No Web 2.0 without identity
It is not uncommon for employees to have to log on to different applications up to 10 times a day. Understandably, there is little enthusiasm for this. At least I haven't met anyone who is happy to type their login and hopefully the correct password into a login form over and over again.
The problem was recognized years ago and software manufacturers now offer a wide range of product solutions, at least for closed company networks. The problem already seems to have been alleviated in some companies and many applications are actually interconnected via single sign-on (SSO) solutions.
The world of identities
On the Internet, however, the world looks a little more complicated. Applications, web services and Portals do not come from just a few manufacturers or suppliers. An incredible number of Procedure, Products, solutions and Developments leads to a technology that is far removed from standards and common handling of user login data.
Even if there were technical regulations for exchanging login data, it is very questionable whether such data should or would be passed on. Nobody knows what happens to the data and the user simply loses the Control about his Data. The call for a superior authority to manage the login data with confidence is therefore obvious. Then a user would still have an overview and be able to use this Central instance control which data is made available to whom and what happens to it.
Identities in real life
In real life, we use such a model almost every day. When we buy an item of clothing, we hand over our credit card; when we are at the petrol station, we hand over our credit card; when we pay in a restaurant, we hand over our credit card. What happens is that a central office - namely the credit card company - confirms the payment or not. However, this only happens if the card has been clearly authenticated, the limit and sometimes even the creditworthiness has been checked. And this is precisely the principle with which the login problem on the Internet is attempted to be solved. There are numerous developments for this, which are often listed under the heading Identity 2.0. LID, SXIP, YADIS, CardSpace, i-names and above all OpenID are such representatives.
Web & Identity = 2.0
With the now slightly overused addition "2.0", Identity 2.0 is also intended to express the fact that the next generation of web applications (keyword Web 2.0) offers no real added value for users without a sensible approach to convenient and secure authentication. This is also the position of Identity 2.0 pioneer Dick Hardt, who has already been quoted several times. Among other things, the Canadian will be a guest keynote speaker at the Web 2.0 Congress (from April 25-26 in Mainz), where he will rightly emphasize that no good Web 2.0 services can be realized without identities .
Hello Mr. Belikan,
What do you mean by "so far"? Do you already know any possible solutions?
I had already addressed the problem of verifying identity details at iam-wiki.org. There were no known projects there for a solution to achieve a "qualified electronic identity".
Regards
Matthias Schilha
Hello Mr. Schilha,
They have given the answer themselves. "So far". There will imho be different "qualities" of digital identities. For example, the whole topic of light-weight or user-centric identity arose from the fact that simple "light" authentication is completely sufficient for simple web services. In other words, the quality of the digital identity does not have to be very high.
Thinking in the other direction, the (digital) identity must be confirmed, as with the issuing of a credit card (not the verification - we know about the misuse of credit cards). In this respect, you are right, because the "quality" of the identity is different. But regardless of this, the PRINCIPLE of how identities will be "managed" in the future applies.
Incidentally, analogies to the discussion about the "strength of authentication" and questions such as: "Is that secure enough?" are permitted.
Hello Mr. Belikan,
Your comparison with the credit card company is unfortunately incorrect. No provider of digital identities has yet verified the accuracy of the information provided. In contrast, an identity card is required when applying for a credit card.
No question: OpenID is a step in the right direction. But until the problem of data reliability is solved, OpenID offers nothing more than a fake identity.
Regards
Matthias Schilha
Unfortunately the entry is somewhat hidden, here is a direct link:
http://openiddirectory.com/index.php?do=keywords&id=65&words=it-and-business
Hint: There is a vote button, feel free to try it out :-).
Hello Oliver,
very good contribution, I can only agree with your posting.
At the same time, the test to post a comment via OpenID was successful and we have gladly included your entry in "The OpenID Directory", the international directory for OpenID-enabled websites.
Best regards!
Thomas Huhn