.Nat Zone

Digital Identity et al.

Are National ID Cards Going to Snuggle Up With OpenID?

      2008/09/02

The REAL ID Act of 2005 is said by some to pave the way for a United States National ID Card and has come under heavy criticism from a wide range of people in the US. Some recent developments indicate that a National ID card could be tied to the federated authentication standard called OpenID.

At the most basic level, this would mean that you could sign in with your National ID card to all the websites where today you can login with a Yahoo! or AIM or other OpenID. Hmmm…

Are National ID Cards Going to Snuggle Up With OpenID?

IMHO, the government forcing the use of the Veronym and centralized government operated OpenID is a bad thing.

However, if it is a pseudonym which is hosted in various places and given out separately to each RPs with some assertion on the identity’s attribute, such as age, is not so bad. You will be able to get the service that you deserve, and you still do not get to be correlated at the RPs.

Of course, this OP may be able to determine your Real Identity, but that is depending on the operation principle of the OP. It might just use the National ID for the registration and discard the National ID itself right after that.

In fact, coupling of OpenID with this kind of government or otherwise authoritative certification document for the registration purpose serves to enhance privacy. You can prove some of your attribute and still you are anonymous. This has not been possible hitherto.

Thus, I would argue that coupling of National ID type of thing and OpenID is privacy enhancing.

Remember, Certification, Registration, Authentication, Authentication Assertion, Authorization is all different things. It is awfully wrong to use the certificate (such as National ID) as the authentication identity, but, for registration purposes, it is quite useful.

 - Uncategorized