Today IBM and Second Life creator Linden Labs announced a joint project that will develop avatars that can travel between various virtual worlds. This is just one more step toward a unified online identity. This has been a hot topic among geeks for some time now and is just starting to creep into the mainstream web. Bu it's a topic that needs to be addressed -- I mean, if we really are building a user-centric web, what are we doing fooling around with different logins and passwords on every site we visit?
Here are a few other examples of what's out there in the digital identity realm.
Open ID has been gaining traction recently. OpenID is an open-source application that provides users with a “URI” in the same way that web sites have a URL. It allows for ‘authentification’ so that it is secure, and it also allows users to choose which elements of their identity to share. It is used by a number of sites, including Facebook, Digg, Wikipedia, Yahoo, and AOL. Reebok also implemented Open ID in its GoRunEasy.com community site.
Claim ID is a sister to Open ID. It allows user to create a profile with all of the sites they have identities on. It also allows them to claim those pages as their own.
iNames are similar to OpenID’s URI. iNames may be a better choice for regular, less technical people according to Hamlin. To date, more than 10,000 people use iNames. The system works by providing users with a number that is unique and persistent to that user. iNames and OpenIDs work together so you can type tour iName into an OpenID log-in.
Windows CardSpace allows users to securely provide a digital identity to a site via a piece of client software that uses a set of “cards,” with identity data for the user to choose from.
Amazon’s Real Name Attribution allows users to claim their real name using a credit card in the spirit of credibility and reputation building.
"if we really are building a user-centric web, what are we doing fooling around with different logins and passwords on every site we visit"
ReplyDeleteLaura, I think your question here implies that user-centricity and single sign-on are pretty much equivalent... but in my view, they are not.
Yes, single sign-on has a high 'convenience factor', but only in specific circumstances: for instance, it requires that the services you're accessing need equivalent levels of authenticaiton security. You wouldn't necessarily want SSO between, say, a blog comment authentication and an authorisation for a banking transaction...
Then there's the point that. particularly in virtual realities, users often want to maintain some degree of separation, either between their 'real' personal data and their avatar, or between different avatars in different contexts. My avatar in SL is not the same as my avatars in Runescape or Kingdom of Loathing, and it suits me very well to be able to represent myself differently depending on the context.
To me, user-centricity is much more about that; what degree of consent, control and awareness do I have concerning the persona which I am exposing in a given context? And do the persona and the associated security mechanisms reflect the level of protection I expect for that context?
You're welcome to email me on robin dot wilton at sun dot com, and I'll send you a copy of my presentation "Are we surfing naked on the information wave?", which looks as some of these issues.
Hope this is of interest...
Apologies for the typos in the previous comment!
ReplyDelete