Janrain is a Portland company working with the federal government to replace login and registration blocks with an OpenID framework. The company is the only service provider that is working with the Apps.Gov site to provide OpenID-based login and registration tools.
We asked JanRain CEO Brian Kissel to provide some background about OpenID in the federal government and the role the company plays in its adoption. Kissel is chairman of the OpenID Foundation.
Janrain recently relaunched its OpenID service as Janrain Engage.The service helps connects sites to the social web through APIs and widgets. Janrain Engage allows visitors to sign-in to sites with their social network accounts and then publish comments, purchases, reviews or other activities across the social Web.
Question: Can you please give a brief summary of how this came about? What has been the process? What will be the general outcome?
Answer: The Federal government’s interest in OpenID started with Transparency Camp in Washington, DC over a year ago as part of the administration’s goals of citizen engagement and governmental transparency. That led to a series of meetings with the OpenID Foundation, U.S. General Services Administration (GSA),National Institute of Standards and Technology (NIST) and major identity providers including Google, Yahoo, Verisign, AOL, Microsoft, PayPal and others. The GSA, in conjunction with NIST and the OpenID Foundation, took the lead in developing an OpenID profile suitable for use on federal government websites. The OpenID and Information Card Foundations then sponsored the formation of a certification body to ensure that participating identity providers would comply with the OpenID Federal Profile. This organization is called the Open Identity Exchange (OIX).
Last fall the federal government announced its plans to deploy OpenID on federal websites. During two separate meetings with Vivek Kundra, the Federal CIO, he explained that a major priority for the federal government is transparency and “citizen engagement.”
Accordingly, the government is aggressively pursuing open standard technologies that
enable and support these objectives. At the Gov 2.0 Summit in Washington DC, the
GSA and several government agencies announced their plans to adoptOpenID as part of the White House’s Open Government Initiative. Initial identity providers include Yahoo, Google, AOL, Verisign, and PayPal. All these companies are now undergoing certification processes, The first wave of federal websites to accept these identity providers will include the Center for Technology (CIT), NIH, U.S. Department of Health and Human Services (HHS), and related agencies.
Question: How does this make it easier for citizens to participate?
Answer: As with commercial websites, OpenID allows citizens to register and login to a federal website using an existing account at the ID provider (IDP), usually by just clicking the button of the preferred IDP. This eliminates the hassle of creating a new account as well as remembering the user name and password for each federal website that a citizen visits.
Question: How does the federal government’s OpenID framework fit into social networks?
Answer: While not specifically called out in the current Federal Profile, open standard technologies including OpenID, OAuth, Portable Contacts, and Activity Streams allow citizens to share their activities on federal websites with friends, colleagues and family members across the social Web. Imagine if you are doing research on the CDC website on how to protect your family from swine flu. If you find an interesting article, resource, discussion forum, or service, you may want to share that with friends. Using social networking technology, you could then post links to this particular resource on social networks such as Yahoo Updates, Google Buzz, Twitter, Facebook, MySpace, LinkedIn, Windows Messenger Connect, etc. Friends and colleagues on these social networks could then follow that link directly back to the relevant page on the CDC website. Once there, they could then use their OpenID account to register and login access the resource, then share this with their friends as well. This expands the reach of federal website resources and makes it easier for citizens to access and promote these resources.
Question: What were the requirements for the work that were needed in order to guarantee citizen privacy?
Answer: The GSA and NIST wanted to ensure that reliable services would comply with the privacy and security requirements. This required technology as well as policies and procedures which were collectively developed by the GSA, NIST, OpenID Foundation, and IDPs. The OIX provides certification procedures to insure that any IDP complies with the GSA OpenID Profile for use on federal websites.
Question: How are you making OpenID accessible to citizens? It can be a bit unfamiliar when first using it.
Answer: In addition to ensuring that there were certified IDP services, it’s also important to provide easy and reliable deployment options for federal agencies wanting to leverage this new capability. These solutions also need to be simple and intuitive for citizens to use. Janrain developed a version of its market leading RPX software as a service (SaaS) specifically for federal agency use and provided a link to that service from the GSA’s www.apps.gov website.
Question: What federal sites are using it?
Answer: Today the NIH, CIT, and HHS agencies are in trial deployments across a number of their web properties using home grown solutions. Our expectation is that as these deployments become refined and finalized, more federal agencies will begin deploying similar functionality.
Question: How does this affect your business?
It increases the reach and benefits of third party identity and social publishing applications. As citizens use these services on more commercial websites, they will begin to demand similar functionality on federal, state, and local websites as well. As the market expands certification services like those being developed for federal agencies, it’s likely that healthcare, financial services, and other commercial industry sectors will also adopt and deploy these solutions for customer engagement.