OpenID Tiered Providers

Issue/Topic: OpenID Tiered Providers

Convener: Mark Cross

Session: 1E

Conference: IIW-Europe October 11, London Complete Notes Page

Notes-taker(s): Mark Cross

Tags for the session - technology discussed/ideas considered:

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

Background

I was interested to know other people's thoughts on the requirement for a private middle tier OpenID provider (Tier two), although there others, as I have fully narrated my thoughts below. On the session day I wrote them up on the board the wrong way around and only listed three, but they should have perhaps been structured thus:

Tier One

Government, Banks & Telcos

Good SLAs, trust relationship with customers for some tasks and high bar set against fraud.

Suitable for digital signatures in the future, as certification will be affordable for these institutions.

Tier Two

Private institutions

Good SLAs, trust relationship with customers for some tasks – which may require anonymity and also have a high bar set against fraud.

Suitable for digital signatures in the future, if the Identity Provider can obtain certification.

Could be used for signing content and embedding your OpenID URI into your published papers, this then allows people in the future to trace your current working location etc. Only a government issued OpenID could remain fixed, and relatively easily allow for someone to change their persona identity. IE Change their name.

Tier Three

Private individuals

SLA is as good as their setup, trust is not an issue

They will have a particular marketplace in relation to Darknets and future private digital money. For example, the Tonido platform running the Ripple Money Protocol over a Darknet would be particular interesting...

Tier Four

The traditional .com publishers, AOL, Google, Yahoo! Etc

Good SLAs, zero trust from customers regarding trading profile information to advertisers etc. Identity maybe anonymous to the institutions that could choose to accept them.

Audience feedback from the session

Denmark have nemID backed by their government and banks. See this person basic appraisal for more information http://tinyurl.com/2ctz9md

“Spain have an id card, but not an on-line one, and the Spanish pubic don't see why they should use it.” was stated by a person at the session.

When I raised the topic of demand for a tier two provider, because of usefulness of digital signing for activities like property conveyancing, car ownership transfers etc, a member of the panel directly involved in the commercial identity sector pointed out the issues brought about by low frequency of usage. Although he could foresee a reason of Tier two OpenID providers for certain closed communities. Frequency of usage also came up again in my second session gathering feelings on how OpenID could be marketed better to the general Internet public.

No mention of private user data (personal data stores) was raised or discussed.