Dick Hardt – Identity 2.0

Does Identity 2.0 (Digital Identity) play a huge role in our future? Will it influence the way in which we as digital citizens use the internet in time to come? Will sites like OpenID, OAuth and our very own local Identitude take off and be used world wide as a standard means of identification? I believe so, but it’s going to take time.

Tags: , ,

This entry was posted on Tuesday, October 16th, 2007 at 3:23 pm and is filed under Technology. You can follow any comments to this entry through the RSS 2.0 feed. You can leave a comment, or trackback from your own site.

7 comments

  1. Armand du Plessis
    October 16, 2007 at 3:44 pm

    Thanks for the link Tyler. I will let you know when we’re ready with a beta :)

    The current prototype is certainly fully functional as an OpenID Provider but we’re busy adding all sorts of nifty things to it before launch.

  2. StevenMcD
    October 16, 2007 at 7:14 pm

    The challenge is to change people’s perception of things like this. the automatic reaction I get when mentioning something like OpenID is that people are worried about the safety of their info. With time and experience those perceptions will change i’m sure!

  3. Tyler
    October 16, 2007 at 7:27 pm

    Armand: No problem, prefer local services ;) I would love to give the beta a go.

    Steven: Yeah, agreed. I am also hesitant to sign-up right away. There also so many players entering the game as well, I want one provider, not 10.

  4. Armand du Plessis
    October 17, 2007 at 9:24 am

    Steven, on the security – the risk of a rogue relying party redirecting you to their own honeypot for getting access to your openid credentials is comparable to you typing in your username/password into a rogue site directly. It’s certainly a real threat but if you are generally careful online the risk/convenience trade-off should make OpenID an attractive alternative to username/passwords. Also because OpenID is an open standard and there is so many different OpenID Providers out there someone out to get your OpenID credentials would have to target specific providers in order to create a realistic decoy.

    Tyler – With OpenID authentication delegation you can turn e.g. tylerreed.co.za into your OpenID and have that delegate to your chosen OpenID Provider. That way your OpenID stays consistent while allowing you to switch providers. (See http://dotnet.org.za/armand/archive/2007/02/08/OpenIDCS.aspx)

    Just on the security again, specific to Identitude this time, we don’t store any personal information whatsoever. The only information we keep around is an identifier sufficient to link your OpenID back to a Facebook account. All the rest of the interaction is directly with Facebook and through the Facebook API so the risk of phishing or inadvertently disclosing an username or password is even less than with a normal OP. Will check comments but ping me on Pibb if you guys have any more Identitude related questions -> https://pibb.com/go/identitude

  5. Armand du Plessis
    October 17, 2007 at 3:46 pm

    Some OpenID security related links I probably should’ve included in my earlier comment –

    Now infamous summary of the problems with OpenID – http://www.idcorner.org/?p=161

    Some measures to improve the process –
    Verisign’s Seatbelt -https://pip.verisignlabs.com/seatbelt.do
    Sxip’s Sxipper – http://www.sxipper.com/ Phishing resistant OP
    Verisign/Paypal Fob – https://www.paypal.com/us/securitykey – Can be used with Verisign’s Pip

Leave a comment