[OpenID] TransparencyCamp and OpenID (U)

Ben Laurie benl at google.com
Wed Mar 11 10:33:01 UTC 2009 

On Tue, Mar 10, 2009 at 10:06 PM, Chris Messina <chris.messina at gmail.com> wrote:
> On Tue, Mar 10, 2009 at 1:03 PM, Dickover, Noel, CTR, NII/DoD-CIO
> <Noel.Dickover.ctr at osd.mil> wrote:
>>
>> UNCLASSIFIED
>>
>> A question I had, assuming somebody
>> hasn't already asked it from you - in writing the Directive, how would we
>> include the use of OpenID and OpenAuth?  We would want to specify the
>> generalized category that those fit into, but would need to allow for
>> potential competitor standards that might emerge in the future.
>
> One point of clarification: "OpenAuth" is a trademark owned by AOL; "OAuth"
> is probably what you're thinking of. It's important to keep the two out of
> the same sentences. ;)
> To answer your question, I might suggest including these technologies in the
> realm of "Identity" or "Social Media" technologies. OpenID is a technology
> that helps people identify themselves to you; we typically use email
> addresses for that purpose today, but an OpenID should become a more
> convenient alternative in the future (even if that includes email addresses
> as OpenIDs).
>
>>
>> So if you were writing this, what paragraph would you include that would
>> specify things like OpenID in order to address the whole privacy issue?
>>  And
>> again, as we discussed at TransparencyCamp, that would involve two options
>> for Citizens in participating on Federal sites - to  either use external
>> servers to register for govt sites, or a single govt server for all govt
>> websites which might result in better level of service.  And also to have
>> a
>> plaec to authenticate Federal employees to external sites like Twitter,
>> which would start to address the problem of others acting as if they were
>> from govt accounts.
>
> I think the first thing to make clear is that OpenID should be considered an
> important, but optional, convenience for making it easier for people to
> interact with and take advantage of government websites and services. Few
> people are looking for MORE accounts online, and OpenID is a vendor-neutral
> way to address this growing dilemma (of account proliferation).
> With regards to privacy, I think this is where the optional bit is
> essential. As it is, the government makes various uses of my phone number,
> my email address and my social security number to identify me; using a
> web-friendly identifier as an alternative would be convenient for me and
> allow me to choose a provider that I trust (which may so happen to be my
> email provider in the case of Google, Yahoo et al).
> I largely favor the government accepting third-party OpenID Providers for
> authentication, just as they do allow for email provider choice.

Wow, really? Wouldn't you prefer a protocol with some actual security?

> Pushing
> people through a central government-issued OpenID provider seems fraught
> with trouble — yet another account to forget since people would only need it
> for irregular interactions with the government (simply an extension of the
> current problem with government-issued accounts).
> Of course, where there is a need for remote authentication between
> government agency websites, I think it's worth considering using OpenID in
> these cases — if anything to lower the cost of implementation and
> support-over-time thanks to the maintenance efforts of the OpenID open
> source community (which admittedly needs to see more activity).
> For government employees, I do think that it would be useful for a central
> agency (whichever one already issues government credentials) to operate an
> OpenID Provider to enable government employees to authenticate and act
> within the capacity of their government purview on third-party sites.
>
> Let's keep this conversation going though — I think this is a great context
> (this list, that is) to have this discussion!
> Chris
>>
>>
>> v/r
>> Noel Dickover
>> DoD CIO, IT Investments and Commercial Policy Directorate
>> Social Software and Emerging Technologies
>> 703-601-4729x152
>> Noel.Dickover.ctr at osd.mil
>> https://www.dodtechipedia.mil - Join the Fight!!!
>>
>>
>>
>> -----Original Message-----
>> From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
>> Behalf Of David Recordon
>> Sent: Wednesday, March 04, 2009 1:18 PM
>> To: general at openid.net
>> Subject: [OpenID] TransparencyCamp and OpenID
>>
>> This weekend both Chris Messina and I went to TransparencyCamp in DC and
>> talked to a bunch of people there about OpenID.  We shot a quick episode
>> of
>> TheSocialWeb.tv about it:
>> http://www.thesocialweb.tv/blog/2009/03/transparency-camp.html
>>
>> --David
>> _______________________________________________
>> general mailing list
>> general at openid.net
>> http://openid.net/mailman/listinfo/general
>>
>> _______________________________________________
>> general mailing list
>> general at openid.net
>> http://openid.net/mailman/listinfo/general
>>
>
>
>
> --
> Chris Messina
> Citizen-Participant &
>  Open Web Advocate-at-Large
>
> factoryjoe.com # diso-project.org
> citizenagency.com # vidoop.com
> This email is:   [ ] bloggable    [X] ask first   [ ] private
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>

More information about the general mailing list