Ben Laurie from Google responded to my post on Google Account Authentication: two steps forward, one step back. A few comments that I’d like to respond to:
Duh, of course you have to provide a Google credential, you’re going to access a Google service. What kind of credential did you expect to present? Your Yahoo login?
Uh, actually, yes. That is the idea behind Identity 2.0, that I could use my Yahoo login to authenticate to Google and to access Google services.
How does allowing applications to access a user’s Google services deepen anything? Did Dick actually read what these services do?
Yes, I did read with great interest what the services do. As for why this deepens the identity silo, these new identity APIs make it easy for non-Google applications to consume Google services, but it is tied to the user’s Google credential, increasing the value of that Google credential, but creating a bigger barrier to services similar to Google’s, and increasing the users reliance on the Google credentials. Good for Google, but starts to reduce user’s options.
As of right now, what are the options? Is there any mature, reliable, secure identity federation mechanism that’s widely used?
Ben is correct, there is no mature, reliable, secure identity federation mechanism that’s widely used. But that has not stopped Microsoft from working to create one and announcing that they will be using it in their products in the future. Google could participate in defining Identity 2.0 architectures and make them widely used because they are Google.
"Uh, actually, yes. That is the idea behind Identity 2.0, that I could use my Yahoo login to authenticate to Google and to access Google services."
I was thinking the same!
This is the revolutionary change on the internet, when we go from opt-in to opt-out.
I sort of side with Google on this one. How on earth can you expect them to enable users from other silos use their services? Do they just go up to Microsoft and ask "we’d like to have your user logins so that our services can be interoperable?" I think we all know how Microsoft would respond…
Instead we should have an open identity service which service providers should support. On a microcosmic level, something like what Yahoo did with Flickr – log in via your Flickr account or Yahoo account (unfortunately only done after tons of protest).
Glad to hear I am not alone in the wilderness!
Additional good points here from Eric!
Ben responds to this post here above
Kim responds as well!
Another post from Kim
The point here is NOT that Google did anything wrong. The point is that they have not announced that they will do something good. Ben is correct in that there is not a clear means of doing Identity 2.0. Google could state that they will be use Identity 2.0 and not lock users into the Google silo as Microsoft has.
I’ve been kicking around ideas for creating a social platform (including identity) organized as a cooperative (as in food co-op). If the organization’s mission is to serve its users instead of monetizing its users, then an open ID API would naturally follow. Third parties would feel good building on such a platform since they needn’t worry that the co-op would start poaching on their turf. It could serve as a neutral third party for ID. Sound plausible?
Not sure I fully understand what you want to do. Perhaps you can write it up and post it somewhere?
Sadly the new Google is fast becoming the old Microsoft as it begins to grow up into a corporate behemoth by making many of the same mistakes that old Microsoft did with "Failstorm". i.e it’s our way or no way. And this arrogance or ignorance stance relating to identity is just another example.
IF Google could combine our profiles with our search history, then they could provide the next generation of advertising i.e targeted "intentional" advertising based on what we search for which sounds good if highly relevant advertising is the result.
The problem is I no longer trust Google with my data or my identity. I fear Google is trying to suck up the whole internet onto their servers (text, pictures, video, blogs, news)using FREE software picasa, blogger, froogle etc as the bait. Before people think I am being paranoid, checkout the Google desktop search usage policy which states that every desktop search I do on my own desktop will be sent to Google to store on their servers – why? The same policy exists for their enterprise search solution!
A federated identity system based on permissions & trust where I am in control of my identity and data has to be the goal. Google, Yahoo, MSN, MySpace, Ebay and et al have to realise that I will ONLY provide my identity and the right credentials IF they offer me a value-added service in exchange.
