Citizen Voice


This is a session from the Open Government Directive Workshop, which took place on January 11, 2010 at the US Department of Transportation.  Here is a list of other presentations and sessions.

 

Issue/Topic: Identity

Session Number: 1-F

Convener:  Debbie Bucci and Dazza Greenwood
Notes-takers: Mary Ruddy and Kaliya Hamlin
Tags: Identity, Pilot, Adoption, Privacy
 
Debbie started out by describing the  Open Identity model being used by NIH. It involves multiple industry credential providers such as PayPal, Google, Yahoo, Equifax, AOL, Acxiom, VeriSign, etc. across all levels of assurance.
 
Privacy is important – The GSA worked with the OpenID and Information Card Foundations to create profiles of the OpenID and Information Card (IMI) open standards that protect users privacy.  These profiles support pseudominity.  (You can be MickeyMouse123).
 
This Open Identity Initiative for Open Government supports multiple logins.  It supports portable credentials. So for example, a researcher won’t need a different login for each research.org website if they don’t want to.  This provides a big convenience benefit – Federated Identity for researchers.  It also greatly reduces password reseat and other support costs for the government websites. 
 
For a federated identity approach, you need to have standards for the information system highway.  The GSA has developed these.   http://www.idmanagement.gov/drilldown.cfm?action=openID_openGOV
 
The NIH site accepts identity credentials based on the OpenID, SAML and Information Card open standards.  NIH has evolved a unified environment to support these choices. It provides the convenience of reusable logins. 
 
We discussed privacy issues.
 
We have been working with the privacy community.  What is best depends on the context.  It is great to have the convenience of reusable logins, then there is the privacy issue.  This is being addressed with the  Open Identity Framework approach, which enables industry identity providers to certify that that meet the requirements of the identity profiles supported by a government and that they support privacy guidelines. The goal is to combine privacy and security with convenience and reach.
 
The group talked about government standards for privacy and security such as OMB memorandum  M-04-04, which describes 4 levels of assurance.  And also NIST Special Publication 800-63.   800-63 is in its third iteration.  We talked about requirements for identity proofing for higher levels of assurance.
 
To protect their identity, people may have several identity  credentials.   For example a pseudonomous credential for providing political input, a identity proofed credential for interacting with the SSA or VA, and a  third credential for their government job.
 
A person may have a core id, and clusters of other non-correlatable IDs. 
 
CDT (The Center for Democracy and Technology) likes the idea of having multiple credentials vs. having a single ID.   It provides more privacy. 
 
Rather than having one (big brother) identity,  people will have multiple identity options.  Providing options is important to acceptance by the public.   It is also important for people to be able to opt out.  At NIH people have the option of creating an local NIH account, rather than using a portable identity account.
 
Dazza thinks that ultimately most people will have 4-10 online identity credentials..  We talked about who would own these identity credentials.  A bank owns/issues our bank card, and the department of motor vehicles owns your driver’s license.  The Information Card IMI standard support this.  You can have multiple information cards issued by different organizations.
 
Dazza commented that he and Mary had presented this Open Identity concept at an MIT workshop, just exactly a year ago.   
 
We talked about the using phones as part of the authentication process (something you have.)  Continuing to discuss the tradeoffs of convenience vs. privacy.  We talked about the new Google services that allow you to input all your phone numbers into Google and have calls forwarded to wherever you are.  But everyone doesn’t want to give Google all their phone numbers. Google offers a variation on this service that is more privacy preserving, but it doesn’t offer as many features.   Smart shopping cards (retailer loyalty cards) are also evolving.  While you are optimizing savings or convenience, the service provide can be “optimizing you.”
 
We agreed that it is important to have choice.  One doesn’t want to use Google for everything.  Open standards support choice.
 
Online services can be valuable, but the bigger the system, the bigger the possibility of errors.  The example was given of the late Senator Ted Kennedy being barred from boarding his weekly flight to DC because the name Ted Kennedy was on a TSA list.  So with any system you need to have a process for addressing errors (a process for redress.)
 
The question was asked about Biometrics.  They are being used, but are too expensive to be used as a method for the general population.
 
NIH is starting by supporting level of assurance 1 (LOA-1) LOA-1 credentials don’ contain any personally identifying information.
 
One participant thought it would be great to be able to have a pseudonomous identity credential that also had an authoritative attributes.  Mary and Kaliya responded that this is possible with Information Cards, which are based on the open IMI standard.  For example, Equifax provides an “over-18” Information Card that just has your name and that you are over 18.  It doesn’t have other private information such as your birth date, which a driver’s license has.   Information Cards, which are virtual, digital cards, can be issued by a third party, for example, Equifax, or they can be self asserted by the person.