Emerging Technologies

RE: Open standards for online identity?

donc — Wed, 04 Oct 2006 20:48:00 GMT

Hi Kaliya,

Thanks for the feedback, and yes, it may be this concept works for some people. What you omit in suggesting that "YOU must choose who you trust to manage your identity authentication. It could be compumentor"... is that many people join forums and resources like Compumentor anonymously and have every right to do so (by the way I not one of these people prefering to use a real name on forums like this!) - Using a concept like OpenID to log on to CompuMentor could potentially violate anonymity in a situation where OpenID made personal information available elsewhere, or experienced illegal accesses (a hack of confidential data like the recent hack on SecondLife). In the real world these things happen.

The OPenID concept would appear to be based on the premis of a clear and traceable path from a logon anyware to an actual living and breathing individual. True, the data that makes this path is kept by a third-party, but there is still a path; still a potential for exploitation. Internet anonymity requires there be no such path - There is no link to an individual for many of the people who logon to Compumentor... just look at the usernames on this forum for confirmation of this!

Cheers, Don

RE: Open standards for online identity?

davidafuller — Wed, 04 Oct 2006 02:06:00 GMT

PR-driven and useless.

Tosses around nonsense terms like "Web 2.0" (could someone demonstrate Web 2.0 for me in terms I can understand?")

I would hope that this organization would be better than this, but I guess not.

RE: Open standards for online identity?

Kaliya — Tue, 03 Oct 2006 22:50:00 GMT

I'm not sure how "OpenID Standards" equates to "Open Standards" but it's a good play on words!

Cause it is being developed in an open community..if you want to you can join the mailing list. Further more it is architeched so that any one with a URL can set up an identity broker and authenticate against it...that is you with your basement server or someone like verisign that you might get to host your identity server for you.

My first thoughts mirror those of caribou - Giving all our usernames, passwords and profile information to a single commercial entity reeks of heightened risk, exposure and potential improprieties (information being sold or ‘accidentally obtained’ by marketing firms).

YOU must choose who you trust to manage your identity authentication. It could be compumentor. That is the beauty of the decentralized nature of the open standard. There are groups working at Identity Commons like the Identity Rights Working group to addresss the norms and legal agreements that information is shared.

I think most techies (along with most financial consultants, bankers, and others involved in helping people maintain informational security), would recommend against having a single central repository for all individual authentications; that people maintain individual usernames and passwords for the resources they wish to access.

I think they would also agree that having 50 and ever increasing to the many hundreds is also very insecure. too.. Because you end up doing what I and others do..Just have one login and password you use everywhere.. Third party authentication is a great way to provide more security. It is not about having "one" identity but a managable number of personas.

RE: Open standards for online identity?

Kaliya — Tue, 03 Oct 2006 22:41:00 GMT

So, The point is that you have control of who you share your information to. It also helps get away from being forced to use your e-mail to login to sites...that gives them a way to e-mail you. With OpenID you use a URL or an i-name and so it gives you more control.

RE: Open standards for online identity?

Kaliya — Tue, 03 Oct 2006 22:38:00 GMT

I am one of the leaders of the Identity Gang. Yahoo, and Google are very much a part of the dialogues going on in the community on list, in the blogosphere and face to face at the Internet Identity Workshops. I am not sure that wiki list of everyone is totally up to date.

RE: Open standards for online identity?

donc — Thu, 28 Sep 2006 20:38:00 GMT

I'm not sure how "OpenID Standards" equates to "Open Standards" but it's a good play on words!

My first thoughts mirror those of caribou - Giving all our usernames, passwords and profile information to a single commercial entity reeks of heightened risk, exposure and potential improprieties (information being sold or ‘accidentally obtained’ by marketing firms).

I think most techies (along with most financial consultants, bankers, and others involved in helping people maintain informational security), would recommend against having a single central repository for all individual authentications; that people maintain individual usernames and passwords for the resources they wish to access.

Cheers, Don

RE: Open standards for online identity?

caribou — Thu, 28 Sep 2006 15:18:00 GMT

" What about privacy? For example, how do proponents of any "user-centric" approach plan to make sure this doesn't turn into a better tool for people who want to sell us stuff?"

That was my first thought. Who has access to this information? Why would we want a corporation to know exactly what sites we're involved in? Selling that info to marketers is a pretty obvious goal here. No one is trying to make remembering passwords easier out of the goodness of their charitable hearts.

RE: Open standards for online identity?

schneida — Thu, 28 Sep 2006 12:09:00 GMT

Thanks for the article! Two questions:

The list of Organizations involved in the Identity Gang doesn't include Google or Yahoo. Any idea why they aren't involved?

What about privacy? For example, how do proponents of any "user-centric" approach plan to make sure this doesn't turn into a better tool for people who want to sell us stuff?

Open standards for online identity?

wcook — Wed, 27 Sep 2006 19:54:00 GMT

What if there were a way to create one account and use it across all of the Web sites you visit? That's the idea behind OpenID, an identification system in which a user's online identity can be verified by any server running the OpenID protocol.

With everyone from large technology firms to retailers joining the OpenID movement, what would open standards mean for nonprofits? What would be the benefits -- or the drawbacks?

To learn more about this issue, check out the article Why OpenID Standards Will Make Your Life Easier. Share your thoughts and questions here.