Corporate Identity and Identity Issues

There is a lot of buzz about Sun’s announcement of OpenID support and the fact that Sun will be giving OpenIDs for all of its employees.

While this is indeed good news for the identity community in general and for the OpenID community specifically, it got me thinking about the implications for such a move in which a big company OpenID enables all of its employee.

If a company OpenID enables all of its employees and its OpenID server is usable for outside parties to authenticate against it means that now every employee of that company, when authenticating with his/her OpenID can be verified as an employee of that company (providing that no one spoofs the domain and DNS settings, etc).

On one hand, now when I read a forum post or blog comment that was created by a certain company employee which authenticated using his/her corporate OpenID account I can evaluate that this person indeed works for that company and take that into account when evaluating the things he/she said.

On the other hand, it loosens the rope around the employees necks and allowing them to express under their corporate identity which, in some cases, may circumvent the PR department. Since we already know (or can verify) that this identity did come from that company it can cause PR hell (or goodness, depends on the information :-) ).

The only way to properly utilize this power is to educate corporate users on identity issues, not just the rest of the users using the internet. The corporate will greatly benefit from that by avoiding PR hell and the users will gain better understanding about internet and online identities which is always a good thing to educate people about in this always on, publicly accessible and fast world we live in.

What do you think on the subject of corporate identities?

Will better education of people regarding their online identity and separating their corporate identity from their personal identity will help everyone better understand when they are in their corporate hat and when they are on their own?

I wonder what would be the best ways of educating people about that? Should it start from having multiple user names when sharing a single computer?

2 thoughts on “Corporate Identity and Identity Issues”

  1. I’m not sure a corporate OpenID “loosens the noose”. (Large) corporations have communications policies that employees must abide by. Before OpenID, generally nothing stopped an employee from using their corporate email address to post onto a mailing list, except the consequences of failing to abide by policy. I see the OpenID as analogous to this.

  2. Paul,

    While you are correct on the fact that no one can prevent a someone from using his corporate Email to post something, I tend to believe that most people do understand the fact that using the corporate Email may result in unwanted Emails coming users that found your Email. Also, a lot of people are more knowledgeable on SPAM these days and the fear of SPAM alone will get them to hide their Email (corporate or not) as much as they can.

    If the corporate OpenID URL is built so that it will be hard to deduct the user’s Email, it would be easier to use that instead of the Email.

Leave a Reply