[OpenID] TransparencyCamp and OpenID (U)

Chris Messina chris.messina at gmail.com
Wed Mar 11 17:44:45 UTC 2009 

What might you propose if you were in Noel's position?

On 3/11/09, Ben Laurie <benl at google.com> wrote:
> On Tue, Mar 10, 2009 at 10:06 PM, Chris Messina <chris.messina at gmail.com>
> wrote:
>> On Tue, Mar 10, 2009 at 1:03 PM, Dickover, Noel, CTR, NII/DoD-CIO
>> <Noel.Dickover.ctr at osd.mil> wrote:
>>>
>>> UNCLASSIFIED
>>>
>>> A question I had, assuming somebody
>>> hasn't already asked it from you - in writing the Directive, how would we
>>> include the use of OpenID and OpenAuth?  We would want to specify the
>>> generalized category that those fit into, but would need to allow for
>>> potential competitor standards that might emerge in the future.
>>
>> One point of clarification: "OpenAuth" is a trademark owned by AOL;
>> "OAuth"
>> is probably what you're thinking of. It's important to keep the two out of
>> the same sentences. ;)
>> To answer your question, I might suggest including these technologies in
>> the
>> realm of "Identity" or "Social Media" technologies. OpenID is a technology
>> that helps people identify themselves to you; we typically use email
>> addresses for that purpose today, but an OpenID should become a more
>> convenient alternative in the future (even if that includes email
>> addresses
>> as OpenIDs).
>>
>>>
>>> So if you were writing this, what paragraph would you include that would
>>> specify things like OpenID in order to address the whole privacy issue?
>>>  And
>>> again, as we discussed at TransparencyCamp, that would involve two
>>> options
>>> for Citizens in participating on Federal sites - to  either use external
>>> servers to register for govt sites, or a single govt server for all govt
>>> websites which might result in better level of service.  And also to have
>>> a
>>> plaec to authenticate Federal employees to external sites like Twitter,
>>> which would start to address the problem of others acting as if they were
>>> from govt accounts.
>>
>> I think the first thing to make clear is that OpenID should be considered
>> an
>> important, but optional, convenience for making it easier for people to
>> interact with and take advantage of government websites and services. Few
>> people are looking for MORE accounts online, and OpenID is a
>> vendor-neutral
>> way to address this growing dilemma (of account proliferation).
>> With regards to privacy, I think this is where the optional bit is
>> essential. As it is, the government makes various uses of my phone number,
>> my email address and my social security number to identify me; using a
>> web-friendly identifier as an alternative would be convenient for me and
>> allow me to choose a provider that I trust (which may so happen to be my
>> email provider in the case of Google, Yahoo et al).
>> I largely favor the government accepting third-party OpenID Providers for
>> authentication, just as they do allow for email provider choice.
>
> Wow, really? Wouldn't you prefer a protocol with some actual security?
>
>> Pushing
>> people through a central government-issued OpenID provider seems fraught
>> with trouble — yet another account to forget since people would only need
>> it
>> for irregular interactions with the government (simply an extension of the
>> current problem with government-issued accounts).
>> Of course, where there is a need for remote authentication between
>> government agency websites, I think it's worth considering using OpenID in
>> these cases — if anything to lower the cost of implementation and
>> support-over-time thanks to the maintenance efforts of the OpenID open
>> source community (which admittedly needs to see more activity).
>> For government employees, I do think that it would be useful for a central
>> agency (whichever one already issues government credentials) to operate an
>> OpenID Provider to enable government employees to authenticate and act
>> within the capacity of their government purview on third-party sites.
>>
>> Let's keep this conversation going though — I think this is a great
>> context
>> (this list, that is) to have this discussion!
>> Chris
>>>
>>>
>>> v/r
>>> Noel Dickover
>>> DoD CIO, IT Investments and Commercial Policy Directorate
>>> Social Software and Emerging Technologies
>>> 703-601-4729x152
>>> Noel.Dickover.ctr at osd.mil
>>> https://www.dodtechipedia.mil - Join the Fight!!!
>>>
>>>
>>>
>>> -----Original Message-----
>>> From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
>>> Behalf Of David Recordon
>>> Sent: Wednesday, March 04, 2009 1:18 PM
>>> To: general at openid.net
>>> Subject: [OpenID] TransparencyCamp and OpenID
>>>
>>> This weekend both Chris Messina and I went to TransparencyCamp in DC and
>>> talked to a bunch of people there about OpenID.  We shot a quick episode
>>> of
>>> TheSocialWeb.tv about it:
>>> http://www.thesocialweb.tv/blog/2009/03/transparency-camp.html
>>>
>>> --David
>>> _______________________________________________
>>> general mailing list
>>> general at openid.net
>>> http://openid.net/mailman/listinfo/general
>>>
>>> _______________________________________________
>>> general mailing list
>>> general at openid.net
>>> http://openid.net/mailman/listinfo/general
>>>
>>
>>
>>
>> --
>> Chris Messina
>> Citizen-Participant &
>>  Open Web Advocate-at-Large
>>
>> factoryjoe.com # diso-project.org
>> citizenagency.com # vidoop.com
>> This email is:   [ ] bloggable    [X] ask first   [ ] private
>>
>> _______________________________________________
>> general mailing list
>> general at openid.net
>> http://openid.net/mailman/listinfo/general
>>
>>
>


-- 
Chris Messina
Citizen-Participant &
  Open Web Advocate-at-Large

factoryjoe.com # diso-project.org
citizenagency.com # vidoop.com
This email is:   [ ] bloggable    [X] ask first   [ ] private

More information about the general mailing list