Comments on: OpenID and name authority

By: Gudmundur Thorisson

Gudmundur Thorisson — Wed, 18 Mar 2009 13:56:43 +0000

..continued: Or group recently launched a website around the subject of online identity for researchers. You may be interested in some of the scenarios explored there:

http://www.gen2phen.org/researcher-identification/researcher-identification-primer/tying-it-all-together

By: Gudmundur Thorisson

Gudmundur Thorisson — Wed, 18 Mar 2009 13:55:53 +0000

Paul. Thanks for an insightful article. I am in fact citing your article in my own forum post here!:

http://www.gen2phen.org/researcher-identification/comment/14

I couldn’t agree with you more about the linking-up aspect of things, I am myself very optimistic of OpenID being the big enabler here.

You are right that a lot of the stuff we want to link up is indeed public. BUT, I think one of the commenters above is right in that there are a whole bunch of scenarios where one will want to link together public and private information, and this is exactly what the OpenID+OAuth combination brings to the table:

http://softwareas.com/oauth-openid-youre-barking-up-the-wrong-tree-if-you-think-theyre-the-same-thing

By: paul

paul — Thu, 12 Feb 2009 10:54:14 +0000

I think the Google Social Graph API is more concerned with making personal networks sharable – this sort of activity might be one extension of what I’m suggesting. I’m really making a much simpler, less ambitious point about simple, user-controlled identifiers.

By: Phil Wilson

Phil Wilson — Wed, 11 Feb 2009 21:43:30 +0000

Isn’t this, essentially, what the Google Social Graph API does?

By: » OLDaily por Stephen Downes, enero 22, 2009 TIC, E/A, PER…:

» OLDaily por Stephen Downes, enero 22, 2009 TIC, E/A, PER…: — Mon, 09 Feb 2009 20:45:28 +0000

[...] una, o más, personalidades públicas entonces no hay problemas de privacidad. Paul Walk, Weblog. [Liga] [etiquetas: Twitter, temas de privacidad, OpenID, DNI, cédula, Wikipedia, investigación, [...]

By: Nicole Harris

Nicole Harris — Thu, 22 Jan 2009 15:54:55 +0000

Hmm, is it a privacy issue? You could still make use of the Twitter Direct Message facility even if you were using your OpenID. I think it gets back to the age old problem of verification. How do I know which Paul Walk, or which Jack Dee you are? http://access.jiscinvolve.org/2009/01/08/whos-twittering/.

If I use my OpenID as a common identifier and wish it be associated with me as an author, how and where does a repository or a reader or a publisher gain verification that I am who I say I am, I am the author you think I am, and that author should be associated with that identifier.

I don’t actually think these problems are insurmountable, and can think of several ways that verification could happen from lightweight processes to more formal verification. What I struggle with is how to get this adopted both in the very conservative research publishing process and across the myriad of repository approaches that are being adopted.

I do think a user owned personal identifier is much better than other solutions such as a government or institutionally focused approach. I also think it is a good example of the importance of OpenID as an identifier, rather than getting bogged down in its applicability as an authentication device

By: paul

paul — Thu, 22 Jan 2009 15:17:28 +0000

Thanks Andy – and I understand your point about privacy.

Like you – I’ve established a string (’paulwalk’) as a common identifier in a large number of systems.

I’m going to be controversial here…. I chose my phrasing carefully. I think the best model for the future is the simplest – if it’s public, then it’s openly linkable, then it might as well be reliably identified. That is to say, ‘public’ means exactly that. Stuff you restrict or control access to isn’t public.

I appreciate that there are many shades of privacy – but ‘public’ isn’t a shade – it’s an absolute in my book. If we conflate ‘public’ with degrees of control of privacy in the same system then we end up with something like Facebook, where OpenID wouldn’t make much impact difference as none of the content is publicly accessible.

I don’t want to come across as some sort of crusading idealist, so I’ll mention that I appreciate systems which have levels of privacy. Twitter is a great example – I use the Twitter direct message facility from time to time – this is a private messaging service and I use it in a private way. The fact that it’s in the same system as the public Twitter service is a convenience but there isn’t much of a link between these uses in real terms, and OpenID would have little impact here. However, OpenID would be very relevant if directly associated with my public Twitter account.

So, I guess my position would be: if it’s public and on the web, then actively help to make it linkable, sit back and enjoy the ride. If you don’t want it to be public, then use a system with the appropriate controls. If you want to use OpenID in the private system, then we’re talking about convenience again – worthwhile but hardly world-changing!

Somebody disagree with me, please!

By: Andy Powell

Andy Powell — Thu, 22 Jan 2009 14:48:51 +0000

I can imagine people getting ready to play the ‘privacy’ card as I write this but I totally agree with where you are coming from. As I discussed in my case-study for our recent digital identity workshop, my digital identity is now largely defined by the string ‘andypowe11′ whereas (in an ideal world) it would be defined by the URL/OpenID http://andypowe11.net/.

In the interests of keeping privacy concerns to a minimum, I’d re-write the opening sentence of the final para as:

Imagine a Web where everything you did publicly was (optionally and under your control) linked by the very fact that you were represented by a URL…