[Dave Birch] One of my most frequent criticisms of the UK's national identity card scheme is that it is backward-looking, an electronic simulation of a Victorian ID card rather than an ID card for the 21st century. I gave an example of this in a talk recently by using the case of OpenID, noting that in Finland you can use your ID card to log in to OpenID, and pointing out that this bringing together of |nternet standards and national ID made sense on a number of levels. Needless to say, I have never heard OpenID mentioned in connection with the UK national ID card.
Now I hear that another country has gone over to OpenID. In this case, Lithuania.
Starting January 1st 2009 every issued Personal ID card has OpenID in it, backed up by personal digital certificate. National Certificate Center under the Ministry of Interior will be the national OpenID provider (https://openid.vrm.lt/). Provider service is currently in testing mode, it is not yet open to the general public, but it will go public anytime soon.[From [OpenID - Eu] Republic of Lithuania goes OpenID]
Doesn't anyone else find it odd that our flagship national identity programme is so unambitious? That our roadmap to 2018 does not include services that are already rolled out in Lithuania?
When I was asked to comment on some related issues for DirectGov, I suggested a twin-track strategy: start converting government sites to accept OpenID and implement a 2FA OpenID provider that can use the national ID card, perhaps with CAP or similar tokens as put forward by Andy Smith of IPS at our BCS seminar in January. It's not like OpenID is some whacky fringe technology: major players are getting on board all the time, so it's got to be worth the experiment.
OpenID Foundation is pleased to announce the addition of PayPal as a sustaining corporate member of the Board.[From OpenID » Blog Archive » PayPal joins OpenID Foundation Board as we enter 2009]
With organisations ranging from Google to Facebook on board, OpenID is hardly an outlier. So why aren't the government already using it? Surely it would an obvious way to make an ID card useful: create an OpenID provider that you can log into with username and password but also that you can log in with national ID card for additional security. Social networks (Facebook recently joined the OpenID foundation) and games would be happy to accept the username and password log in but certain service providers (eg, the government itself) might insist on the 2FA log in for transactional purposes.
These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]