The REAL ID Act of 2005 is said by some to pave the way for a United States National ID Card and has come under heavy criticism from a wide range of people in the US. Some recent developments indicate that a National ID card could be tied to the federated authentication standard called OpenID.

At the most basic level, this would mean that you could sign in with your National ID card to all the websites where today you can login with a Yahoo! or AIM or other OpenID. Hmmm…

Are National ID Cards Going to Snuggle Up With OpenID?

IMHO, the government forcing the use of the Veronym and centralized government operated OpenID is a bad thing.

However, if it is a pseudonym which is hosted in various places and given out separately to each RPs with some assertion on the identity’s attribute, such as age, is not so bad. You will be able to get the service that you deserve, and you still do not get to be correlated at the RPs.

Of course, this OP may be able to determine your Real Identity, but that is depending on the operation principle of the OP. It might just use the National ID for the registration and discard the National ID itself right after that.

In fact, coupling of OpenID with this kind of government or otherwise authoritative certification document for the registration purpose serves to enhance privacy. You can prove some of your attribute and still you are anonymous. This has not been possible hitherto.

Thus, I would argue that coupling of National ID type of thing and OpenID is privacy enhancing.

Remember, Certification, Registration, Authentication, Authentication Assertion, Authorization is all different things. It is awfully wrong to use the certificate (such as National ID) as the authentication identity, but, for registration purposes, it is quite useful.

There seem to be some compatibility issues since the rise of OpenID 2.0. For example, something like

http://www.readwriteweb.com/cgi-bin/mt/mt-comments.cgi

does not support OpenID 2.0 nor XRI so that I cannot login to comment

OpenID RP Module for Xoops JP.
==============================
Author: Nat Sakimura (=nat)
Date: 2008-02-10
Copyright: Nat Sakimura (=nat)
License: GPL
Version: 0.2
PHP OpenID Library: php-openid-2.0.0

DOWNLOAD
========
http://www.sakimura.org/modules/mydownloads/visit.php?cid=1&lid=8

INSTALL
=======

1. Unarchive the files under modules/ directory.
2. Define XOOPS_TRUST_PATH somewhere out of the web accessible path
in mainfile.php
3. Create a foloder

Let me make note of my random thougts before I forget.

1. Reputation needs to have an identifier of somebody being scored.
2. The same for who is scoring.
3. For what criteria, this reputation score was made.
4. For the reputation to be aggregatable, it has to have a distribution that we know about the aggregated distribution (such as normal distribution).
5. The information about the distribution, including what distribution, mean, and standard diviation must be published together with the score.
6. Display score must be intuitive for an average person.
7. Date that score was made
8. Signature by the score maker

So, the reputation score file should contain:

In the above table, I am proposing to use cumulative distribution P(X<x) as the display score, so that the meaning of the score is clear for anybody. If the score is 95.5, the subject is among the top 5% of most trusted in that criteria.

Also, public key of the subject being rated is included as par OpenID TX proposal.

Using this, parties who are trying to talk to the subject can be sure that the party really is the party that has been rated by the above rating agency.

This data can be serialized in XML format, or JSON, or tag=value format etc.

OK. This is another input to forthcoming ORMS TC at OASIS Open.

Well, I am not talking about