[OpenID] TransparencyCamp and OpenID (U)

Ben Laurie benl at google.com
Thu Mar 12 14:26:57 UTC 2009 

On Wed, Mar 11, 2009 at 5:44 PM, Chris Messina <chris.messina at gmail.com> wrote:
> What might you propose if you were in Noel's position?

I'm not sure there's anything I love very much so far, but at this
time, something SAML-based would seem as good as it gets.

>
> On 3/11/09, Ben Laurie <benl at google.com> wrote:
>> On Tue, Mar 10, 2009 at 10:06 PM, Chris Messina <chris.messina at gmail.com>
>> wrote:
>>> On Tue, Mar 10, 2009 at 1:03 PM, Dickover, Noel, CTR, NII/DoD-CIO
>>> <Noel.Dickover.ctr at osd.mil> wrote:
>>>>
>>>> UNCLASSIFIED
>>>>
>>>> A question I had, assuming somebody
>>>> hasn't already asked it from you - in writing the Directive, how would we
>>>> include the use of OpenID and OpenAuth?  We would want to specify the
>>>> generalized category that those fit into, but would need to allow for
>>>> potential competitor standards that might emerge in the future.
>>>
>>> One point of clarification: "OpenAuth" is a trademark owned by AOL;
>>> "OAuth"
>>> is probably what you're thinking of. It's important to keep the two out of
>>> the same sentences. ;)
>>> To answer your question, I might suggest including these technologies in
>>> the
>>> realm of "Identity" or "Social Media" technologies. OpenID is a technology
>>> that helps people identify themselves to you; we typically use email
>>> addresses for that purpose today, but an OpenID should become a more
>>> convenient alternative in the future (even if that includes email
>>> addresses
>>> as OpenIDs).
>>>
>>>>
>>>> So if you were writing this, what paragraph would you include that would
>>>> specify things like OpenID in order to address the whole privacy issue?
>>>>  And
>>>> again, as we discussed at TransparencyCamp, that would involve two
>>>> options
>>>> for Citizens in participating on Federal sites - to  either use external
>>>> servers to register for govt sites, or a single govt server for all govt
>>>> websites which might result in better level of service.  And also to have
>>>> a
>>>> plaec to authenticate Federal employees to external sites like Twitter,
>>>> which would start to address the problem of others acting as if they were
>>>> from govt accounts.
>>>
>>> I think the first thing to make clear is that OpenID should be considered
>>> an
>>> important, but optional, convenience for making it easier for people to
>>> interact with and take advantage of government websites and services. Few
>>> people are looking for MORE accounts online, and OpenID is a
>>> vendor-neutral
>>> way to address this growing dilemma (of account proliferation).
>>> With regards to privacy, I think this is where the optional bit is
>>> essential. As it is, the government makes various uses of my phone number,
>>> my email address and my social security number to identify me; using a
>>> web-friendly identifier as an alternative would be convenient for me and
>>> allow me to choose a provider that I trust (which may so happen to be my
>>> email provider in the case of Google, Yahoo et al).
>>> I largely favor the government accepting third-party OpenID Providers for
>>> authentication, just as they do allow for email provider choice.
>>
>> Wow, really? Wouldn't you prefer a protocol with some actual security?
>>
>>> Pushing
>>> people through a central government-issued OpenID provider seems fraught
>>> with trouble — yet another account to forget since people would only need
>>> it
>>> for irregular interactions with the government (simply an extension of the
>>> current problem with government-issued accounts).
>>> Of course, where there is a need for remote authentication between
>>> government agency websites, I think it's worth considering using OpenID in
>>> these cases — if anything to lower the cost of implementation and
>>> support-over-time thanks to the maintenance efforts of the OpenID open
>>> source community (which admittedly needs to see more activity).
>>> For government employees, I do think that it would be useful for a central
>>> agency (whichever one already issues government credentials) to operate an
>>> OpenID Provider to enable government employees to authenticate and act
>>> within the capacity of their government purview on third-party sites.
>>>
>>> Let's keep this conversation going though — I think this is a great
>>> context
>>> (this list, that is) to have this discussion!
>>> Chris
>>>>
>>>>
>>>> v/r
>>>> Noel Dickover
>>>> DoD CIO, IT Investments and Commercial Policy Directorate
>>>> Social Software and Emerging Technologies
>>>> 703-601-4729x152
>>>> Noel.Dickover.ctr at osd.mil
>>>> https://www.dodtechipedia.mil - Join the Fight!!!
>>>>
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
>>>> Behalf Of David Recordon
>>>> Sent: Wednesday, March 04, 2009 1:18 PM
>>>> To: general at openid.net
>>>> Subject: [OpenID] TransparencyCamp and OpenID
>>>>
>>>> This weekend both Chris Messina and I went to TransparencyCamp in DC and
>>>> talked to a bunch of people there about OpenID.  We shot a quick episode
>>>> of
>>>> TheSocialWeb.tv about it:
>>>> http://www.thesocialweb.tv/blog/2009/03/transparency-camp.html
>>>>
>>>> --David
>>>> _______________________________________________
>>>> general mailing list
>>>> general at openid.net
>>>> http://openid.net/mailman/listinfo/general
>>>>
>>>> _______________________________________________
>>>> general mailing list
>>>> general at openid.net
>>>> http://openid.net/mailman/listinfo/general
>>>>
>>>
>>>
>>>
>>> --
>>> Chris Messina
>>> Citizen-Participant &
>>>  Open Web Advocate-at-Large
>>>
>>> factoryjoe.com # diso-project.org
>>> citizenagency.com # vidoop.com
>>> This email is:   [ ] bloggable    [X] ask first   [ ] private
>>>
>>> _______________________________________________
>>> general mailing list
>>> general at openid.net
>>> http://openid.net/mailman/listinfo/general
>>>
>>>
>>
>
>
> --
> Chris Messina
> Citizen-Participant &
>  Open Web Advocate-at-Large
>
> factoryjoe.com # diso-project.org
> citizenagency.com # vidoop.com
> This email is:   [ ] bloggable    [X] ask first   [ ] private
>

More information about the general mailing list