Consumer-facing web applications are beginning to rely on third-party identity providers (IdPs) for user identification, authentication, and attributes delivered at runtime. This reduces costs and improves the customer experience, but security and risk professionals must judge whether the data from these sources is reliable. The US federal government has dropped into the mix a commitment to promote the National Strategy for Trusted Identities in Cyberspace (NSTIC); a challenging set of its own government-to-citizen use cases; and a nascent set of standards and solutions for preserving "identity assurance" in a federated interaction. You can leverage these Web 2.0 and Government 2.0 identity innovations now, and within three years, you can take advantage of new solutions that blend the two approaches.