<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div>(adding Paul & James who Noel introduced us to earlier today)</div><div><br></div><div>A few updates, and a request.<div><br></div><div>Warning: This message is pretty US-centric, but the work being discussed here has been developed by an international collaboration and the results of these discussions with US government should prove useful to the entire international community (so don't beat me up too much Ben :-). That said...</div><div><br></div><div>(1) A few days ago I mentioned "...I would be happy to talk with them about co-hosting a kick-off event to drill into this issue as it relates to OpenID specifically". "Them" is precisely one of the groups Noel described in his email to this list earlier today, ICAM (specifically Judy who is Paul's co-chair of ICAM: see hierarchy below). I just had that call today and received confirmation (not surprisingly, in complete alignment with Noel's assessment) that ICAM/COFG is the right place to engage. Judy asked me to come to DC next week and speak to ICAM about the Identity Assurance Framework and how it might enable what they are trying to achieve regarding citizen identity (this would be inclusive of OpenID, as I've explained previously in this thread).</div><div><br></div><div>- The CIO Counsel's</div><div>-- Information Security and Identity Management Committee (ISIMC)'s</div><div>--- Identity, Credential and Access Management (ICAM) subcommittee's</div><div>---- Citizen Outreach Focus Group (COFG)</div><div><br></div><div>(2) I think next week's in-person meeting will be a great time to discuss the fit between IAF and OpenID, and this collaboration we seem to be spinning up between the stewards of IAF (Liberty Alliance Project) and OpenID (OpenID Foundation). One item that should be discussed/presented to ICAM next week is the "citizen identity summit" (for lack of a better term) we've been discussing on this thread and see if April 13 or April 17 would be a good choice (I believe GSA is already keen to host it, but let's discuss this with ICAM before locking in any logistics).</div><div><br></div><div>I also believe ICAM may be a good group to discuss a means of collaborating with the GSA's Architectural Working Group on a new OpenID "scheme" (to be added to the existing SAML "scheme") which would be essentially an eGovernment Profile of OpenID which would *enable* OP's to comply with LOA1 (and LOA2?). Again, I want to emphasize my organization's desire to share what support we can to enable success with this. For example, LAP has an eGovernment profile for SAML that we are finalizing in collaboration with the aforementioned Architectural Working Group (and several non-US government agencies), and an interoperability testing & certification program that is already required by the GSA office of government-wide policy. That experience & existing working collaboration between LAP & GSA, combined with OIDF's security committee, could be another useful collaboration toward an effective outcome for all parties concerned.</div><div><br></div><div>The format next week is one hour where the ICAM members will listen to and question their invited expert(s), followed by a second hour where the expert(s) will be excused while the committee discusses what they just heard. </div><div><br></div><div>(3) Given this opportunity, and my previously stated desire to address these issues collaboratively with the OpenID community, I'd like to invite the OpenID community to provide a co-presenter to represent OpenID in that session next week. I apologize for the short notice, but I only confirmed this today myself. Hopefully there is someone local (or short-notice-enabled) who can take me up on the offer. If not, I'll certainly do the best I can to cover the aforementioned issues on my own. But if there is someone who can join me, all I ask from my co-presenter is:</div><div>- you can attend in person (a one hour session next Thursday, March 26 at 10:00am EDT)</div><div>- you will make time for one or two planning calls with me between now and then</div><div>- you are endorsed to represent the OpenID community (not sure what that means, but you probably do)</div><div>- you can help me answer questions along the lines of what has come up in this thread so far, e.g. security issues, common deployment models, trends or enhancements in the pipeline and/or what might be at least in the realm-of-the-possible given community input to-date, etc.</div><div>- you can confirm your commitment to be the co-presenter by close-of-business Wednesday, March 19.</div><div><br></div><div>I'm a member of the OpenID Foundation myself, but I am not familiar enough with the OIDF processes to hazard a guess as to how such a co-presenter might be "chosen". Unless someone has a more informed suggestion of how to move forward... I suggest that whomever believes they fit the bill for this presentation opportunity (as described above) and who wishes to volunteer their time to this cause, simply identify themselves to the list and we'll sort it out in the next day or two via email.</div><div><br></div><div>Cheers,</div><div><br></div><br><div apple-content-edited="true"> <span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div>Brett McDowell | +1.413.652.1248 | <a href="http://info.brettmcdowell.com">http://info.brettmcdowell.com</a></div></div></span> </div><br><div><div>On Mar 16, 2009, at 1:25 PM, David Recordon wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Yes, let's definitely have an event like this and I'd be happy to help get it setup.<div><br></div><div>--David</div><div><br><div><div>On Mar 13, 2009, at 1:04 AM, Chris Messina wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><br><br><div class="gmail_quote">On Thu, Mar 12, 2009 at 8:34 PM, Brett McDowell <span dir="ltr"><<a href="mailto:brett@projectliberty.org">brett@projectliberty.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"> <div style="word-wrap:break-word"><div>...The Identity Assurance Framework looks at how any particular credential service can achieve LOA 1 through LOA 4. What we don't have is any analysis of what an OP could achieve with OpenID 2.0. Knowing this will provide a clear gap analysis of what we have vs. what we need. We can base our deliberations on these hard facts. I can only believe this will be more productive than... actually I don't see any alternative to this approach if we are serious about making progress.</div> <div><br></div><div>Next Steps?</div><div><br></div><div>...I would be happy to talk with them about co-hosting a kick-off event to drill into this issue as it relates to OpenID specifically. I assume they will be interested. They, like I, would like to see citizens be able to use whatever private sector credentials they "already have" to access government applications. If those are OpenID's, then lets make sure those OpenID's are going to be acceptable to these federal Relying Parties (who knows, we might learn something that helps us win more RP adoption in other markets as well).</div> <div><br></div><div>Thoughts?</div><div></div></div></blockquote><div><br></div><div>Sounds good to me! It would also be good to get in sync with a number of the existing OpenID-in-government conversations underway. </div> </div><div><br></div>We're not the first to bring this up or to consider the issues that exist for government to adopt OpenID; but, of course we have a great deal to add to that discussion and taking the approach as you described it sounds prudent.<div> <br></div><div>Chris <br clear="all"><br>-- <br>Chris Messina<br>Citizen-Participant &<br> Open Web Advocate-at-Large<br><br><a href="http://factoryjoe.com">factoryjoe.com</a> # <a href="http://diso-project.org">diso-project.org</a><br> <a href="http://citizenagency.com">citizenagency.com</a> # <a href="http://vidoop.com">vidoop.com</a><br>This email is: [ ] bloggable [X] ask first [ ] private<br> </div> _______________________________________________<br>general mailing list<br><a href="mailto:general@openid.net">general@openid.net</a><br><a href="http://openid.net/mailman/listinfo/general">http://openid.net/mailman/listinfo/general</a><br></blockquote></div><br></div></div></blockquote></div><br></div></body></html>