As identity management solutions have evolved, one underlying theme has been openness. When I say openness, I’m not talking about business transparency or the openness that politicians and executives oftentimes hail as the “new way of doing business.” Instead, openness in the technical realm generally refers to open standards and non-proprietary systems that tend to also be open source. Businesses adopting an identity system have learned over time (and sometimes through hard lessons) that tying yourself to a single third-party provider has its risks. Case in point: Microsoft’s Passport technology.
Passport to Nowhere
Microsoft’s single sign-on Passport login system (now rebranded and reworked as Windows Live ID) started off with good intentions: provide a way to login to websites with a single user ID that is centrally administered (by Microsoft). This would eliminate the ever-growing list of website logins and passwords that you as a user must remember.
So what was the problem? Well, Microsoft’s problem was two-fold: first of all, the service came out around the time that Microsoft was being sued for their “monopolistic practices” and consequently more and more people were beginning to distrust them. Second, and more importantly, the service broke several of Kim Cameron’s now well-known Laws of Identity. As Cameron himself put it:
Internet users saw Passport as a convenient way to gain access to MSN sites, and those sites were happily using Passport—to the tune of over a billion interactions per day. However, it did not make sense to most non-MSN sites for Microsoft to be involved in their customer relationships. Nor were users clamoring for a single Microsoft identity service to be aware of all their Internet activities. As a result, Passport failed in its mission of being an identity system for the Internet.
Ironically (or perhaps fittingly), Kim Cameron is now the Chief Identity Architect at Microsoft and has attempted to correct these problems in Windows Live ID.
Hello, OpenID!
What was really needed was an identity solution that provides single sign-on without the fear and risk of having to rely on one individual company. Hence the introduction of OpenID, an open platform with no single controlling organization. By moving away from a centralized model, OpenID allows different sites to act as “OpenID providers”. So if I go to bobsawesomewebsite.com, and they accept OpenID, I can login with one of several identities – Google, Yahoo, myOpenID, etc. Since all of these are OpenID identity providers, the site naturally accepts the login.
Two Steps Forward…
Following right behind this trend, Facebook now also offers a way for users to use their account as a login to other websites with a technology they call Facebook Connect. While OpenID has detractors because of its usability and lack of understanding by some users, Facebook offers a fairly simple and familiar single sign-on option along with a wealth of user profile information. What’s concerning is that Facebook Connect is somewhat of a movement back towards the closed, proprietary nature of Passport. And as I wrote about a little while back, relying on Facebook to always be available is not as safe a bet as you would think.
Your Future Identity
The end-all-be-all Internet identity system has not quite emerged, but we’re getting there. The tendency to shift towards a single identity provider or even a single pass-through service is a danger that standards groups, businesses and consumers are now aware of. In addition, the Internet community seems to be moving towards OpenID, Facebook Connect, and even Windows Live ID as the better way to handle identity, but if they are wise, they will avoid providing only one way to authenticate.
Ironworks is always on the lookout for experienced professionals who believe in hard work, having fun, and great client service.
Sign up to receive Ironworks' quarterly e-newsletter for the latest news, events, client successes, industry insights and more!
Comments