This is an interesting (if a little heated) discussion. I think what we need is the ability to link accounts. So reasonably speaking, as exiting as things like openid are, you are going to need Google credentials to use Google services, at least in the short term. But what if you could take your credentials from one account, and tie them to a different account? So for example, you have a yahoo account, and you also have a MySpace account. You are always logged into Yahoo, so you decide to link your MysSpace account with your Yahoo account, by adding your MySpace credentials to your Yahoo credentials. By logging into Yahoo you would also become logged into MySpace, etc. Of course, this sort of thing can not belong to only Micrsoft or Yahoo or Google – consumers will have to be able to choose what they would like their primary credentials to be.
I now am interning at Google, but before I got here, I wrote about this concept:
http://dip.lodoc.us/articles/2006/03/18/web-desktop-the-next-big-internet-tool
and here:
http://www.alkalolcompany.com/temp/google/settingsbubble.html
I would not put Google into the "evil" category, but the lack of transparency on their roadmap given their market position causes uncertainty.
Linking accounts is the start. Where we ideally get to is a complete shift to the user having and Identity Agent that manages their identity for them. We will still have accounts at each service, but we will have abstracted the authentication process out so that the user is in control of identifying themselves.
Interesting links!
"Not sure I fully understand what you want to do. Perhaps you can write it up and post it somewhere?"
I have collected my web cooperative ramblings at:
http://webcoop.wordpress.com/
From my first post:
"So many web services use free software, yet the services themselves, their organization and management, are closed. When will we see a web service that is literally owned by its users, like a cooperative? …
It just seems to me that as these services integrate more closely into our lives, the need for a stronger social contract increases. This isn’t just about privacy, but also reliability and community. It would feel good to know that the service’s management is working harder for the user than the shareholder (crazy!). In a cooperative, the user is the shareholder, so no worries."
Interesting idea Sid. Looking forward to seeing how it will evolve.
I ‘ve just discovered this blog. Excuse me for my english, i’m a french guy
I’m not surprise by the reaction of the big internet actors. They aren’t mature to open their services to any credentials; But with the explosion of the internet services, i’m sure that it will be the model, it’s mandatory. The question is When and How?
Do we need a new independant actor that will offer this new open Digital ID? Seems to be very difficult to do because this actor will need to negotiate with all the big …
I may have this project in France, we have the technology and we can do a beta …
In terms of technology, I thouhgt that Liberty alliance is The Solution and is a mature, reliable, secure identity federation mechanism that’s widely used. The telecoms operators and Internet access providers seems to look at it very carefully …
I’m surprised that you don’t speak about it;
Do you know that the french governement want to offer a complete open Digital ID for all the government and local internet services? The technical test show that is reliable and secure.
The Liberty Alliance is not a solution per se, but a consortium of primarily vendors working to create standards. Liberty has expressed interest in working with the user-centric crowd as it has become clear that more work needs to be done to solve Identity 2.0
I totally see where Sid was going from the beginning. The trouble is getting away from the advertising-based revenue model the web runs on. I have my own ideas about all of it but we’re a long way off yet.
The whole thing is ridiculous really. Microsoft attempted this with their Passport service a long time ago which was more or less completely rejected. The idea here is for decentralized identity and trust services to become standards that break down the walls that divide us between services. Having every service creating their own proprietary login/identity schemes that only gives us access to their services just builds up more walls. In that case the best case scenario are the big players like Google, Yahoo, MSN buy up all the smaller services and we end up in a situation like it used to be back in the Compuserve, AOL, Delphi days. I wouldn’t mind going back to those days, but I don’t exactly like the idea of these corporations building a similar model on top of the web right now.
I wouldn’t say Google is evil… just a slimy manipulative corporate entity. What’s happening is just greed over progress, which has been the norm for some time now.
Jā
Ja, thanks for sharing your comments. Just to clarify, I don’t see Google as slimy or manipulative. I would have liked for them to have matched what Microsoft has said they will do.
Eerst Europa Doelstellingen: De Ci2i Verzekering (Ci2i) zal het nummer een gebrandmerkte pan Europese commoditized online verzekeringsmakelaar door 2010 zijn.
Dutch: hypotheek nodig en een BKR notering. Ga meteen naar deze site en ontvang een hypotheekofferte met een lag e hypotheekrene
hmmm … I hope that makes sense to some …