
The US Government Adopts OpenID - fogus
http://www.readwriteweb.com/archives/openid_going_mainstream_us_gov_announces_pilot_pro.php
======
fallintothis
_If you own a domain that's an OpenID provider, you won't be able to use
that._

Aren't there OpenID users who host their own identities exclusively for
themselves? Is there danger in letting people do this? (I seriously don't know
much about OpenID practices.)

~~~
ajross
FTA:

Ten private companies, a number of US Government Federal Agencies primarily in
the Health sector and the OpenID and Information Card Foundations will
announce this morning in Washington DC the launch of a pilot program to allow
members of the public to log in to participating government websites with
their credentials from _approved independent websites_.

They're not allowing any OpenID cert, they're just blessing the big providers
(presumably Google, Yahoo, etc...).

------
rfreytag
"[W]hen we authenticate ourselves with Google, Yahoo, Verisign or whoever our
Identity Provider of choice is, that website will pass a different, unique URL
to the government site we're logging in to."

Sounds like Google, Yahoo, Verisign or whoever [sic] will have a lot of
information about which government agencies you interact with and how often.

~~~
codexon
And they can also spoof you since they control their domain and know what your
openid is.

------
wizard_2
It's a step in the right direction. But I'm still wanting to use my own domain
for my openid. The common attacks on open id (phishing, man in the middle when
authenticating, etc) aren't mitigated by limiting the number of providers. I'd
rather they come up with a security standard for openID providers then white
list a few.

------
tlrobinson
"approved independent websites."

Lame.

------
mildweed
/me puts on tin foil hat

~~~
waratuman
and i ready my gun

