Open ID - What is It and Why Should You Care?


Framing the Problem

Want students to sign into all the services on campus with a consistent identity? (CAS, LDAP)
vs
Want students from your campus to be able to access resources at your sister university's library? (Shibboleth)
vs
Want students to be able to use 3rd party off campus general internet services with a consistent identity? And potentially have an identity that spans past their 4 year engagement with you? One that they control? (OpenID)

(TO really poke a stick at the previous vendor presentation) The BIGGER framing here is around the shift in what we need to provide students with upon graduation - it's not that guaranteeing their accreditation is not important. Credentials aren't going to disappear. But alongside them, in increasing importance, students will need to graduate with demonstrable skills, work product, and an existing online social and intellectual network on which they can build and which is more contiguous with their campus life. OpenID is important because not so much as a specific authentication practice but in how it speaks to the larger need for online identity that is controlled by the user and which they can choose (or not) to span the myriad facets and periods of their online life.

What it Is

"Decentralised Single Sign-on for the Web which puts individuals in charge"

lets users log in to various websites with just a URI - their OpenID - without registering with those sites first

it supports the transfer of attributes (information about the owner of the OpenID) upon which decisions about trust and authorisation can be based
SHOW IT

What it is Not

It does not try to provide trust or distributed authorization solutions

How is it different than solutions they may currently know:

CAS,

LDAP,

Shibboleth
"In the majority of cases, an OpenID is a URL, which means that the Relying Party can easily use it to determine the location of the OpenID Provider without recourse to some kind of directory service (such as the Where Are You From (WAYF) service used in Shibboleth)"

What problem was it originally designed to solve?



How it Works



Who supports it now?

Providers

initially 9 million users on LiveJournal.com
AOL - 63 million users got OpenIDs in one fell swoop

Consumers

technologies - Ruby on Rails framework, Zend PHP framework, Django Python framework.
services - technorati, WordPress.com, 37Signals, Digg.com, wikispaces.com

Why You Should Care?

if we are going to take advantage of the ongoing innovation that is occuring out there on the web and not continue to become increasingly technology ghettos, we need to adopt authentication and signle sign-on solutions that will allow students to use these new technologies in their scholastic life in a way that the institution can live with.

increasingly students will be showing up with already existing online identities that function perfectly well. we need to be adopting solutions which span across the phases and institutions in which they will participate, especially if we want to do more than just lip service to the idea of life long learning

Where is it going?

OpenID 2 - differences?

Ways in which Higher Ed can work with OpenID?

- turn your directory service or web hosting services into OpenID providers so that an authenticated source on campus also turns into an identity that users can use with 3rd party services on the internet in a secure way.
cf. https://login.case.edu/id

- OpenID and SAML

FURTHER READING/VIEWING

Andy Powell and David Recordon "OpenID: Decentralised Single Sign-on for the Web" Ariadne 51, April 2007. http://www.ariadne.ac.uk/issue51/powell-recordon/

Simon Willison, Video of Invited Talk to Google, "The Implications of OpenID" http://video.google.com/videoplay?docid=2288395847791059857