The GSA profile for openID is available at:
http://www.idmanagement.gov/documents/ICAM_OpenID20Profile.pdf
Many things that are SHOULD in the openID 2.0 spec are now MUST in the
profile.
There are new PAPE URI and other modifications.
Most of the OP's supporting the profile will not be restricting it to
only Gov RP's.
Any RP may elect to use all or parts of this new profile for any
purpose they choose.
Also any OP is free to support it wether or not they are on the GSA
whitelist.
To get on the GSA white-list OP's must support the profile and be
audited against a Trust Framework. The OIDF has information available
an applying through it's program.
There are quite a number of requirements on the RP side, that need to
be met.
The sooner these features are in libraries the sooner government
agencies can move ahead with deployments.
If there is interest we can set up a google group where developers can
get there questions on implementing the profile answered.
If I can get to IIW in Nov, I would like to organize a session on
this for people.
There will be revisions to the profile in the future as we all gain
experience.
The people who worked on the profile tried to profile only the
existing specifications as written without inventing anything
incompatible with existing implementations.
The GSA's goal is to enable as many existing identities as possible to
have access to govenment resources without making people create new
username and password accounts at each of the thousands of potential
RP sites.
Extra attention was taken to allow openID to be used without divulging
ANY PII to the government.
This includes the use of a Pseudonymous openID identifier to allow
sites that can take no PII or do any correlation to still use openID.
The regulation on this is quite strict. We could not convert the ID
to a pseudonym on the RP side and adhere to the regulation.
We hope that the profile maximizes participation of OP's and RPs
alike, while not placing insurmountable burdens on developers.
RP's and OP's that don't intend to make use of the profile need to
make no changes at all.
I regret bot being able to share more of this with you sooner. The
OIDF and the other foundations were requested not to discuss this
publicly until after the government announcements.
Regards
John Bradley
_______________________________________________
specs mailing list
[email protected]
http://lists.openid.net/mailman/listinfo/openid-specs
