Main

Been a Busy Two Weeks!

Not too long ago I learned from my colleges in our Japanese office about things happening around OpenID in Asia. Working with Kentaro Sakamoto-san from VeriSign Japan, I managed to setup a trip coinciding with the ITU-T's Focus Group on Identity Management meeting, to Tokyo and Seoul. Working with Sakamoto-san and Andy Song from AhnLab, who I met at Web 2.0 Expo this year, we managed to setup a great trip where I spent about a week in Tokyo and 22 hours in Seoul. I had a lot of great meetings in Tokyo and in Seoul AhnLab hosted a wonderful half-day OpenID session. Slides from that are up on SlideShare at http://www.slideshare.net/daveman692/open-id-overview-seoul-july-2007 Thanks again to Sakamoto-san, everyone at VeriSign Japan, and Andy for being terrific hosts.

Last Saturday, we completed the upgrade of our Personal Identity Provider. All accounts have been automatically upgraded and the URL is the same at http://pip.verisignlabs.com. We definitely encourage everyone to come try it out as we believe it is the best OpenID Provider in existence! Not only does it have all of the features from the PIP we launched last May, but adds support for OpenID 2.0, the ability to manage multiple identities within one PIP account, integration with strong authentication via our VeriSign Identity Protection network, Information Card support as one way to help protect against phishing attacks, and our SeatBelt Firefox add-on which works with a variety of OpenID Providers.

This week I'm up in Portland OR at O'Reilly's Open Source Convention. Tuesday morning, Simon Willison and I gave a three-hour OpenID Bootcamp tutorial where we dove into many different aspects of OpenID from a basic introduction, to security concerns and solutions, to implementation details. Slides from the tutorial are also up on SlideShare at http://www.slideshare.net/daveman692/openid-bootcamp-tutorial. In the afternoon, Simon and I joined Tim O'Reilly during his Radar Executive Briefing where we gave an update on OpenID and discussed why as he said, "OpenID is taking the world by storm".

Ending the day Tuesday, I was awarded a Google-O'Reilly Open Source award which I posted more about on my personal blog. The award I won was for Best Strategist which refers to the work I've done over this past year at VeriSign within the wider OpenID community. Am certainly really honored to have been recognized, though am guessing I now need to work on raising my hacker geek cred again. :P

07/26/07 | permalink | comments [0] | trackbacks [0]

Updating the PIP

• Completely redesigned interface to make the PIP easier to use
• Support for OpenID 1.1 and 2.0
• Ability to create multiple identities managed from within a single user account
• New "tag based" profile data management interface making it easier to view and sort all of your profile data
• Ability to download managed Information Cards for each of your created identities to use with technology such as Microsoft's Cardspace
• Strong authentication support via second-factor credentials from the VeriSign Identity Protection network, along with the ability to have a one-time PIN sent via SMS or email if you've forgotten your credential
• Phishing-resistant logins using both VIP credentials and managed Information Cards
• Full activity logging so you can have a complete picture of where you've used your identities
• Integration with our own "OpenID SeatBelt" FireFox add-on to provide additional convenience and security protections when using OpenID identities from the PIP, AOL, Xlogon and MyOpenID.com

06/27/07 | permalink | comments [0] | trackbacks [0]

VeriSign, Microsoft & Partners to Work together on OpenID + Cardspace

Microsoft to Work With the OpenID Community, Collaborating With JanRain, Sxip, and VeriSign

JanRain, Microsoft, Sxip, and VeriSign will collaborate on interoperability between OpenID and Windows CardSpace(TM) to make the Internet safer and easier to use. Specifically:

• As part of OpenID's security architecture, OpenID will be extended to allow relying parties to explicitly request and be informed of the use of phishing-resistant credentials.
• Microsoft recognizes the growth of the OpenID community and believes OpenID plays a significant role in the Internet identity infrastructure. Kim Cameron, Chief Architect of Identity at Microsoft, will work with the OpenID community on authentication and anti-phishing.
• JanRain, Sxip, and VeriSign recognize that Information Cards provide significant anti-phishing, privacy, and convenience benefits to users. Information Cards, based on the open WS-Trust standard, are available though Windows CardSpace™.
• JanRain and Sxip, leading providers of open source code libraries for blogging and web sites, are announcing they will add support for the Information Cards to their OpenID code bases.
• JanRain, Sxip and VeriSign plan to add Information Card support to future identity solutions.
• Microsoft plans to support OpenID in future Identity server products.

The four companies have agreed to work together on a "Using Information Cards with OpenID" profile that will make it possible for other developers and service providers to take advantage of these technology advancements.

Dick Hardt, Sxip Identity
Kim Cameron, Microsoft
Michael Graves, VeriSign
Scott Kveton, JanRain

See related posts on this subject:

• Kim's Cameron's post at Identity Blog
• Scott Kveton's post at his blog
• Dick Hardt's post over at Sxip
• Johannes Ernst's Comments on this a NetMesh

02/06/07 | permalink | comments [0] | trackbacks [0]

Introducing Kiran Dandekar

I'm happy to welcome my VeriSign colleage Kiran Dandekar to the Infrablog. Kiran's working with me on the team here that is building infrastructure and tools around open identity. He's become increasingly central on our team and visible in the community in building technical consensus and business momemtum around OpenID and our Personal Information Provider. We'll be adding a handful of team members to the Infrablog in the next few weeks.

