« Using Audio Clips | Main | Redirecting a Blog Domain »
Navigating User Centric ID Systems
If you’ve been following along, you’ll remember that I set up a OpenID enabled MediaWiki for the Internet Identity Workshop. Yesterday, Johannes Ernst told me that you can use MyLID to sign in as well. Cool.
This works because MyLID not only understands LID, but OpenID as well. I’ve been wondering how to make the wiki accessible to LID, OpenID, i-names, InfoCard and others, but may have had it backwards. Because MyLID (the identity provider) is multiprotocol, the IIW wiki (the relying party) doesn’t have to be. That is, if MyLID, MyOpenID, 2idi (an i-name broker), and other identity providers spoke not only the Yadis protocols, but also understood SXIP, InfoCard, and what have you, I’d be set. As a relying party, I can pick my protocol and expect your identity provider to understand.
I asked Johannes in an email if this is how he thought it ought to work. He thinks it’s still such a new concept that not many people have given it much thought. I don’t have many conclusions myself, but I’ve got a few random thoughts:
- There will be hundreds of identity providers and I’ll have accounts at dozens of them. Still, I don’t want to pick which identity provider I choose to use for a particular task according to what protocol they speak (that should be below the radar) but rather according to other “business” criteria. I may choose to use my Amazon account sometimes and my BYU account other times.
- As a relying party, I don’t want to have to worry about which scheme to use. In fact, I care more about what conclusions I can draw from the authentication protocol used and the data it provides than I care about the specific protocol. OpenID is great for wikis and blog comments, but maybe not for logging into my online backing.
- The distinction between what the user cares about and what the relying party cares about is what Phil Becker was talking about in the piece he did on Higgins. InfoCard is all about the user’s view whereas Higgins is all about the developer. Very different audiences.
- Relying parties will want to support multiple authentication schemes and need software and systems to do it.
- Identity providers will compete to support as many as possible in order to be as “full service” as possible.
I’d love to see some discussion around these issues at IIW.
Posted by windley on April 14, 2006 4:43 PM
Comment from Pat Patterson at April 18, 2006 4:56 PM
Hi Phil, I won't be at IIW to discuss this, but I've just written a little bit on the topic here: http://blogs.sun.com/roller/page/superpat?entry=multi_protocol_identity_implementations
Comment from tom gordon at April 25, 2006 9:07 AM
I wish you were holding IIW in Europe somewhere, then I could come along too...
I've not managed to get stuck deeply into User-Centric identity yet (no time - I'm neck deep in the last 2 weeks of documenting the outline/high/low level designs for the Identity Management project I've been working on for the past 18 months), but the description above matches my own thoughts on transient identity systems quite nicely, where the concept is that you choose which identity to present to a service based on your choice of identity provider. It's then that identity provider that asserts who you are, not only to the service you are accessing, but to any associated services.
I've got this tagged for followup, along with Pat's post(s), and a few others as well. Roll on May when I have some time off!
PS - any chance of allowing virtual attendees? For example, via webcam or the IRC backchannel?