<div><div class="gmail_quote">On Tue, Mar 10, 2009 at 1:03 PM, Dickover, Noel, CTR, NII/DoD-CIO <span dir="ltr"><<a href="mailto:Noel.Dickover.ctr@osd.mil">Noel.Dickover.ctr@osd.mil</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
UNCLASSIFIED<br>
<br>A question I had, assuming somebody<br>
hasn't already asked it from you - in writing the Directive, how would we<br>
include the use of OpenID and OpenAuth? We would want to specify the<br>
generalized category that those fit into, but would need to allow for<br>
potential competitor standards that might emerge in the future.<br></blockquote><div><br></div><div>One point of clarification: "OpenAuth" is a trademark owned by AOL; "OAuth" is probably what you're thinking of. It's important to keep the two out of the same sentences. ;)</div>
<div><br></div><div>To answer your question, I might suggest including these technologies in the realm of "Identity" or "Social Media" technologies. OpenID is a technology that helps people identify themselves to you; we typically use email addresses for that purpose today, but an OpenID should become a more convenient alternative in the future (even if that includes email addresses as OpenIDs).</div>
<div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">So if you were writing this, what paragraph would you include that would<br>
specify things like OpenID in order to address the whole privacy issue? And<br>
again, as we discussed at TransparencyCamp, that would involve two options<br>
for Citizens in participating on Federal sites - to either use external<br>
servers to register for govt sites, or a single govt server for all govt<br>
websites which might result in better level of service. And also to have a<br>
plaec to authenticate Federal employees to external sites like Twitter,<br>
which would start to address the problem of others acting as if they were<br>
from govt accounts.</blockquote><div><br></div><div>I think the first thing to make clear is that OpenID should be considered an important, but optional, convenience for making it easier for people to interact with and take advantage of government websites and services. Few people are looking for MORE accounts online, and OpenID is a vendor-neutral way to address this growing dilemma (of account proliferation).</div>
<div><br></div><div>With regards to privacy, I think this is where the optional bit is essential. As it is, the government makes various uses of my phone number, my email address and my social security number to identify me; using a web-friendly identifier as an alternative would be convenient for me and allow me to choose a provider that I trust (which may so happen to be my email provider in the case of Google, Yahoo et al).</div>
<div><br></div><div>I largely favor the government accepting third-party OpenID Providers for authentication, just as they do allow for email provider choice. Pushing people through a central government-issued OpenID provider seems fraught with trouble — yet another account to forget since people would only need it for irregular interactions with the government (simply an extension of the current problem with government-issued accounts).</div>
<div><br></div><div>Of course, where there is a need for remote authentication between government agency websites, I think it's worth considering using OpenID in these cases — if anything to lower the cost of implementation and support-over-time thanks to the maintenance efforts of the OpenID open source community (which admittedly needs to see more activity).</div>
<div><br></div><div>For government employees, I do think that it would be useful for a central agency (whichever one already issues government credentials) to operate an OpenID Provider to enable government employees to authenticate and act within the capacity of their government purview on third-party sites.</div>
<div> </div><div>Let's keep this conversation going though — I think this is a great context (this list, that is) to have this discussion!</div><div><br></div><div>Chris</div><div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<br>
<br>
v/r<br>
Noel Dickover<br>
DoD CIO, IT Investments and Commercial Policy Directorate<br>
Social Software and Emerging Technologies<br>
703-601-4729x152<br>
<a href="mailto:Noel.Dickover.ctr@osd.mil">Noel.Dickover.ctr@osd.mil</a><br>
<a href="https://www.dodtechipedia.mil" target="_blank">https://www.dodtechipedia.mil</a> - Join the Fight!!!<br>
<br>
<br>
<br>
-----Original Message-----<br>
From: <a href="mailto:general-bounces@openid.net">general-bounces@openid.net</a> [mailto:<a href="mailto:general-bounces@openid.net">general-bounces@openid.net</a>] On<br>
Behalf Of David Recordon<br>
Sent: Wednesday, March 04, 2009 1:18 PM<br>
To: <a href="mailto:general@openid.net">general@openid.net</a><br>
Subject: [OpenID] TransparencyCamp and OpenID<br>
<br>
This weekend both Chris Messina and I went to TransparencyCamp in DC and<br>
talked to a bunch of people there about OpenID. We shot a quick episode of<br>
TheSocialWeb.tv about it:<br>
<a href="http://www.thesocialweb.tv/blog/2009/03/transparency-camp.html" target="_blank">http://www.thesocialweb.tv/blog/2009/03/transparency-camp.html</a><br>
<br>
--David<br>
_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@openid.net">general@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
<br>_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@openid.net">general@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br>Chris Messina<br>Citizen-Participant &<br> Open Web Advocate-at-Large<br><br><a href="http://factoryjoe.com">factoryjoe.com</a> # <a href="http://diso-project.org">diso-project.org</a><br>
<a href="http://citizenagency.com">citizenagency.com</a> # <a href="http://vidoop.com">vidoop.com</a><br>This email is: [ ] bloggable [X] ask first [ ] private<br>
</div>