Thinking on Identity - a Mini Tutorial
April 4th, 2007 by Gordon Cook
I wrote: Thank you Johannes
I’d like to hear more. What is your reaction to the six kinds of identity listed by JP in my post above?
Johannes Ernst: This is certainly one way of slicing the problem. (And, going far beyond what many people think identity “is” or should be — but rather consistent with what we’re thinking @ NetMesh and why we think this matters; it doesn’t matter that there is one way of crypto over another, or some other smart way of doing iris scans: it’s what it enables on the higher levels)
For comparison, Andre Durand used a different categorization some years ago.
A bunch of people are currently collaborating on an “Identity Landscape” paper, commissioned by the Liberty Alliance, which has some related categorization.
On the technology end, here is one way I put it. with a recent new iteration by Eve Maler of Sun.
COOK’s Edge: Would you say that moving forward on all these level is to complicated for most folk?
Johannes Ernst: I think everybody needs to pick one area and drive adoption — on a conceptual level, on the business model, on the technology etc. — and because so many people are working on different aspects of this, something covering most of these levels will come out at the other end, with some levels being much closer to the here and now, and some further out.
I’m skeptical about the possibility of one grand design. But I’m very bullish on the here and now business opportunities that solve problems today and position adopters well as we get to the even more valuable, higher levels.
COOK’s Edge: How would you explain the utility of open ID to that martian I mentioned?
Johannes Ernst: OpenID does a number of things:
- it makes people part of the same namespace as everything else on the internet (”URLs can now also point to people”)
- thus you can do things such as “point to” a person, link to them, bookmark them, tag them, send e-mails about them etc. etc., which enables new social kinds of interactions and applications
- thus I can recognize You in many different venues, e.g. that you left a comment both on A’s blog and on B’s blog, even if A and B do not know about each other and have not committed to using the same user database
- it creates authenticated endpoints, so You can prove to Me that it is indeed You who wants to interact with me instead of somebody else.
- it establishes decentralization as the fundamental pattern for interactions … which has broad implications for competition and societal organization, as as discussed on this list
Most importantly, it is an enabler for personal control, for new applications, and for security.
COOK’s Edge: Is it a kind of “cert”?
Johannes Ernst: In a way it is, but it is a self-issued cert: nobody needs the permission of, or give dollars to some central entity. It’s a fully decentralized system: You, the empowered individual, decide where you set up shop (”which URL you pick and to which server it points”) and from where you interact with the world. This is also enabled by the “nobody should own this” principle of the OpenID community.
COOK’s Edge: One where you don’t need a central authority to validate? Can you give an example or two of how its being used?
Johannes Ernst: The #1 application today is blog commenting. It’s clear that if I come across an interesting blog post of somebody I don’t have a relationship with, and I want to comment, I won’t sign up for another username and password. By bringing my OpenID, I can use that very same OpenID as a username everywhere (that supports OpenID), and I don’t need a password, without allowing anybody to impersonate me either. Further, I automatically “point back” to myself (because the blog has my OpenID URL), which creates a decentralized social network as a side effect.
Blog commenting is obviously a very low-value, low-risk application, and an example of the Long Tail of OpenID adoption. (previous identity technologies could never address that long tail because of their fundamentally different cost structure, which is why today’s 80 million OpenIDs are suddenly possible.) But OpenID is moving up the tail, where now even banks and healthcare organizations are beginning to look at it for applications that have a very different cost/risk profile.
COOK’s Edge: I am sure that more could be found out in google or on your web site but forgive me for not wanting to browse. Where would it fit in the 6 categories used by JP in (3)above? Ecce homo?
Johannes Ernst: Ecce homo (or ecce software agent — the technology can be used for either) is where we are at today with OpenID. But it is also a direct enabler for “letters of intent”, “tell them phil sent ya” and “trust me, I’m a doctor”. Without URLs for people, they would be a lot harder.
COOK’s Edge: How about others here? please don’t leave the burden of the conversation entirely on johannes.
Johannes Ernst 
For thoe who read gherman better than I
[…] Johannes Ernst, einer der Vordenker der OpenID Szene, der im Silicon Valley eine Firma namens Netmesh betreibt, hat in Gordon Cooks Blog ein Interview gegeben, welches ich hier gerne auszugsweise “freiâ€? übersetzen möchte, da er den Kern der OpenID-Idee nochmals sehr prägnant aus seiner Sicht zusammenfasst. […]
[…] Conversations take place in all sorts of forms, and one of the weaknesses of the blogosphere is that only one kind of conversation tends to get captured. It is with this in mind that I direct those who are interested in this topic to what’s happening here, in Johannes Ernst’s blog, and here, in Gordon Cook’s blog. […]