OpenID and Data Portability
Nicolas Popp – a leading advocate of Open Identity and data solutions – posted on his VeriSign blog today following the rather heated discussions that have ensued since Google announced its Friend Connect product recently.
Nico’s employer – VeriSign – along with Microsoft, Yahoo, Google, AOL and others, is a member of the board of the OpenID foundation.Nico’s primary argument (emphasis mine) is that:
Undoubtedly, data portability is the natural child of federated identity (more on that in a future post). Personal and social data are an important part of any consumer identity’. Like identifiers, credentials and profile attributes, social graphs, activity streams belong to the end user who created them in the first place. In the long run, consumers will require full control, privacy, security and portability over such personal information. Therefore, the identity technical community must engineer a new and comprehensive identity portability layer. The new layer needs to broaden the tradition notion of identity federation beyond names, passwords and profile to encompass the full gamet of personal and social data. Furthermore, this new layer must support a plurality of identity service providers who can compete and distinguish themselves by the quality of their service and the user experience that they provide. Freeing our data off Web portals and social networks by creating a new service layer dominated by one single service provider is hardly trading one master for another.
I am in full agreement with this approach. And .. as coincidence would have it, last week I registered the domain name – itsmygraph.com – with a view to beginning to participate in this discussion. I have an early draft of my thoughts. They are at sites.itsmygraph.com. But as a teaser – here is my high level view of the evolution of Internet Users:
I would love to get feedback on your thoughts about the future of data portability and its relationship to OpenID and OAuth.
My personal view is that Michael Arrington had it right when he said recently:
Iâ€™ll say what the OpenID Foundation cannot, for political reasons – Itâ€™s time for these companies to do whatâ€™s right for the users and fully adopt OpenID as relying parties. That doesnâ€™t fit in with their strategy of owning the identity of as many Internet users as possible, but it certainly fits in with the Internetâ€™s very serious need for an open, distributed and secure single log in system (OpenID is all three).
If and when the Big Four become relying parties, the floodgates will truly open and there will be no looking back. And until they do that, Iâ€™m not buying that they really support what OpenID is trying to accomplish.