But the identity world had its own big news today; the news is that the US Government has teamed up with the OpenID Foundation, the Information Card Foundation, the Kantara Initiative, and InCommon in creating the Open Identity Initiative.[From Burton Group Identity Blog: US Government Identity News]
I was involved in some discussions with a government department a few months ago — long before the US government announcement — during which I suggested opening up some public services using OpenID. My reasoning was that we could experiment with “soft” OpenIDs provided by (to consumers) familiar services. If you asked a customer to log in to the DVLC using their Facebook “Identity”, then I’m sure they would manage to do this with little training and no mention of trust infrastructures and the like. Once they are comfortable with this, then you can restrict access to “hard” OpenIDs (by which I mean 2FA OpenIDs).
The central point, though, was that the government could help to create an identity infrastructure built on a diverse selection of “private” digital identities. I think that, as Burton note, the US government’s decision signals a genuine paradigm shift in this direction, a genuine change in the mental model are identity.
after years of government attempts to create identities and assign them to citizens (via such bad ideas as the UK National ID scheme and the US REAL-ID act), a government has finally recognized that individuals already HAVE identities, and that it’s a better idea, for most purposes, to use these identities than to establish a new government bureaucracy to create new identities[From Burton Group Identity Blog: US Government Identity News]
Personally, I think that the government ought to be a “gold standard” identity provider as well as an identity oonsumer, but that’s another issue.
Hey, everyone loves PIV and everyone loves OpenID, so why not put them together? Suppose that I am a contractor working for some US government department. I could use my PIV to log in to some VPN or web site, or I could log in using OpenID and use my PIV at an approved 2FA OpenID PIV-compliant responder. Who knows how this might develop: soon I might find myself logging in to my bank or my broker using the same PIV card because they adopt OpenID too.
Authentication provider (i.e. a minimalistic identity provider that only wraps a standard identity protocol, like OpenID, around strong authentication, like a smart card). This could work for vendors in the strong authentication business, but so far there is no existence proof. I don’t think anybody has really tried, so it’s too early to tell.[From Johannes Ernst’s Blog » On Identity Business Models or Lack Thereof]
This would be an ideal experiment to test whether “hard” OpenID would work on a large scale but it would also be a seed for a new businesses and I am convinced that if we are to have a more effective identity infrastructure then it has to make money for some one.
These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]