a quick episode of
> TheSocialWeb.tv about it:
> http://www.thesocialweb.tv/blog/2009/03/transparency-camp.html
>
> --David
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>

-- 
Chris Messina
Citizen-Participant &
 Open Web Advocate-at-Large

factoryjoe.com # diso-project.org
citizenagency.com # vidoop.com
This email is:   [ ] bloggable    [X] ask first   [ ] private
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090310/7315e213/attachment-0002.htm>