What is Toluu?
Toluu is a free service for sharing the feeds you read and discovering new ones.		 Get Invite

Identity 2.0

The next generation of Identity


Canada vs US: Identity and VotingOctober 10

Like many other Canadians, I have been entertained by the reality television series: Election 2008. The issue of identity and ability to vote came to mind as it is a widely held belief that this is the basis of Freedom and Democracy. Advance voter registration is required in all states except Connecticut, Idaho, Maine, Minnesota, Montana, New Hampshire, Wisconsin and Wyoming. North Dakota does not even have advanced voter registration.

In Canada, everyone can register at the polls. Voter registration is a convenience so that you can vote faster. Very Canadian, but it does not stop there. You don’t even need identification in Canada! Yep, you can choose Option 3 where you "Swear an oath and be vouched for by an elector who is on the list of electors in the same polling division and who has an acceptable piece or pieces of identification (e.g. a neighbour, your roommate)." Welcome to Canada!

Facebook Connect updateJuly 31

I have heard a number of great things about Dave Morin at Facebook and have been wanting to chat with him about his views on identity for a while, and yesterday I had the opportunity to sit down with him and Josh Elman. For those that don’t know Dave, he is one of the driving forces behind the Facebook platform and Facebook Connect.

While there is an opportunity for Facebook to be an successful identity silo through Facebook Connect (see my previous post), Dave and Josh are interested in helping Identity 2.0 become a reality. They expressed sincere interest in seeing how OpenID can fit into Facebook Connect. This is a great opportunity for the OpenID community to come together to work with an organization committed to open platforms (see their support of the Open Web Foundation) and that has demonstrated leadership in solving internet identity problems.

Passport vs OpenID vs Facebook ConnectJuly 24

My post yesterday on Facebook Connect raised a few eyebrows. I had a few discussions with people and a comparison of consumer identity solutions past and present may provide some context. (I have excluded InfoCards as I see them as a strong, enterprise grade solution that is currently too heavy for general consumer use.)

Passport

Microsoft rolled out Passport in 1999. There was much concern that Microsoft would control an essential component of the Internet, and many other industry players rallied around Project Liberty (an apt name) to provide an alternative. Passport was rejected by the broader Internet community, and while Liberty mobilized an industry, the Liberty solutions were also rejected by the Internet community. Why was Passport rejected? If you have seen any of my earlier talks, you have seen a list of points:

  • Cost: Quoted price was $10,000 per site. Out of range for small sites.
  • Installation: Proprietary code supplied by Microsoft. Big sites using open source were not all that keen to put some proprietary code into a critical part of their infrastructure. Unix code was problematic to install and get running.
  • Functionality: SSO, minimal profile at times.
  • Centralization: although Microsoft announced in 2001 that enterprises could
Facebook Connect - fatal blow for OpenID?July 23

At F8 today, Facebook rolled out their Facebook Connect platform. With a small amount of code, other sites can integrate the Facebook identity system into their site. The keynote reminded me of early days of Microsoft as they rallied developers to build on their platform by explaining how the platform can help them and being inclusive. They even seemed humble as they talked about what they have done wrong in the past and then reaching out to developers asking for their feedback. They even have a fund and a competition for best applications.

Facebook Connect is a powerful identity system. Using Facebook Connect, a site gets access to the user’s profile data and the users friends. For sites such as Digg and Movable Type that want to make users accountable for their activity, there is an implicit reputation of the user based on the depth of the profile. It is much more difficult for a spammer to build a Facebook identity to spam these participatory sites. Facebook is all about real identity rather then a fake persona. Facebook even has rich privacy controls so that users feel in control of who sees what.

The promise of OpenID was to make login simple and move profile data. A number of us have been looking at using OpenID to make an accountable web. Given the momentum and immediate value of a Facebook identity system and the lack of

Big Boys and OpenIDMarch 24

TechCrunch wrote an article asking if the Big Boys were exploiting OpenID. The crux of the argument was that they are providing OpenIDs, but are not accepting them. In other words, they are an OpenID Provider, but not a Relying Party.  John McCrea echos what Michael said, and Jason Kolb and David Recordon also wrote posts — and I agree that it is great that the Big Boys have joined in — but I think it is unfair of Michael and John to expect them to be Relying Parties.

Googles Blogger does take OpenIDs for comments, which as I have stated in the past, is a good use of OpendID. But OpenID still has a ways to go before you can trust it for secure sign on. I would not want to use it for accessing my Yahoo or gmail accounts.

Having said that, there are two things to hold the Big Boys feet to the fire:

  1. Support Attribute Exchange: Single sign on is nice, but browsers will remember your password for you. (Sxipper does it really well of course!) Filling in forms and keeping your information up to date on servers would be really useful. This goes against the gr