You're invited to visit and try out a beta version of an identity service we've provided. It's called the VeriSign Personal Identity Provider (“PIP” for short), and you can find it at http://pip.verisignlabs.com. The VeriSign PIP is designed to provide a “home base” for users who want use OpenID applications. Users who register with the VeriSign PIP get an OpenID – a URL they can use to login and authenticate at sites that accept OpenID. In addition, the VeriSign PIP lets you store profile information, and control how, when and with whom that information can be shared.

What Can I Do With The VeriSign PIP?

When you register at the VeriSign PIP, your user name is used to generate a unique URL for your profile. My username is “mgraves”, so my OpenID is “http://mgraves.pip.verisignlabs.com”. Now when you go to a site that supports OpenID, you can provide your OpenID, and use it instead of having to register separately for each site. For example, if you're reading a blog at LiveJournal.com, and want to leave a comment, you can go register for an account at LiveJournal, or just use your OpenID. Enter your OpenID URL, and the LiveJournal will authenticate you with the VeriSign PIP (or any other compatible OpenID server).

You can go to http://www.schtuff.com and create your own wiki with your OpenID. Zooomr is a photo-sharing site that will not only let you log in with OpenID, but will let you auto-register at the site based on information in your VeriSign PIP profile. The Zooomr sign up process is quick, easy, and based on a profile you control. OpenID is already enabled in MovableType 3.2, and plugins for Wordpress and other blogging tools are either available now, or imminent.

What Is Our Goal?

At VeriSign Labs, we see an opportunity to do what we do best – develop and deploy “intelligent infrastructure” -- for the blogosphere, the Web2.0 community and beyond. In the past months, we've noticed the growing energy and consensus around universal identity in general, and OpenID specifically. In addition to the pioneering applications that are available now for use with OpenID, there are a lot of exciting applications in the pipeline, from a wide variety of companies and developers.

The VeriSign PIP is a free service. So what's in it for us? We believe that providing free, quality infrastructure for the OpenID-enabled community – identity services that are friendly, secure and user-empowering – will help create an environment in which a rich variety of applications and services will appear and prosper. As this ecosystem evolves and matures, the free, basic services offered by the VeriSign PIP and other OpenID servers will be able to enable more complex trust relationships and higher value transactions. There's a need now for basic functions that will improve the quality of the blogosphere: authenticated blog comments, open reputation systems, personalized tagging, social media filtering, etc. Over time, as the installed base of enabled users grows and the application set available for OpenID-equipped users broadens and deepens, the VeriSign PIP will be able to validate credentials and claims for it users that facilitate “heavy duty” transactions: blog based auctions and payments, age-based verification for dating and social websites, verified residency for surveys, polls and voting, etc. In some cases, the credentials and claims VeriSign provides for its users will be a fee to the user. In other cases, the subscribing applications will pay us a fee for qualifying and enabling users to participate and transact in a trusted, reliable context.

Whats Next?

The goal of enabling user-centric identity is becoming more of a reality every day. But significant challenges remain; getting enough users and enabled applications spun up so that the ecosystem reaches critical mass is going to take a lot of work. We aren't application providers – we're all about infrastructure. What we can provide , and are providing, is a solid, safe, friendly resource for equipping users for the OpenID ecosystem. The VeriSign PIP is being opened up for use as a public beta now as a way to help encourage and accelerate development of OpenID-enabled applications and services.

The VeriSign PIP is not complete, by any means. As of this release, it's a good resource for getting an OpenID you can use and login to other sites with. The PIP provides a way to enter a lot of additional information to be stored in your profile, and some basic tools to organize and manage it. Applications that provide rich integration with the user's profile information are just coming available – they need identity servers like the VeriSign PIP to be available to make things work. I'll point these applications out here and discuss how they work as they are made available over the next weeks and months.

The VeriSign PIP joins a number of other OpenID servers that are available now to facilitate OpenID authentication. The next big step forward for the VeriSign PIP will be to provide smooth auto-registration and trusted profile exchange between users and applications. If you are interested in establishing your own online identity – one that you control, and one that works with an ever-increasing array of Web2.0 apps – I hope you'll check out the VeriSign PIP, and give it a try. If you are an application provider, we're taking our first steps on the infrastructure side of things, and hope that our service will become a enabling resource for your OpenID-enabled applications.

Resources

• The VeriSign PIP FAQ

• OpenIDEnabled.com – all sorts of good information about OpenID specs, servers, software and applications

• OpenID.net – the original and authoritative site for the OpenID specification

• YADIS.org – the discovery protocol used with OpenID

   

Posted by Michael Graves at 11:06 PM | Permalink | Comments (0)

I was at Internet Identity Workshop 2006 last week, and because it is a conference focused solely on the subject of identity, it served as a good opportunity to take stock of the situation. To be sure, a lot of progress has been made in the last year; if I have my facts right, YADIS – the lightweight discovery protocol for specifying capabilities for URLs – was conceived at last years IIW and has made it all the way to a 1.0 specification this spring. The ecosystem has come a long way towards the issue of identity in the past year too.

