Perhaps we shouldn’t be surprised that methods of identifying ourselves on the internet are proving quite controversial. After all, the UK’s National ID Card scheme is having a far from easy ride into reality, with, quite correctly, many questions being asked about security and privacy. So, when systems are proposed which would allow internet users to have just a single identity which they could use when signing in to all their web sites, we should expect a similar level of scrutiny.
Richard’s earlier blog entry (Shibboleth in 60 Seconds, 25/01/2008) outlined one such single sign-on system, which Futurate are implementing in an application for the Joint Information Systems Committee. In JISC’s case, the single sign-on is currently envisaged for use on web sites and web-enabled applications within the organisation and its affiliates, but in theory the technology could provide internet users with their single identity on the web.
The heavyweight contender in single sign-on is OpenID, with technology leaders such as Microsoft, Google and Yahoo lending their support to the OpenID Foundation. Unlike Shibboleth, with OpenID a user can create their own identity independently of the organisations which will ultimately want to verify that identity.
It’s important to note that your OpenID only replaces a username and password; no trust has been established with the sites where you use it to sign-on. So you will probably still have to go through a registration process in order to access the facilities provided by a site. However, organisations could choose to operate OpenID for single sign-on to their own applications – much as JISC have opted to do with Shibboleth, which holds personal (rather than internet persona) details of users and can also hold the permissions they have been granted on the organisation’s applications.
The advantage of OpenID is that it is open source and relatively easy to set up, whereas integration of Shibboleth can be quite complex – there is that trust relationship to protect after all. The idea of using OpenID as a web wide personal identifier also has its detractors. There are arguments that the less tech-savvy users would be vulnerable to phishing attacks, and just because a user has a verified OpenID doesn’t mean they pose no threat – you don’t actually know who they are!
With the momentum gathered behind OpenID, it seems inevitable that it will enjoy a high take-up (there are already around 160 million ids, and over 10k sites supporting OpenID sign-on) and it’s possible that in the future we may need to have an OpenID to access certain facilities – in the same way you currently need a Google Mail account to use Google Analytics. It’s easy to see the advantages of only having to remember one username and password, but then you only have to loose the one identity (or have it stolen) to be completely exposed.
The debate about OpenID, and indeed the single sign-on concept itself, will most likely run for a few years yet. Personally, after spending a few hours reading just a small selection of the articles and blogs on the subject, I find myself curiously comfortable with my numerous internet identities and persona – maybe it’s a control thing.
skip to main |
skip to sidebar
This is the collective blog of Futurate. It's where we post our current thoughts about technology, design, eLearning, usability and accessibility.
Subscribe to our blog, and recieve a notification when we add a new article.
Blog Archive
-
▼
2008
(27)
-
►
January
(10)
- yousendit.com - send large files by email
- Shibboleth in 60 Seconds
- Is poor usability Google's achilles heal?
- MS Office Compatibility Pack
- Whitepaper Available - How to Stay Focused on Your...
- New Whitepaper Available - Web accessibility for w...
- Museums and eCommerce
- Asus Eee PC - One Laptop Per Man, Woman and Child?...
- More on MOSS 2007 Accessibility
- Sharepoint 2007: Accessibility
-
►
January
(10)
0 comments:
Post a Comment