I got a note from this guy like a month ago..saying help! I am about to do a Joomla! (the a fork of to Mambo an open source CMS ) install and we are looking at Identity what do we do? I pointed him towards OpenID and he wrote this back after a few weeks…I think it speaks to the major market communication issues we face.
Dear Ms Hamlin,
The difficult questions always remains how you will cover the ground technically and how it will be socially translated. In the Digital Identity field, it’s just hard to pick an option. There are so many but which one will be or evolve itself in the “swiss-knife” of digital identity. You mention OpenID is gathering steam and seems destined to a promising run.
What I’m still unclear of is:
**How the heavyweights (IBM, Microsoft, Sun, Yahoo, Google & al.) will play along with digital identity and its standardization?
I think you need to differentiate the type of heavyweights there are primarily consumer facing ones – Microsoft, Yahoo, Google, AOL, Amazon, eBay/PayPal/Skype, FoxInteractive (mySpace). Then there are enterprise tool providers – IBM, Sun, Oracle, CA, etc. who are building out primarily for the enterprise.
For the consumer facing companies will they play along? Will they they allow users to sign in using OpenID’s that originate from places other then themselves. Kim has already stated emphatically that Microsoft Spaces Live will allow more then just Windows Live IDs. Will others? I know that many of them have individuals participating on the public mailing list and showing up at conferences. Will choose to adopt supporting users doing SSO beyond there silos – that is a question only they can answer. I think it is worth asking them.
The Enterprise world is a bit different. They have some ‘answers’ to SSO with things like LDAP. There are well accepted standards for authentication like SAML2. Some of them are also very interested in XRI for what it can help with for managing identity in the enterprise and beyond. They don’t need web wide distributed identity as much. I think part of what CardSpace is about is supporting better enterprise implementations of managed cards to support sign-on across systems.
**How all the proposed projects & solutions (OpenID, i-Names, LID, Higgins, Shibboleth, Liberty Alliance + others) will and plan to interoperate? Can it be considered an issue?
So for starters OpenID2 already does OpenID url and i-names ‘interoperability’ in the sense you can use them both in an OpenID2 login box. LID was woven in with this version of the spec too.
At the Identity Open Space that happened immediately following the Liberty Alliance meetings in Vancouver in July one of the main outcomes was an agreement by the OpenID guys to have a dialogue in earnest with the SAML2 guys about how the next version of the spec moved towards convergence between the two. Just so you can orient so this makes sense the SAML2 spec arose because the SAML1 spec didn’t meet all the needs of the enterprise sector so Liberty built on top of that spec and then they incorporated those changes and made SAML2. Shibboleth particular implementation of SAML2 that has been widely adopted in higher education and has some capacity to support authenticated anonymity. (one institution knows that this person ‘is’ from a partner institution but does not know exactly who the person is).
Higgins is a ‘framework’ for developing profile management at this point I think within an enterprise context. It is farther out in its development cycle. and has an aspect that is a card selector simliar to the Microsoft CardSpace that will be coming out with Vista. They are working in a community with IBM and Novell and some others to build an Open Source Identity Selector.
This is where there is a distinction between address based and card based identity. The two are complementary. Drummond has a good post about them.
**In conclusion, I’m curious to know your opinion on the viability of commercial venture in the digital identity such as i-Names when “similar” offering are given for free with OpenID and LID? I might be misinterpreting some concepts here.
All entities offering digital identities right now are doing so for free. You can get a free OpenID or a free i-name. Both are ‘2nd tier’
I can go to Verisign’s pip and get http://eddie.verisignlabs.com and authenticate against that – the thing is that verisign owns the .verisignlabs.com bit and is giving you a space under that. Or you could have a Blog hosted some where like livejournal that you just use the URL from that. (AOL just said it was letting people register domains for free though).
You can get a free i-name doing a similar thing FreeID is offering @freeid*eddie as an option.
In both cases you can go and buy a global level domain or i-name and pay for that. With a URL you have to pay for the domain name but also know enough to get the URL set up to do OpenID authentication.
With the i-names they are designed from the beginning to let you authenticate against them and do other things that people might like to do on the web. So you can get =eddie and also use it to point persistently at your blog or your resume..and even if those resources move around the web..the link via your i-name can stay persistent. You can do this with a URL too…but so far none of the UI’s I have ever used for managing my Domain names are really user friendly or designed to support normal people creating links to persistent resources.
As non programmer-coder, gaining a deep understanding of the digital identity field can be daunting. I deeply appreciate the time you devoted me!
I would like to start a ‘user group’ as part of the identity dialogue of interested non programmers – non-identity geeks like yourself to be a forum to voice your thoughts and opinions and help us get clear about what we are doing. Would you be the first member of such a group? Do others think this is a good idea or want to join?
Leave a Reply