Feb 252008

When I investigated OpenID for the first time, I thought it was a good idea, but not sufficient to solve the problem of online identity management from the standpoint of a single person with identities at many, many web sites.

But what if we narrowed the scope? Instead of asking whether OpenID could be an identity solution for all sites, maybe it could do the job for some segment of web sites. For example, could OpenID be a solution for social identity management? I don’t know about you, but I’m part of four social networks (Friendster, MySpace, LinkedIn, and Facebook), though am active on only two (LinkedIn and Facebook). Certainly there are more social networks out there, and certainly there are many people who are an active part of all of them. I’m sure those people would love it if maintaining their profiles was as simple as making a single update.

Of course this raises another issue: privacy. Some people maintain a professional profile in some networks, and a more social profile on others. To have one social identity would mean that users would need the ability to manage access control of profile information as well as application information. This could definitely be handled technically, but by whom? This is probably going to be the topic of another post.

  3 Responses to “Social ID?”

  1. There exists XEP-0154 User-Profile (to be updated soon) which allows to share profiles thanks to the PubSub access model.

    Inspired by the the South African XMPP Federation OpenID Server, I wrote a case scenario of user-profile export to an OpenID/XMPP server. And this could be combined with OpenID Attribute Exchange then.

    Going further, any webservice supporting XMPP could import user-profiles directly.

    An OpenID/JabberID convergence, with an OpenID-to-JabberID delegation mechanism, would be very nice, though.

  2. Ok — here are a couple random comments…

    1) (Based on the incredibly small amount i know about Open ID) it’s not a
    new idea… the concept of “single sign-on” has existed since the birth of
    the internet – (but you knew that already — let us not forget MS Passport
    and the tragic, rediculous, irritating failure that was.) This bandwagon
    kicks up every few years – ends up too hard for people to deal with because of standards and proprietary issues – and then retreats again back into the murky land of excellent ideas that may never come to fruition. (Even I helped to write a business plan that was aiming for this same target 8-9 years ago.)

    The problem with single sign-on – or single source account management – is
    just that… it’s a singular place to go. It’s essentially a single point of
    failure. Something goes wrong (either user failure or some enterprising
    hacker) and everything goes to hell. So far there’s been no single
    destination, company, or entity that people have trusted to be the
    gatekeeper to their total data store. Not saying that there couldn’t be
    (google seems to have been gaining in trust over the past couple years), but
    it’s a big barrier to entry for people. Very few people like having all
    their eggs in one basket.

    2) Your last point about the social networking perspective is an intriguing
    one – and the specific observation about maintaining different types of
    profiles on different portals is absolutely true. My LinkedIn profile looks
    way different than my facebook profile – and for good reason.

    It seems to me that ultimately you’ll want some level of “profile” management. You’ll want some way to manage a single pile of stuff about yourself then dole that information out to appropriate destinations. As you said — where do you go for that? who maintains that? Obviously this is where Ringside could come
    in to play… However, what in this model is any different than what I do today? I
    have a pile of info about myself (that presumably i keep on my local
    machine) and i choose what bits i want to share and where i want to put
    them. Seems to me that implementing profile management is a no brainer – but
    how do you get people to want to use it? On the surface there’s not a whole
    lot of value add — and in fact there only seems to be added risk? (again
    single point of failure, privacy and trust issues, etc. etc. etc.)

 Leave a Reply



You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>