OpenID the Nascar Problem Revisited

Issue/Topic: OpenID the Nascar Problem Revisited (4G)

Convener: Mark Cross

Session: 4G

Conference: IIW-Europe October 11, London Complete Notes Page

Notes-taker(s): MarcCross

Tags for the session - technology discussed/ideas considered:

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

Background

The Nascar problem narrates the bewildering login user interface that has proliferated since the adopted of OpenID by the founding US corporations of the North American centric OpenID foundation.

I wrongly attributed the OpenID Foundation mission statement present at the last IIW, but this one was infact present by Kaliya Hamlin:

“OpenID Foundation: To foster and promote the development of, public access to, and adoption of OpenID as a framework for user-centric identity on the Internet; and To acquire, create, hold and manage intellectual property related to OpenID and provide equal access to such intellectual property to the OpenID community and public at no charge.” http://tinyurl.com/2ee2tgs

Now as I stated at the session, the first bit just doesn't seem to happening, none of the OpenID Foundation members actually mention that their login is an OpenID to their user base, therefore they are neither fostering nor promoting the adoption of OpenID.

I drew the audiences attention to the parallel of the credit card and OpenID, the credit card was devised many decades before it eventually took off, but then did. OpenID more poignantly is being sidelined in favour of brand values. When you walk into a shop to purchase something, you merely ask whether they accept credit cards or cash only. You don't say, “Does your shop accept my Cat's Charity Affinity Card?”

This observation didn't make any great stirring with the audience, as the technology of OpenID was merely perceived to be single sign-on, or at least from the audiences (customer) end-user perspective. It seems to me that OpenID's early loss was not promoting both delegation and personal data storage.

Here is the post-session illustration I should have had to hand, but provides the sentiment I was trying to emote. “You can sign in with any of the following OpenID providers…”



Personal data storage was not perceived as a major potential of OpenID. OpenID's Attribute Exchange specification is perfect for the personal data store when combined with Oauth v2 / DNSSEC! It was discussed in a minor way between myself and a domain registrar at the table, who saw the personal data storage as something that perhaps could be handled by a not for profit, with the knowledge of maintaining high SLA resilient systems. Whilst registries don't want to assert claims, they are already starting to handling important business critical data beyond DNS, such as ENUM. They are mitigating against the risks of offering such services by employing third party independent validation agents.

Audience feedback from the session 79% of Lady Ga Ga site log in via FB/Twitter/Google, few create site account Logos have trust and brand values Do we need not for profit OpenID data stores? Best point to gather information, is at the point of usage. Task flow – don't disrupt it.

Idea

IDP      STORE      Form requesting new fields of data <--- With regards to the Nascar branding problem, I neglected during the session time to point out that both Orange in France and NTT docomo seem to be quite happy to promote the OpenID brand in a none partisan way.

Another post session issue I would like to explore in the future is finding ways of promoting OpenID Identity Providers to become Personal Data Stores. Then the perceived value from an end-user's point of view of having an OpenID would be much greater.