Northern Voice: Get to know identity (because identity's getting to know you) | Social Signal

If you've ever wondered how that online store is going to use all the information you enter when you register (not to mention when you buy stuff)...

...or where you put your login information for that photo-sharing site...

...or why you have to re-enter all of your contact names and addresses every time you join a new social networking site...

...then you've run into the gnarled and opaque world of identity and privacy.

And with everyday users experiencing identity problems ranging from the annoying (having to keep track of multiple usernames and passwords) to the critical (fraud, phishing and identity theft), you aren't alone.

Speaking at Northern Voice 2007, Eve Maler set out the case for better identity management, and how approaches have evolved.

Over the years, various players have offered solutions – mostly proprietary, sometimes self-serving and often highly controversial. Microsoft's Passport drew accusations of privacy violations; more recently, Yahoo!'s insistence that Flickr users adopt Yahoo! user IDs has come under heavy fire.

Still, there's a strong case for a service that would work with users and web sites, giving users an easy way to establish their identity, log in and control what information is being released (and under what circumstances).

For instance, SXIP's Johnny Bufu set out a sort of holy grail for identity and privacy: theoretically, you shouldn't have to give your address to Amazon. You'd say "Ship my package to this identifier code"; they hand it to FedEx, who has that identifier associated with a postal code; they pass it off to a local distributor, who has that identifier associated with a street address. At the end of the day, Amazon and FedEx head office don't have your address, and FedEx doesn't know what's in the box. (Nobody need ever know about your Baby-sitter's Club addiction.)

That may not be too far off. More open approaches are starting to catch on... and beginning to find their way past specialized users to the general public. One rising star is OpenID, championed by (among others) Bufu's colleagues at SXIP.

With OpenID, you register and authenticate your identity with one of several OpenID providers... and there are some big ones. If you have an account with LiveJournal, Typepad, Typekey, Vox, AOL or Yahoo! (some finagling required), you're already in. Microsoft is rolling out CardSpace, an identity system that will interoperate with OpenID. Services like ProtectNetwork work with several open-standard identity protocols, including OpenID, SAML and Shibboleth.

And if you use the Firefox web browser, you can quickly get an OpenID identity via SXIP's superb extension Sxipper (which helps you manage passwords as well as the information you dole out to web sites).

An interesting wrinkle: your OpenID isn't a username or email address; instead, it's a web URL. (It can even be your own web site, if you add a few lines of code to your home page's HTML file.)

Accommodating OpenID for your site's users can be nearly as easy as getting an identity in the first place. There's a WordPress plugin to enable OpenID for commenters (or group blog members). There's a Drupal module for version 4.7, and a revision under way for 5.1.

As identity management extends its reach further into the public, you'll need to start considering it for your community. It won't be long before offering its features – from single sign-on to privacy protection – is essential to attracting and keeping many users.

Some additional resources:

• Kaliya Hamlin runs a remarkably comprehensive blog on identity, and speaks frequently at workshops and conferences.
• There's a handy screencast on YouTube explaining OpenID.
• The presenters at Northern Voice included Sun's Eve Maler, SXIP's Johnny Bufu and (in a second session) Weston Triemstra, and Bryght's Boris Mann. They're all terribly smart.