

The White House is leading efforts for a new web authentication system - yiransheng
http://www.govtech.com/security/Drivers-License-for-the-Internet.html

======
tdaltonc
What will this be that OpenID isn't?

Why should a developer choose to use this authentication solution over one of
the popular OAuth based systems (Facebook, Google, Twitter)?

~~~
superuser2
If this system is implemented correctly, a successful authentication is a
guaranteed 1:1 match to a specific human being in the real world.

It would solve SPAM, for one thing - SPAM is any message not signed by a real-
world identity. If a real-world identity _does_ send junk mail, you block
them. They can't just go get another identity, so the block is actually
useful. (Okay, you _can_ steal identities, with money/underworld connections,
but it's unlikely to be profitable at scale.)

It would be orders of magnitude better than the current security model for
financial transactions. Rather than simply hoping merchants will safeguard the
magic numbers that are the _only_ thing needed to drain customers' bank
accounts, you could set it so that only the person in control of a government-
issued ID associated with a bank account can spend money using that account.
And that you don't hand over your password to merchants - just use it to
authorize transactions. Also, ideally, your government ID could have multiple
factors like a physical token.

It would replace having to upload scans of ID documents, which is incredibly
insecure both because of the risk of compromise - there are quite a number of
things a malicious person can do with just that JPEG file - and because their
security features are entirely physical - you can Photoshop someone else's
name into your passport pretty easily, and Coinbase/your bank won't know the
difference between that and the scan straight off a scanner.

Inevitably, people will hate this as a blow to anonymity/pseudoynmity, but
there are already tons of applications which are inherently and/or
deliberately not anonymous (like loans, credit cards, Bitcoin exchanges, etc.)
and, if done right, this makes those services _way_ less prone to fraud. And
consequently, cheaper.

It would be Orewellian if it were mandatory, but as an optional service, this
is a good thing for everyone.

------
puppetmaster3
I'm from the government and I'm here to help

