Online Identity for Community Managers: OpenID, OAuth, Information Cards

Online Identity:
OpenID, OAuth, Information Cards
OCRN Aug 2009

Kaliya Hamlin, Identity Woman
@identitywoman
identitywoman.net
skype:identitywoman
AIM/e-mail:kaliya@mac.com

co-founder, co-producer and the facilitator of the

INTERNET IDENTITY WORKSHOP
www.internetidentityworkshop.com
Wednesday, August 19, 2009

I am a community builder.
This is the technical community around user-centric digital identity that I have helped
build. We have met since 2005 every 6 months at the Internet Identity Workshop.


In mid 2004 Julia Butterﬂy Hill
launched this website to encourage
people to be active and linked to
40+ organizations. These sites had
about 50 login opportunities - each
one of them each required a new/
different user name and password.

How were all these groups going to work together –to form a strong
community - if the citizens they were asking to participate were
required to create several dozen accounts just to join the related
efforts and collaborate across them?
The answer is: with difﬁculty.
Just having links to good things is not enough to support a networked
movement. Activism as Patriotism only lasted until early 2007.


My sketches from 2003 for distributed social network
platform with user-centric identity.

How could the people that I knew shared interests and passion in
community (both facet to face and online), be able to work together
across boundaries and domains on the web?

In 2003 I began to sketch out designs for online “social network
tools” (that term was not yet in widespread use) for face to face communities to
connect online. I knew user-centric identity technologies were essential
but others didnʼt see it yet.


To cross boundaries and domains on the web people,
citizens, consumers needed the power to manage their
own identity information.

By identity information I specifically mean the identifiers
and handles that they use across time and in cyber
space - controlling the ways in which they are “seen” in
different contexts.

To do this we need open technical standards to make
identifiers portable across contexts and we need
interfaces to make this easy.


The good news is that the identity community has
come a long way in developing identity management
tools. Three are discussed in this slideshare.


The ﬁrst two technologies I will be covering are OpenID
and OAuth - the key protocols in the so-called “open stack”


openid.net


OpenID creates an integrated and wholistic “online life” (identity)
replacing the fragmentation that is created by maintaining 100-300
different accounts for different online services and the necessity to
create a new one at every website that requires a login.

Can you imagine how much easier and more pleasant community
life would be if we could reduce the number of identiﬁers and
handles to a manageable number – say under ten.


Different persona’s for one user that could
each have a different OpenID URL.


The user goes to a website


Traditionally the user is
presented with the
opportunity Login with a
user-name and password


user name/password
is replaced with
OpenID login box

The user enters a URL they control
- like their blog URL or from a provider.

* Newer user interfaces allow user to pick
Open ID provider they might have like
Google,Yahoo, Myspace, Facebook, AOL etc...


The website the
user is logging into

redirects the user to
where their URL


The user
is asked to
authenticate


The user responds
with a password
(or other additional
methods of authentication
like a token)


Authentication is successful!

The site with the user’s URL
redirects the user back to the
the user is
website they are logging into.
logged in


Who’s In?
Corporate Members:
• Facebook - Luke Shepard
• Google - Eric Sachs
• IBM - Nataraj (Raj) Nagaratnam
• Microsoft - Michael B. Jones Community Members:
• PayPal - Andrew Nash • Brian Kissel (JanRain)
• VeriSign - Gary Krall • Chris Messina (independent)
• Yahoo! - Raj Mata • David Recordon (Six Apart)
• Joseph Smarr (Plaxo)
• Nat Sakimura (Nomura
Research Institute)
• Scott Kveton
• Snorri Giorgetti (OpenID Europe)
• Allen Tom (Yahoo)


What you can do:

* Accept OpenID’s

* Issue OpenID’s (to employees)

* Issue OpenID’s to your user base


Single Sign On isnʼt enough though.
You also have to empower people to be able to
share data their own data.

oauth.net


The user belongs to two different sites.

How can the user move photos from photo site to the
social network site without giving away the password
for the photo site to the social network site?

The user asked if they want to share - then
redirected to the site to give their permission


The photo site gives the social network site a token
to the social network that gives it access to their account.

A data tunnel is created between the user’s
accounts on both sites

A user posts photos and they can ﬂow from
one to the other - and they didn’t give away their password.


Who’s In?


What you can do:

END THE
PASSWORD
ANTI-PATTERN
STOP Asking users for their password to gain
access to another site on their behalf

Implement Oauth on your site
Ask your partners to implement it.


informationcard.net


Reminders


Who’s In?

Card Space


What you can do:
*Issue information cards to members of your
site/organization
*Accept information cards from netizens to
collect information you think is important
*Use it to get third party validation about key
things important to you - so you donʼt have
to do identity prooﬁng.


Kaliya Hamlin
Identity Woman

@identitywoman
identitywoman.net
skype:identitywoman
AIM/e-mail:kaliya@mac.com

co-founder, co-producer and the facilitator of the

INTERNET IDENTITY WORKSHOP .com


Online Identity for Community Managers: OpenID, OAuth, Information Cards

More Related Content

Similar to Online Identity for Community Managers: OpenID, OAuth, Information Cards (20)

More from Kaliya "Identity Woman" Young (20)

Recently uploaded (20)

Online Identity for Community Managers: OpenID, OAuth, Information Cards