<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">LoA 1 is purely pseudonymous. The IdP need not have any idea who the user is. <div><br></div><div>The only requirement is that they secure the account so that it is the same user each time.</div><div><br></div><div><div>With delegation the OP has no visibility into the policy of whoever controls the upstream URI.</div><div><br></div><div>Yahoo as an example cant assert to the RP that it is the same person controlling the identifier as last time .</div><div><br></div><div>That is one of the problems of delegation.</div><div><br></div><div>The PII one is the other.</div><div><br></div><div>Each federal site must undergo a privacy impact assessment if they collect anything other than customization information about the user lang etc.</div><div><br></div><div>They also have requirements not to correlate information across agencies. </div><div><br></div><div>A site needs to have special dispensation though a Privacy impact assessment review to collect other sorts of information.</div><div><br></div><div>We wanted to be able to make openID available across the broadest number of sites.</div><div><br></div><div>The Privacy guidelines also require a OP to allow a user to decline sending attributes.</div><div><br></div><div>Remember from the governments point of view this is about using identities that people already have.</div><div><br></div><div>People are not required to get openID's or disclose anything to OPs.</div><div><br></div><div>Passing attributes is a connivence for the user to aid a registration process.</div><div><br></div><div>Users will still be able to create accounts directly with usernames and passwords.</div><div><br></div><div>We worked hard to launch with a good representation of the existing OPs so that people would not be forced to get new accounts.</div><div><br></div><div>We did not get all of the large OPs yet. They can speak to there reasons for not participating at this time.</div><div><br></div><div>John B.<br class="Apple-interchange-newline"><blockquote type="cite"><span class="Apple-style-span" style="border-collapse: separate; font-family: Helvetica; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><span class="Apple-style-span" style="font-family: monospace; ">Date: Wed, 9 Sep 2009 15:37:30 -0700<br>From: SitG Admin <<a href="mailto:sysadmin@shadowsinthegarden.com">sysadmin@shadowsinthegarden.com</a>><br>Subject: Re: [OpenID] DotNetOpenAuth announces support of the<br><span class="Apple-tab-span" style="white-space: pre; "> </span>Government profile of OpenID<br>To: Andrew Arnott <<a href="mailto:andrewarnott@gmail.com">andrewarnott@gmail.com</a>><br>Cc:<span class="Apple-converted-space"> </span><a href="mailto:openid-general@lists.openid.net">openid-general@lists.openid.net</a><br>Message-ID: <f06110402c6cddc7c7700@[192.168.0.2]><br>Content-Type: text/plain; charset="us-ascii" ; format="flowed"<br><br><blockquote type="cite">The profile is quite paranoid about not exposing any PII, and if the<span class="Apple-converted-space"> </span><br></blockquote><blockquote type="cite">user were allowed to enter anything, that might give away something<span class="Apple-converted-space"> </span><br></blockquote><blockquote type="cite">about the personal identity of the user. So instead, RPs must use<span class="Apple-converted-space"> </span><br></blockquote><blockquote type="cite">the nascar OP button display, which means all authentications begin<span class="Apple-converted-space"> </span><br></blockquote><blockquote type="cite">with an OP identifier (thus no delegation).<br></blockquote><br>It instantly struck me as an odd concern, this "paranoia" when<span class="Apple-converted-space"> </span><br>forcing users to communicate through an OP that probably required a<span class="Apple-converted-space"> </span><br>LOT of PII from the user (and may provide it to "the government" upon<span class="Apple-converted-space"> </span><br>request). If your PII is in the chain, someone can trace back to you.<span class="Apple-converted-space"> </span><br>(Vanity domains, to be fair, can be the same - and if you put bad<span class="Apple-converted-space"> </span><br>information in the Owner field, you may have trouble proving your<span class="Apple-converted-space"> </span><br>right to that domain, later on.)<br><br>Does the profile permit multi-user OP's to make assertions about<span class="Apple-converted-space"> </span><br>users for whom they have NOT collected any PII?<br><br>-Shade<br></span></span></blockquote></div><br></div></body></html>