Internet identity is about authentication

Internet identity is about authentication

Summary: As Doc Searls, Kaliya Hamlin, and I ramp up preparations for the second installment of the Internet Identity Workshop, (May 1-3, Mountain View, CA) we've put up a wiki for participants and others interested in following the event. Last time, we used a wiki from SocialText that Ross Mayfield generously donated.

SHARE:
TOPICS: Security
1
iiw_2006_small-cropped.pngAs Doc Searls, Kaliya Hamlin, and I ramp up preparations for the second installment of the Internet Identity Workshop, (May 1-3, Mountain View, CA) we've put up a wiki for participants and others interested in following the event.

Last time, we used a wiki from SocialText that Ross Mayfield generously donated. This worked well, but we thought it might be fun to use some of the technology that the workshop is talking about, so we installed a copy of MediaWiki and patched it to use OpenID. The patching process wasn't as easy as I'd have like, but ultimately we got it done.

If you're not familiar with OpenID, it's a distributed authentication system. Period. There's no authorization piece and not even a way to store and transfer identity attributes. Just authentication.

I've talked to people about OpenID and had some curious reactions when they try to figure out how you'd use something that's just about authentication. Most enterprise product conflate the tasks of authentication and authorization and end up short changing authentication. The trouble is that many people use them mainly for authentication because the underlying apps were built to handle authorization on their own. Consequently people are stuck with a poor authentication system married to an authorization system that they hardly use.

The world of Internet identity is full of authentication projects. That's the primary topic. Authentication is something that can be, and frequently is, delegated to an outside party. OpenID is probably the simplest because it just does pure authentication. Further up the functionality spectrum i-Names are LID, SXIP, InfoCard.

There's another development that was accelerated at the last Internet Identity Workshop called Yadis. Yadis marries OpenID, LID, and i-Names with a protocol negotiator so that you can use any one of the three to authenticate at any site that is Yadis-enabled. As soon as then have a MediaWiki patch, I'll update the IIW wiki to use it.

Meanwhile, if you want to explore the user side of OpenID, pop over to MyOpenID, sign up for a free OpenID, and log into the IIW wiki. While you're there register for the workshop. We'd love to see you there.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • not even half a loaf

    Granted, authentication and authorization are separate subjects, but authentication including identification is a pre-requisite for authorization. If OpenID doesn't tell you who it authenticated, you can't do identity-based authorization.

    This really seems useless for anything more than a single level of authorization.
    diane wilson