AKO et al Should Offer OpenID Services

It's been a while since I've consistently blogged here. At the risk of writing checks I can't cash, I'll state for the record that I'm going to try once again for consistency. It should be easy. If I can just manage to be half as talkative (and opinionated) here as I am in meatspace I'll be golden. That hasn't been the case for the last year, but I'm really going to try. Anyway, here goes...

A few weeks ago I was talking to Blake Hall about the difficulty of on-boarding military members for his new service TroopSwap. It's a cool idea and I wish it had been around back when I was in the Navy and was trying to unload that solid oak 300 lb entertainment center I was stupid enough to buy. It is sort of like a Craig's List / eBay hybrid but focused on those out of the way places where the military builds its posts and bases. You know, places too sparsely populated or interesting to find in Craig's list of supported cities.

Blake's goal is to help military members who are moving every six to eighteen months find someone to trade their gear, tv, or kitchen table with for barter or cash. So in addition to the focus on out of the way places, TroopSwap also wants to take advantage of the circle of trust inside the military and ensure the user that transactions are with other trustworthy military members. Sort of like a USAA for buying and selling your stuff. But to do this effectively he needs to make sure that members are actually in the military without making signing up so difficult that they just don't bother. Right now it's a pain.

Wouldn't it be cool if Army Knowledge Online / Defense Knowledge Online, Navy Marine Corps Internet, Air Force Portal and etc. took a page from the "government as a platform" playbook and offered an OpenID service? And I don't mean on the NIPRNet, I'm talking about out in the wild on the Internet. If they did, Blake could accept OpenID's from that short list of providers and make signing up simple and safe. I know this sounds stupid at first, but stay with me for a minute. It's not just to make Blake's business better.

Lt. General Sorenson, the Army CIO, has been pushing for two years to make innovation possible at the edge of the Army enterprise. Apps for Army, the Army Transformation Architecture, and similar initiatives coming out of CERDEC make it possible for soldiers in the field to write and deploy code without waiting for the core acquisition process to figure everything out. They enable emergent innovation in the field.

An AKO OpenID service is like an extension of that idea, but it goes even further. It would extend the Army's zone of innovation beyond the edge to outside the enterprise boundary, and it would encourage third party services to innovate on their behalf. Ultimately the benefits wouldn't be just for entrepreneurs like Blake, but would be for soldiers, sailors, marines and airmen by making it easier for outside organizations to offer them targeted services. It might be retail companies like Amazon or Best Buy, or even Domino's Pizza, using it to easily offer online discounts to service members. It might be companies like Facebook or MySpace offering specially designed areas catering only to military members. Or, it might be non-profits like the USO that already serve the military but want to serve them better online. Once you start thinking about it, it's hard to stop coming up with ideas.

Flipping the coin over, it's also good for the military because it gives them a way to see who their people are doing business with and pay attention to the nature of that business. They could easily require third parties to meet a set of "safe for troops" business standards before they would be offered OpenID from those providers.

This may be a little bit more of a stretch, but I can also think of more "tactical" use cases too. As the military is asked to do more disaster recovery and humanitarian aid they may find more need to give service members access to the systems and web applications of various NGO's. Those NGO's could easily set up their systems to accept OpenID's served from government networks.

I know this is a counter intuitive idea, at least at first. But the more I think about it the more I think the military and its members would benefit from extending internal identity services beyond the enterprise boundary through OpenID.

Comments

The issue preventing DoD organizations from issuing/relying on OpenID services is the underlying vulnerabilities in password based authentication. It's obviously secure enough for some activities (I just used OpenID to authenticate myself to typepad to enter this comment. But, here the concern is to ensure that I'm not a bot rather than to ensure that I'm actually who I claim to be. OpenID and other ID federation schemes are just to vulnerable to be used safely for access to sensitive information, financial transactions, or other activities where assured identity is required. The trade off is convenience vs security.

Posted by: Robert Vietmeyer | October 26, 2010 at 02:15 PM

Hey Rob, you are right. But I none of the examples I gave require that kind of sensitivity to security issues. I'm not suggesting it be used inside the enterprise to access sensitive information. I'm suggesting that it be offered as a service to sites outside the enterprise who can then offer simple enhanced services based on a reasonable assurance that the user is in the military. I would not, for example, except a bank to accept it as proof of identity.

Posted by: Jim | October 26, 2010 at 02:32 PM