OpenID: An Identity System for the Open Web Online Information, December 2008 September 2008

Online Information, December 2008

OpenID: What is it? Identities: Trusted vs trusted. Activities: Formal vs informal. Usage scenarios. ALT-C 2008 Sponsor Session September 2008

OpenID: What is it?

Identities: Trusted vs trusted.

Activities: Formal vs informal.

Usage scenarios.

Uses of online identity Control access to ‘known’ users or subscribers. Depends on claims asserted by trusted party. Personalisation Depends on self-asserted claims by user. Common presence across services. Depends on universal identifier – with consent of user. ALT-C 2008 Sponsor Session September 2008

Control access to ‘known’ users or subscribers.

Depends on claims asserted by trusted party.

Personalisation

Depends on self-asserted claims by user.

Common presence across services.

Depends on universal identifier – with consent of user.

Defines globally unique identifiers for users. They're URLs... http://dno.myopenid.com http://openid.eduserv.org.uk/dno ALT-C 2008 Sponsor Session September 2008

Defines globally unique identifiers for users.

They're URLs...

http://dno.myopenid.com

http://openid.eduserv.org.uk/dno

A mechanism to verify the URL ‘belongs to’ its bearer. User chooses provider to hold their profile and check credentials. That's it! Almost. ALT-C 2008 Sponsor Session September 2008

A mechanism to verify the URL ‘belongs to’ its bearer.

User chooses provider to hold their profile and check credentials.

That's it! Almost.

Who are you? (1) http://dno.myopenid.com OpenID (Identity) Provider (2) (3) Verification + attribute exchange (optional)

Who's using it? Estimated over 250 million identities! You've probably already got one! ALT-C 2008 Sponsor Session September 2008 BBC AOL Google Yahoo Flickr Microsoft MySpace Orange Verisign

Estimated over 250 million identities!

You've probably already got one!

Shibboleth Credentials ‘owned’ by issuing organisation (eg. University, workplace) ‏ . Exist for duration of study, employment etc. Trusted claims. Federations with well-defined boundaries. OpenID Credentials ‘owned’ by user. Exist for sustained period. Untrusted claims. ALT-C 2008 Sponsor Session September 2008

Shibboleth

Credentials ‘owned’ by issuing organisation (eg. University, workplace) ‏ .

Exist for duration of study, employment etc.

Trusted claims.

Federations with well-defined boundaries.

OpenID

Credentials ‘owned’ by user.

Exist for sustained period.

Untrusted claims.

Learning/research Email Mobile access Collaboration Lifelong-learning/ alumni Shibboleth Managed Information Cards Trust Federations Assessment Subscription resources Campus services Library services Blogging Personalisation OpenID Personal identities Personal Information Cards Social Networks

OpenID reflects trends of the Open Web.... and those of users and learners. Open content, collaboration, linked-data, RESTful APIs, social software, microformats. ALT-C 2008 Sponsor Session September 2008

OpenID reflects trends of the Open Web.... and those of users and learners.

Open content, collaboration, linked-data, RESTful APIs, social software, microformats.

Learners want to use the services they choose, know, and like to use. Provides access to best-of-breed services. Staff want to find the best, and most appropriate services for themselves & students . Campuses can't provide diverse enough set of services. ALT-C 2008 Sponsor Session September 2008

Learners want to use the services they choose, know, and like to use.

Provides access to best-of-breed services.

Staff want to find the best, and most appropriate services for themselves & students .

Campuses can't provide diverse enough set of services.

Scenario 1: Universities issue OpenIDs Easy to do Inferred membership of organisation... http://openid.bath.ac.uk/user Identifier not portable between organisations ALT-C 2008 Sponsor Session September 2008

Universities issue OpenIDs

Easy to do

Inferred membership of organisation...

http://openid.bath.ac.uk/user

Identifier not portable between organisations

Scenario 2: Association of an existing OpenID with a ‘formal’ University identity Also easy to do Lifelong learning Collaboration with peers ‘ Hides’ OpenID from service providers ALT-C 2008 Sponsor Session September 2008

Association of an existing OpenID with a ‘formal’ University identity

Also easy to do

Lifelong learning

Collaboration with peers

‘ Hides’ OpenID from service providers

Scenario 3: Hybrid model: OpenID as a pointer to a formal identity ALT-C 2008 Sponsor Session September 2008

Hybrid model: OpenID as a pointer to a formal identity

Service Provider (1) OpenID request http://dno.myopenid.com (4) Formal claims (3) Shibboleth request Informal claims + pointer to ‘formal’ university identity provider (2)

Conclusions Gives users choice . Fits in with a user-centric, Web 2.0 view of the world. Bridge to a more diverse range of services. Life-long learning identity association. Users can build up personal portfolio of services. Institutional, non-institutional mash-ups. ALT-C 2008 Sponsor Session September 2008

Gives users choice .

Fits in with a user-centric, Web 2.0 view of the world.

Bridge to a more diverse range of services.

Life-long learning identity association.

Users can build up personal portfolio of services.

Institutional, non-institutional mash-ups.

Considerations It's not a universal solution. Or is it? Good for the techies/Web 2.0 people. Not without risks. Service levels and continuity Data-loss – too much dependency on external services. ALT-C 2008 Sponsor Session September 2008

It's not a universal solution.

Or is it?

Good for the techies/Web 2.0 people.

Not without risks.

Service levels and continuity

Data-loss – too much dependency on external services.

Thank you [email_address] ALT-C 2008 Sponsor Session September 2008

Thank you

[email_address]