Top government IT officials and representatives from online identity services met today in Washington DC to talk about plans to allow 3rd party certification bodies, called “Trust Framework Providers,” to evaluate private sector OpenID and Info Card providers for use in logging into government agency websites.
The Open Government Identity Management Solutions Privacy Workshop is being held in Washington DC to draft a process for certifying existing identity providers for low-security government authentication transactions (so-called NIST level 1). If the plans move forward, we may someday be able to log in to government sites using our favorite OpenID-supporting website credentials. Google, AOL, Yahoo or other commercial accounts could become new keys to a consistent experience around the .gov web.
The draft process for selecting approved Trust Framework Providers that will then certify individual identity providers is titled “Trust Framework Provider Adoption Process for Levels of Assurance 1, 2, and non-PKI 3” and is available for download as a PDF.
That draft includes requirements that OpenID or related Info Card identities not be used to authenticate people who are physically present (it’s just for remote online access), that they not be used to transmit activity data or anything else beyond what is specifically requested by a government agency and that there be measures taken to continue protecting personal information if the identity provider goes out of business.
Identity providers will be evaluated on factors like an organization’s technical implementation of authentication, its reputation and its business stability.
Providers who meet the requirements of the Trust Framework may be chosen to provide low-security authentication for users of government websites.
O’Reilly’s Andy Oram posted an in-depth look at some of the issues raised by government support for OpenID last week.
“In considering government adoption,” OpenID Foundation board member Chris Messina said of the Framework, “primary among our priorities is the protection of individual privacy while also considering ease of use and convenience. These factors cut to the core of the purpose of Trust Framework and feedback, therefore, is strongly encouraged on the document we’ve produced so far.”
Keep your eyes peeled for an opportunity to comment publicly.
Government validation of federated identity could be a major boost for the ecosystem of the open, distributed web, and thus for innovation online. We hope the people making these plans can get it right and that the relevant government agencies can garner sufficient public support.