Difference between revisions of "DevSummit07:Open Standards Deep Dive: Single Sign On / Identity"

Facilitated by Mickey Panayiotakis, grassroots.org, and Kaliya Hamlin, Identity Woman

How many usernames do we all have? How can one nonprofit software provider avoid supporting multiple sign-in credentials on their site? How can a software provider support SSO.

The landscape to solve this problem has been evolving and coalescing. Micrisoft CardSpace, OpenID, Higgins are all tools available. This session will revolve around discussion of what they are, how does one implement them and the challegnes.

OpenID2.0 is the emerging standards for simple distributed web based identifiers and SSO. It is the work of over a year of standards convergence and incorporates (LightWeightIdentity, SXIP, XRI/I-names and OpenIDurls). Microsoft recently agreed to collaborate with integrating it into their Web sign on tool Cardspace. Higgins is a framework that developers can use to interact with many different identity systemes including OpenID, Cardspace and LDAP installations.

If time permits we will look forward how can SSO be a vehicle for datasharing.

Session Notes

We first discussed what OpenID is. For more information, click here: http://en.wikipedia.org/wiki/OpenID

The whole purpose of OpenID is that you don't need to send your email address all over the place. Non and for-profits don't like this because the email addresses are used for marketing purposes. OpenID is predicated on the concept that users don't want to give away their email address. Is the good-will from using OpenID worth the problems of not increasing your list size?

Kaliya: "OpenID exists to empower people and organizations to work better together across contexts. Two groups will be able to determine what users they have in common."

Kaliya is arguing that OpenID is valuable so that organizations can collaborate better. Chris is arguing that it makes it harder for organizations to raise money.

There is some benefit to including the OpenID plugin to Wordpress to collaborate with other. There is a lower barrier to entry for users. OpenID can make it easier for users to sign-in and get information.

OpenID is one way to authenticate potential volunteers. Through communication with other organizations, you can verify that the person using the OpenID is a real person.

Another benefit - letters to Congress. If it's email, congress thinks they are fake. There is a hope that OpenID a mechanism to convince members of Congress that every letter is genuine. However, this is incumbent on the organization to authenticate that each OpenID is unique.

The users can go to a service that will verify that they are something that they claim they are (single, have a degree, lives in a certain state, etc.). This can also be used to verify that only certain kinds of people ("real" members, say Greenpeace wants to allow members of another specific organization) to be able to comment and participate in their site. It's a method of partnering with other organizations.