How many times per day does this stand between you and your data?
If words like ‘email’, ‘blog’, ‘social network’ or ‘messaging’ are familiar to you, then you are probably the owner of one or more internet based accounts, all of which demand your credentials on a daily basis.
Even though It has become a common practice to use email addresses as personal identifiers and user names, it is highly probable that these credentials, while they all identify you as an individual, are totally different:
Any online or offline password manager can help solve annoying usability issues, such as having to type in and remember all your users and passwords, but the real issue remains: the lack of a unique digital identity.
Where is the strong authenticated system, which can provide a unique digital identity, in a transparent and global manner, across and throughout any I.T. system?
The short answer is…it doesn’t exist.
From a technological point of view, there are various authentication protocols and systems that can do the job, but none of them have managed to convince both users and service providers, and have not managed to reach standard stardom.
However, during the past weeks, there has been a growing buzz on digital identity, and more and more internet based services are offering federated login (the fancy word for ‘you don’t own an account here? No problem, go ahead, login, use an account you already have from some other website‘).
The basic idea is that, if you already own an internet based account, and you visit another internet site, you should be able to use your existing account to login.
FaceBook Connect, a proprietary solution, basically allows web applications to tell visiting FaceBook users that they can join their site with one click, through their FaceBook account, as seen here.
On the other hand, OpenID is an open framework, which also allows login and account opening to OpenID holders, as for example, here.
Both approaches have the potential of providing a global digital identity, at least to some point.
In theory, it would be enough to have a FaceBook account or an OpenID in order to join any internet based service.
In the case of FaceBook Connect, the website on which we wish to login (the relying party) relies on FaceBook to authenticate your FaceBook credentials (FaceBook acts as the Identity Provider).
If you already are a FaceBook user, you will be able to use your FaceBook account wherever you see the FaceBook Connect field, but, how do you become a OpenID user?
To become an owner of an OpenID, you will need to find an OpenID Identity Provider that will supply you one.
In this case, it will be the OpenID Identity Provider that will offer authentication services to the website we are visiting (the relying party).
From a privacy and “good” point of view, it seems clear that OpenID should be the way to go: it gives the possibility of owning one’s digital identity, while through FaceBook Connect, our digital identity, and everything that goes with it, will remain under a proprietary lock.
On the other hand, OpenID’s nature (there is no central certifying authority) means that an OpenID enabled website, has no way on verifying that a certain OpenID Identity Provider can be trusted or not.
This lack of a trust model is one of the reasons behind the relatively low availability regarding OpenID friendly internet services: LinkedIn, FaceBook, Google……none are currently ‘login-with-OpenID-enabled’.
(that means that if you already own an account on any of these sites, you already have an OpenID!)
It is still not clear what will happen in the near future, but the average user will most certainly be confused with OpenID and its jargon, and will definitely not take the hassle of self-owning their digital identity.
The average user will probably, perhaps without even realizing it, adopt FaceBook as their digital identity, through FaceBook Connect.
FaceBook has become a household name, while OpenID is still far away from widespread user acknowledgement.
Another possible scenario is that Identity Provider services will become standard functionality that a user will expect from an internet service: when you joint a certain site, you expect to be able to sign in on other sites with the account you just created.
But then we could end up having multiple Identity Providers, which probably seems ok for a website owner (the wider the audience, the better) but, regarding the user, this will mean having several digital identities (will we then need a digital identity manager, as well as a password manager??).
I don’t expect FaceBook Connect or OpenID to start replacing strong authorization, such as tokens, smart cards or signing sticks commonly used with eBanking sites and other sensitive sites (nor would I recommend it), but I do expect to see this type of federated login continue to appear on less sensitive sites.
These two approaches, together with other technologies regarding federated login, digital identity and single sign on, will certainly have an important role in the future, and even though a global digital identity still seems very far away, the upcoming months certainly look promising…
More info on OpenID, FaceBook Connect and Federated Login:
- Google OAuth & Federated Login Research
- Google OAuth & Federated Login Research (blog)
- OpenID Specifications
- FaceBook Connect
- Samb Ruby: OpenID for non-SuperUsers
- openIdeas: The JanRain Blog
No related posts.Tags: Authentication, Digital Identity, FaceBook Connect, Federated Login, OpenID, Single Sign On