• 09.08.09

Government Experimenting With Identity Technologies

Yesterday the United States Government in collaboration with industry announced a few pilot projects using emerging open identity technologies for citizens to use when interacting with government sites. This is part of the The Obama administration’s open government memorandum calling for transparency participation, collaboration more real.

The Obama administration open government memorandum called for transparency participation, collaboration
and federal agencies have begun to embrace Web 2.0 technologies like
blogs, surveys, social networks, and video casts. Today there are over
500 government Web sites and about 1/3 of them
require a user name and password. Users need to be able to register and
save information and preferences on government Web sites the same way
they do today with their favorite consumer sites, but without revealing
any personally identifiable information to the government.


Yesterday the United States Government in collaboration with industry announced a few pilot projects using emerging open identity technologies for citizens to use when interacting with government sites. I use the word interacting very deliberately because the government doesn’t want to know “who you are” and has gone great lengths to develop their implementations to prevent citizens from revealing personally identifiable information (name, date of birth etc).

How would you use this?–well imagine you are doing an in depth search on an NIH (National Institute of Health) Web site–and you went back to the site many times over several months. Wouldn’t it be great if the site could “know” it was you and help you resume your search where you left off the last time. Not your name and where you live but just that you were there before.

The Identity Spectrum helps us to understand how it all fits together.

Spectrum of ID

Pseudonymous Identity is where over time you use the same account or identifier over and over again at a site. It usually means you don’t reveal your common/real name or other information that would make you personally identifiable. You could use the same identifier at multiple sites thus creating a correlation between actions on one site and another.

Self-Asserted Identity is what is typical on the Web today. You are asked to share your name, date of birth, city of residence, mailing address etc. You fill in forms again and again. You can give “fake” information or true information about yourself–it is up to you.

Verified Identity is when there are claims about you that you have had verified by a third party. So for example if you are an employee of a company your employer could issue a claim that you were indeed an employee. You might have your bank verify for your address. etc.


The government pilot is focused on supporting citizens being able to have pseudonymous identities that function only at one Web site–the same citizen interacting with several different government Web sites needs to use a different identifier at each one so their activities across different government agencies do not have a correlation.

It is likely that some readers of this blog know about and understand typical OpenID. Almost all readers of this blog do have an openID whether they know it or not because almost all the major Web platforms/portals provide them to account holders–MySpace, Google, Yahoo!, AOL etc.

So how does this work with OpenID?

Typical OpenID

Using the OpenID with Directed identity–de-links your the identifiers used across different sites but still lets you use the same account to login to multiple sites.

Directed Identity

How does this work with Information Cards?

This is a complementary open standard to OpenID that has some sophisticated features that allow it to support verified identities along with pseudonymous & self asserted identities. It involves a client-side piece of software called a selector–which selector helps you manage your different identifiers using a card based metaphor, with each digital “card” representing a different one. Citizens can create their own cards OR get them from third parties that validate things about them.


The government is creating a privacy protecting “card profile” to be used in the pilot program. It is NOT issuing identities.

Trust Framework are needed to get it all to work together.

From the press release yesterday:

“It’s good to see government taking a leadership role in moving
identity technology forward. It’s also good to see government working
with experts from private sector and especially with the Information
Card Foundation and the OpenID Foundation because identity is not a
technical phenomenon–it’s a social phenomenon. And technological
support for identity requires the participation of a broad community
and of representatives of government who define the legal framework
within which identity will operate,” said Bob Blakley, Vice President and Research Director, Identity and Privacy Strategies, Burton Group.
“Today’s announcement supplies the most important missing ingredient of
the open identity infrastructure, mainly the trust framework. Without a
trust framework it’s impossible to know whether a received identity is

The OpenID Foundation and Information Card Foundation wrote a joint white paper to describe how they are working on developing this. From the abstract:

[They] are working with the U.S. General Services Administration to create open trust frameworks for their respective communities.

These frameworks, based on the model developed by the InCommon
federation for higher education institutions, will enable government
Web sites to accept identity credentials from academic, non-profit, and
commercial identity providers that meet government standards. These
standards are critical as they represent the government’s resolution of
the challenging and often competing issues of identity, security, and
privacy assurance. Open trust frameworks not only pave the way for
greater citizen involvement in government, but can enable even stronger
security and privacy protections than those typically available offline.

These are all exciting developments but there is much more to do.

Looking (far) ahead there may be the opportunity to do selective disclosure–combining anonymity with verified identity.


You could imagine this would be handy for citizens wanting to communicate their opinions to their member of congress without revealing their actual name and address – they could “prove” using a verified claim they live in the district but not reveal who they are. This aspect of what is possible with the technology is VERY forward looking and will take many years to get there. There is enormous potential to evolve the Web with this emerging identity layer.

I would like to invite all of you interested in being involved/learning more to attend the Internet Identity Workshop in Mountain View California November 3-5. I have been facilitating this event since its inception in 2005. It is truly amazing to see how far things have progressed from when we were 75 idealistic technologist talking about big ideas. at the Hillside Club in Berkeley. It is also some what daunting to think about how much farther we have to go.


Kaliya Hamlin is the co-founder, co-producer and facilitator of the Internet Identity Workshop an open industry forum that has been meeting every 6 months since the fall of 2005. Known as the Identity Woman (the title of her blog) and is an independent expert in user-centric digital identity.  She was named by Fast Company as one of the most Influential Women in Technology.