Corporate Identity and Identity Issues

There is a lot of buzz about Sun’s announcement of OpenID support and the fact that Sun will be giving OpenIDs for all of its employees.

While this is indeed good news for the identity community in general and for the OpenID community specifically, it got me thinking about the implications for such a move in which a big company OpenID enables all of its employee.

If a company OpenID enables all of its employees and its OpenID server is usable for outside parties to authenticate against it means that now every employee of that company, when authenticating with his/her OpenID can be verified as an employee of that company (providing that no one spoofs the domain and DNS settings, etc).

On one hand, now when I read a forum post or blog comment that was created by a certain company employee which authenticated using his/her corporate OpenID account I can evaluate that this person indeed works for that company and take that into account when evaluating the things he/she said.

On the other hand, it loosens the rope around the employees necks and allowing them to express under their corporate identity which, in some cases, may circumvent the PR department. Since we already know (or can verify) that this identity did come from that company it can cause PR hell (or goodness, depends on the information :-) ).

The only way to properly utilize this power is to educate corporate users on identity issues, not just the rest of the users using the internet. The corporate will greatly benefit from that by avoiding PR hell and the users will gain better understanding about internet and online identities which is always a good thing to educate people about in this always on, publicly accessible and fast world we live in.

What do you think on the subject of corporate identities?

Will better education of people regarding their online identity and separating their corporate identity from their personal identity will help everyone better understand when they are in their corporate hat and when they are on their own?

I wonder what would be the best ways of educating people about that? Should it start from having multiple user names when sharing a single computer?

The new and slick

I’m probably the last person to talk about it, by has a cool and slick new design [via Scott’s blog].

They also added a cool new feature, client side certificate, so when you install such a certificate on your machine you don’t need to do anything to sign in. It does all that for you!

Just remember to NOT use it on public computers or on computers that are being used by more than one person and do not have a different user names for each person.

Congrats to Scott and all of the fine team at JanRain!

In the transition, one thing was lost though, my personal icon. It wasn’t a biggy cause I uploaded it again. On the other hand if I haven’t read about the redesign of the site I would have probably thought I was hijacked to a different one :-) (not!).

Twitter and OpenID

Dave Winer says:

“[…] we could make Twitter the open identity system we’ve been looking for. Make your Twitter ID the one that you use to log on to other service […]”

I say let Twitter support OpenID with all of the good Relaying Party Best Practices including (but not limited to):

  • Ability to associate an existing account with an OpenID
  • Ability to switch to another OpenID (sort of a password recovery for OpenID)
  • Ability to create a new account directly with an external (non Twitter) OpenID (be a standard relaying party)

If they want to, they can also be an OpenID provider (which should be good for them, of course ;-) ).

OpenID Sign In/Up Processes on OpenID supported sites

Most sites today distinguish between the process of Signing Up – the user wants to register to the site/service and does not have a previous account (or wishes to create another account), and the process of Signing In – the user wishes to identify himself/herself with an already existing account on the site/service.

Whenever I reach a site that support OpenID I always try to see what is the process of sign-in/up with OpenID to the site/service.

I keep on seeing two distinct ways that are common in such sites/services (at least in the sites that I’ve visited).

The first, is to separate the OpenID handling to a different page. In that page the process of sign-in/up is actually the same. If this is your first time of signing in with your OpenID it will actually transform itself to a sign-up process and may ask you a couple of questions and may interact with your OpenID provider.

The second, OpenID is integrated only in the Sign-In screen. If you sign in with an OpenID for the first time you will actually get a sign-up process and you may be asked a few questions and have an interaction with your OpenID provider.

OpenID is still a bit confusing to most people and when sites/services that do decide on doing the right thing and support OpenID, sometimes, add additional complexity with either hiding the OpenID sign-in/up location or not showing it in the right places that users may go to since they are already familiar with the Sign In/Up paradigm.

I know that some of the considerations for some of these sites/services is to have OpenID support for those who actually knows about it and uses it, which they know they will search and find it eventually. On the other hand, they don’t want to scare off normal users that don’t know (yet, hopefully) or care about OpenID with this technical mambo-jambo.

The best place, of course, is to have OpenID in both the Sign-In and Up screens, if a user that do have an OpenID reaches any one of these screen the scenario of signing in for the first time (or not for the first time) will work no matter when he is. It can also be a separate screen but accessible from the sign-in and up screens and clearly indicated that if you have an OpenID account go here (with explanation of what is OpenID, of course).

I still think that we can find a balance between these considerations and still have a clean use-case of signing in and up with and without OpenID without breaking existing paradigms.

What do you think? How would use design these processes that will still fit to your site/service and still support in a clear and obvious way OpenID?

Identity and Identity Relationships

I just read this post by Kaliya and it got me thinking about Identity relationships.

I think Kaliya is right that the connection between identity and relationships between identities (a.k.a. Social Networks) is a hot topic which will probably get some answers in 2007 (hopefully even good ones).

What if we could have relationships between identities (between OpenID identities, for example)?

We could store them as part of our identity (I’m sure we can think of a creative use of XFN and identities like OpenID since it is also a distributed way of showing relationships between people) and “take our friends with us” to other sites that we sign up, eliminating the need to manually re-enter and “drag” our friends to every hot new social networking site.

Of course, we don’t want to add all of our friends to every social network site we sign up to, so we should be able to choose which ones we will “import”, the same way we can choose which fields of our persona that our OpenID server shares with the site we are registering to.

The major question here is if specifications such as OpenID should contain relationships between identities. Should it be an integral part of OpenID, should it be an extension of it?

I don’t really know yet. I guess I should dig deeper into the OpenID specifications and see if there is room for such a thing and if there are further discussions that are leaning towards such an approach.

I guess time will tell, hopefully circa 2007…