At Esther Dyson’s PCForum in Carlsbad, CA last month, the theme for the conference was “Erosion of Power: Users in Charge”. As with all forward-looking conferences there’s always an element of wishful thinking and projection in the conference themes. From the myriad conversations I’ve had at PCForum, IIW2006, and everywhere else in the past few months however, the idea of universal identity – names, attributes and policies managed by the users themselves instead of as part of someone else’s application – has clearly emerged from ubergeek fascination to an industry opportunity to improve both user experiences and application quality for the Internet services.

What’s the Big Idea, Again?

The rationale behind universal identity is that traditional web applications – “walled gardens” that implement a robust user profile system – are:

• complex to build
• a headache for users to register for and use
• “one-off” implementations that are generally unable to interoperate with other applications

As a result, Internet applications either need to be sufficiently large and commercially robust to support the implementation of a user profile system, or the application needs to avoid user identity altogether.  So we end up with a relatively small number of big applications like Amazon.com that implement a full user management system on one end, and a lot of “anonymous” applications like del.icio.us on the other end of the spectrum.  There are applications in the “middle class” – applications which incorporate user identity in a lightweight way, but these applications end up investing an inordinate amount of resources into user profiles, at the expense of focusing on the value the application is supposed to provide.

Universal identity affords the application developer a “plugin API” for managing users in an Internet application. Given a set of open, free identity standards and protocols, and the available infrastructure to support them, applications can integrate user identity and profile information in a way that is:

• much simpler to build than building it yourself
• familiar and easy for users when registering with the application
• interoperable with other applications – for free

Applications can harness the open APIs for universal identity, and quickly add the features and functionality needed to support user preferences and policy. In addition to incorporating user management into the application in a “component” fashion that eliminates the need to write it from scratch, the open APIs enable all enabled users in the ecosystem to quickly and easily register for the application. Over time, these APIs will provide an easy “on-ramp” for millions of equipped users who have IDs ready for use with applications that support the APIs.

Making It Happen

While the value proposition for universal identity has been largely accepted in the ecosystem now, there are significant obstacles to overcome. It’s a classic “double threshold” problem. On one hand if there aren’t sufficient applications that support universal identity, users won’t be motivated to sign up and configure their identities. On the other hand, if there aren’t enough enabled users in the system, application developers will have a hard time seeing the benefit of integrating with universal identity APIs, no matter how convenient they may be,

At VeriSign, we concentrate on delivering services that represent “intelligent infrastructure”.  In this space, we believe that one of the ways to help the ecosystem break out of the double threshold problem is to offer services and enabling infrastructure that will help bootstrap both the application and user community.  In talking with partners, customers, and stakeholders in the identity community, we’ve identified three resources that are needed to jumpstart the ecosystem for universal identity:

1. An open, lightweight, comprehensive API for integrating with universal identity applications and service providers
2. Available libraries and tools that implement the API in popular web development languages and frameworks
3. An identity service that can serve as a solid, secure home base for users who want to create and manage their own online identities and profiles.

VeriSign has been working on all three of these items, and I’ll be announcing and discussing details of our efforts here in the coming days and weeks.

“The Bang?”

At conferences like IIW2006 and in forums, lists and discussions on this topic, the idea of the “Identity Big Bang” has emerged as a reference to the idea that once universal identity does reach critical mass, it will quickly begin to realize network efficiencies, according to Metcalf’s Law. Each new enabled user and application adds value to the ecosystem geometrically,  as opposed to linearly.   In a relatively short time, we might expect to see very broad adoption and integration with universal identity systems – a “big bang” that will unleash a whole new generation of applications, enabled and empowered by an common pool of users. For users, this “big bang” represents an important change in the balance of power between user and application. If universal identity becomes pervasive, users will be in control in a way they previously haven’t been; users will be empowered as “sellers” of their participation, which may include providing applications with basic personal information, demographic attributes, click stream and attention stream data, and tagging/reputation metadata.

Once a common practice and platform for universal identity is in place, applications that incorporate it won’t just benefit from easy registration. Applications that build on top of universal identity can be easily integrated as well: tagging, reputation, payment, professional qualification, social linking and a variety of other features can be overlaid on top of your application with minimal effort.

Will that produce a “big bang” – an explosion of innovation in internet applications? It’s easy to identify an element of hype in this phrasing – even on the Internet, the ecosystem doesn’t change overnight. However, although there’s a lot of hard work ahead for the providers in this space to get universal identity catalyzed, there’s good reason to see that it can and will introduce important new types of applications, transactions and online relationships.