Navigating User Centric ID Systems


If you've been following along, you'll remember that I set up a OpenID enabled MediaWiki for the Internet Identity Workshop. Yesterday, Johannes Ernst told me that you can use MyLID to sign in as well. Cool.

This works because MyLID not only understands LID, but OpenID as well. I've been wondering how to make the wiki accessible to LID, OpenID, i-names, InfoCard and others, but may have had it backwards. Because MyLID (the identity provider) is multiprotocol, the IIW wiki (the relying party) doesn't have to be. That is, if MyLID, MyOpenID, 2idi (an i-name broker), and other identity providers spoke not only the Yadis protocols, but also understood SXIP, InfoCard, and what have you, I'd be set. As a relying party, I can pick my protocol and expect your identity provider to understand.

I asked Johannes in an email if this is how he thought it ought to work. He thinks it's still such a new concept that not many people have given it much thought. I don't have many conclusions myself, but I've got a few random thoughts:

  • There will be hundreds of identity providers and I'll have accounts at dozens of them. Still, I don't want to pick which identity provider I choose to use for a particular task according to what protocol they speak (that should be below the radar) but rather according to other "business" criteria. I may choose to use my Amazon account sometimes and my BYU account other times.
  • As a relying party, I don't want to have to worry about which scheme to use. In fact, I care more about what conclusions I can draw from the authentication protocol used and the data it provides than I care about the specific protocol. OpenID is great for wikis and blog comments, but maybe not for logging into my online backing.
  • The distinction between what the user cares about and what the relying party cares about is what Phil Becker was talking about in the piece he did on Higgins. InfoCard is all about the user's view whereas Higgins is all about the developer. Very different audiences.
  • Relying parties will want to support multiple authentication schemes and need software and systems to do it.
  • Identity providers will compete to support as many as possible in order to be as "full service" as possible.

I'd love to see some discussion around these issues at IIW.