March 3, 2010

Federal Support for Federated Login

Posted by Eric Sachs, Senior Product Manager, Google Security

Last November, we discussed the progress that account login systems operating via standards-based identity technologies like OpenID have achieved across the web. As more websites seek to interact with one another to provide a richer experience for users, we're seeing even more interest in finding a secure way to enable that kind of information sharing while avoiding the hassle for users of creating new accounts and passwords.

Excitement for technology like OpenID is not limited to the private sector. President Obama's open government memorandum last year spurred the creation of a pilot initiative in September to enable U.S. citizens to more easily sign in to government-run websites. Google joined a number of other companies to explore ways to answer that call.

Now, several months later, some interesting things are taking shape. The Open Identity Exchange (OIX), a new organization and certification body focused on online identity management, today named Google among the first identity providers to be approved by the U.S. Government as meeting federal standards for identity assurance. This means that Google's identity, security, and privacy specifications have been certified so that a user can register and log in at U.S. government websites using their Google account login credentials. The National Institute of Health (NIH) is the first government website ready to accept such credentials, and we look forward to seeing other websites open up to certified identity providers so that users will have an easier and more secure time interacting with these resources.

Our hope is that the work of the OIX and other groups will continue to grow and help facilitate more open government participation, as well as improve security on the Internet by reducing password use across websites.

8 comments:

  1. AlistairMarch 3, 2010 at 12:34 PM

    1st line of 2nd paragraph is missing a "to":
    "Excitement for technology like OpenID is not limited to the private sector."

    ReplyDelete
  2. QPTMarch 3, 2010 at 1:01 PM

    Is it completely different from OpenID?

    ReplyDelete
  3. Vipul MahajanMarch 3, 2010 at 1:05 PM

    Thats a very good initiative to have a centralized database for all users.

    It is very similar to banking industry which have bureaus to maintain customers' information across different banks.

    My only concern is based upon a point that when more and more information is brought together the risk of misusing this information increases.

    Therefore, such a system needs to be dealt with high security and accuracy.

    ReplyDelete
  4. UnknownMarch 3, 2010 at 3:51 PM

    Congratulations to Google!
    The need for a verifiable identity with a convenient mechanism to link publication to source has been obvious for many years. Google is in a position to provide a big part of the solution.

    ReplyDelete
  5. Topher O'NeilMarch 3, 2010 at 8:40 PM

    I have to say I think it's an amazing idea that we should be tied in to all of our information with one unique setup, but I think there will always be those "out-there" folks who believe this will be a violation of their privacy and freedom of information act. If it could be done painlessly I think you would see less squaking but in theory I'm for the idea.

    ReplyDelete
  6. MikeMarch 4, 2010 at 9:03 AM

    no way in the world would i give the u.s government my google login info!

    or any other login info for that matter. google is pretty naive to be working so closely with government in general and this administration in particular. they have shown themselves to be just as devious and deceitful as previous administrations and downright scary with their secret aims to socialize america. we need less government interference and control in our lives, not more. i trust private industry, not government. keep all these initiatives private. dont cooperate with government. google is really starting to scare me now. to me, cooperating with the u.s. government is evil. dont do it.

    ReplyDelete
  7. gumglMarch 8, 2010 at 11:20 PM

    I dream of a world with everyone having an electronical device provided by the government that would replace everything we have now in our pockets. It would replace credit cards and money. This kind of system is already working in Europe. It would also be used as a smartphone. Everything would be related to this, including your official online account. We could even vote with this kind of device. Making an association of google accounts with individuals via the government is a great idea and a step forward a "centralized" future where we would only need a single device to identify ourselves to do everything. The possibilities are endless.

    ReplyDelete
  8. upsidedownbinMarch 16, 2010 at 1:32 AM

    I agree that having a government standard is important to things like log in, but as technology is progressing, will the government be able to update its standards as fast as hackers are updating their techniques? I think that the government will have a big job on their hands if they want to constantly monitor the technology of hackers, especially if many websites are connected via log in. Because if someone finds a way to hack it, many websites could be breached

    ReplyDelete

You are welcome to contribute comments, but they should be relevant to the conversation. We reserve the right to remove off-topic remarks in the interest of keeping the conversation focused and engaging. Shameless self-promotion is well, shameless, and will get canned.

Note: Only a member of this blog may post a comment.