Open Identity for Open Government

September 9, 2010

Mary RuddyMary Ruddy

Open Identity For Open Government Initiative

Public Private Partnership – Various Agencies– Non-Profits– For Profit Companies

US GSA Initiative

“The government believes that there is a win-win for all of us in collaborating with industry to provide good identity solutions for electronic interactions with the American public.”

Judy Spencer of GSA

Goals

(With full credit to Chris Louden Protiviti Gov Services)

• Make Government more transparent to citizenry• Make it easier for citizenry to access government

information• Avoid issuance of application-specific credentials• Leverage Industry credentials for Government use • Leverage Web 2.0 technologies

What is Open Identity ?

• Portable Internet identities• Identities issued by industry – multiple providers• Some call it federated identity….• Based on open standards• User driven (user controls what data is released)• OpenID and Information Card protocols…• Identities certified by independent organizations

Multiple Levels of Assurance (LOA)

– Pseudonomity - MickyMouse123– Verified identities - John D. Smyth– Verified claims - City or state of residence, age,

etc.

Third-party identity Mgmt.

• Address the need for Internet-scale digital identity management

• Solves the problem by using a third party to assist end-users in identity transactions– Called an “identity service provider” (also “identity

provider”, “IdP”, “IP”)• This sets up a “trust triangle” for Internet identity

transactions

7

8

identityserviceprovider

relyingparty

user

Terms of Service (TOS) agreement

Terms of Service (TOS) agreement

Optional direct trust agreement

The “trust triangle”

Open Identity Framework Model

9

Trust Framework ProviderIdentityserviceproviders relying

parties

Trust Community

32

assessors& auditors

44

disputeresolvers

55

Trust Community Trust Community

Trust framework agreements

TOS agreements user

1111 11

Initiatives

• Gov standards • Certifying process for gov standards• Market for certifying to gov standards• IdP market• Enabling infrastructure technology • Meta Data for Federated Interoperability• RP adoption• Privacy

Since Last Gov 2.0

• GSA finalized TFPAP• Open Identity Exchange (OIX) formed• Kantara and OIX certified to certify IdPs to GSA

schemas• IdP’s certified (Google, Yahoo, PayPal, Equifax

VeriSign)• NIH in production at NLM with PubMed site• More Pilots in process• Various interops at RSA and Catalyst• FI-WG for meta data automation• Input to NS-SOT, now NSTIC

www.Idmanagement.Gov

PubMedhttp://www.ncbi.nlm.nih.gov/pubmed

US GSA Demonstration

• Equifax issued Information Cards, powered by Azigo CardPress

• Azigo Selector• Demo version of

recovery.gov Drupal site with PamelaWare Drupal plugin

Next Challenges

• More higher LOA certifiers• Higher LOA credentials and business

models• More work on meta data interoperability• Roll out more pilots• Continued interop feedback to enabling

software providers• Attribute claims

Thank You

mary@meristic.com