A new alliance should make it a bit easier to get around the web without accumulating yet more usernames and passwords.
The Open Identity Exchange will enable users of PayPal, Google and Equifax to sign into certain US government websites using their credentials from those sites.
The National Institutes of Health (NIH) is the first government website accepting these credentials. Once signed into the NIH website with, say, a PayPal ID, users can perform customized library searches, access training resources, register for conferences, and contribute to medical research wikis.
Announced today at the RSA Conference in San Francisco, the Open Identity Exchange is funded with initial grants from the OpenID Foundation (OIDF) and Information Card Foundation (ICF).
A number of companies in the private sector already allow the sharing of credentials. The OpenID alliance includes Google, PayPal and others. Facebook is allowing its users to log into thousands of sites with Facebook Connect. And while this is a limited rollout for the government to begin with, it’s another small step in the direction of a single sign-on.
The merits of a single sign-on — one username and password you can use across the web — are debatable. While the convenience might seem appealing, there are serious security concerns. Already, most people use the same password for multiple sites, leaving themselves vulnerable to identity thieves.
The Open Identity Exchange believes it has addressed these concerns by implementing a “trust framework” — a stricter verification process — to comply with the tight security standards of government websites.
“Trusted identities and consumer control of personal information are essential to the effectiveness of transactions on the Internet,” said Andrew Nash, senior director of identity services for PayPal. “Trusted frameworks that provide identity assurance are a critical factor in the success of the digital identity ecosystem.”
