Ten companies ranging from Yahoo to PayPal to Google are supporting plans to support pilot programs aimed at enabling users to log in to government Websites using OpenID and Information Card technologies.
The initiative is meant to fit into President Obama's memorandum to make it easy for individuals to register and participate in government Websites without having to create new usernames and passwords. Members of the public will be able to fully control how much or how little personal information they share with the government at all times.
Besides Yahoo, PayPal and Google, other companies participating in the programs include Equifax, AOL, VeriSign, Acxiom, Citi, Privo and Wave Systems. The pilot programs themselves are being conducted by the Center for Information Technology, National Institutes of Health, U.S. Department of Health and Human Services, and related agencies.
The initiative paves the way for individuals to use services such as blogs, surveys and social networks and customize their experience on government Websites without revealing any personal identifiable information such as passwords. In the coming months, NIH officials plan to use OpenID and Information Cards to support a number of services, including customized library searches, access to training resources, registration for conferences and use of medical research wikis, all with strong privacy protections.
Each of the participating companies is being certified under nondiscriminatory open trust frameworks developed in collaboration between the OpenID Foundation and the Information Card Foundation and reviewed by the federal government.
"It's also good to see government working with experts from the private sector and especially with the Information Card Foundation and the OpenID Foundation because identity is not a technical phenomenon-it's a social phenomenon," said Bob Blakley, an analyst with the Burton Group, in a statement. "Technological support for identity requires the participation of a broad community and of representatives of government who define the legal framework within which identity will operate. Today's announcement supplies the most important missing ingredient of the open identity infrastructure, mainly the trust framework. Without a trust framework it's impossible to know whether a received identity is reliable."
In an interview with eWEEK, VeriSign Director of Innovation Gary Krall said that the primary drivers for this initial phase of the initiative are trust and privacy.
"Trust in the form of certifying the [identity providers] in terms of how they manage user information, and privacy in the form of allowing users to remain anonymous on those sites which allow that and ensuring that their privacy is non-correlatable," Krall explained.
"Security in our case is how we protect the VeriSign Personal Identity Portal [PIP] user's account from unwanted access," he said. "By combining VeriSign's two-factor authentication services, whether in the form of a one-time password or in the form of a certificate, we add a layer of protection to users who use our service when they access the [government] Websites that will be participating in the initial pilot of the service."