Kiran's just your run-of-the-mill-MIT-PhD Boston Red Sox fan and family man. He previously did some cool stuff over at MicroStrategy before coming to VeriSign a couple years ago to help build our supply chain business.

Welcome Kiran!

06/19/06 | permalink | comments [0] | trackbacks [0]

Introducing the VeriSign Personal Identity Provider (PIP)

You're invited to visit and try out a beta version of an identity service we've provided. It's called the VeriSign Personal Identity Provider (“PIP” for short), and you can find it at http://pip.verisignlabs.com. The VeriSign PIP is designed to provide a “home base” for users who want use OpenID applications. Users who register with the VeriSign PIP get an OpenID – a URL they can use to login and authenticate at sites that accept OpenID. In addition, the VeriSign PIP lets you store profile information, and control how, when and with whom that information can be shared.

What Can I Do With The VeriSign PIP?

When you register at the VeriSign PIP, your user name is used to generate a unique URL for your profile. My username is “mgraves”, so my OpenID is “http://mgraves.pip.verisignlabs.com”. Now when you go to a site that supports OpenID, you can provide your OpenID, and use it instead of having to register separately for each site. For example, if you're reading a blog at LiveJournal.com, and want to leave a comment, you can go register for an account at LiveJournal, or just use your OpenID. Enter your OpenID URL, and the LiveJournal will authenticate you with the VeriSign PIP (or any other compatible OpenID server).

You can go to http://www.schtuff.com and create your own wiki with your OpenID. Zooomr is a photo-sharing site that will not only let you log in with OpenID, but will let you auto-register at the site based on information in your VeriSign PIP profile. The Zooomr sign up process is quick, easy, and based on a profile you control. OpenID is already enabled in MovableType 3.2, and plugins for Wordpress and other blogging tools are either available now, or imminent.

What Is Our Goal?

At VeriSign Labs, we see an opportunity to do what we do best – develop and deploy “intelligent infrastructure” -- for the blogosphere, the Web2.0 community and beyond. In the past months, we've noticed the growing energy and consensus around universal identity in general, and OpenID specifically. In addition to the pioneering applications that are available now for use with OpenID, there are a lot of exciting applications in the pipeline, from a wide variety of companies and developers.

The VeriSign PIP is a free service. So what's in it for us? We believe that providing free, quality infrastructure for the OpenID-enabled community – identity services that are friendly, secure and user-empowering – will help create an environment in which a rich variety of applications and services will appear and prosper. As this ecosystem evolves and matures, the free, basic services offered by the VeriSign PIP and other OpenID servers will be able to enable more complex trust relationships and higher value transactions. There's a need now for basic functions that will improve the quality of the blogosphere: authenticated blog comments, open reputation systems, personalized tagging, social media filtering, etc. Over time, as the installed base of enabled users grows and the application set available for OpenID-equipped users broadens and deepens, the VeriSign PIP will be able to validate credentials and claims for it users that facilitate “heavy duty” transactions: blog based auctions and payments, age-based verification for dating and social websites, verified residency for surveys, polls and voting, etc. In some cases, the credentials and claims VeriSign provides for its users will be a fee to the user. In other cases, the subscribing applications will pay us a fee for qualifying and enabling users to participate and transact in a trusted, reliable context.

Whats Next?

The goal of enabling user-centric identity is becoming more of a reality every day. But significant challenges remain; getting enough users and enabled applications spun up so that the ecosystem reaches critical mass is going to take a lot of work. We aren't application providers – we're all about infrastructure. What we can provide , and are providing, is a solid, safe, friendly resource for equipping users for the OpenID ecosystem. The VeriSign PIP is being opened up for use as a public beta now as a way to help encourage and accelerate development of OpenID-enabled applications and services.

The VeriSign PIP is not complete, by any means. As of this release, it's a good resource for getting an OpenID you can use and login to other sites with. The PIP provides a way to enter a lot of additional information to be stored in your profile, and some basic tools to organize and manage it. Applications that provide rich integration with the user's profile information are just coming available – they need identity servers like the VeriSign PIP to be available to make things work. I'll point these applications out here and discuss how they work as they are made available over the next weeks and months.

The VeriSign PIP joins a number of other OpenID servers that are available now to facilitate OpenID authentication. The next big step forward for the VeriSign PIP will be to provide smooth auto-registration and trusted profile exchange between users and applications. If you are interested in establishing your own online identity – one that you control, and one that works with an ever-increasing array of Web2.0 apps – I hope you'll check out the VeriSign PIP, and give it a try. If you are an application provider, we're taking our first steps on the infrastructure side of things, and hope that our service will become a enabling resource for your OpenID-enabled applications.

Resources

• The VeriSign PIP FAQ

• OpenIDEnabled.com – all sorts of good information about OpenID specs, servers, software and applications

• OpenID.net – the original and authoritative site for the OpenID specification

• YADIS.org – the discovery protocol used with OpenID

   

05/16/06 | permalink | comments [0] | trackbacks [0]

Working Toward the Bang

I was at Internet Identity Workshop 2006 last week, and because it is a conference focused solely on the subject of identity, it served as a good opportunity to take stock of the situation. To be sure, a lot of progress has been made in the last year; if I have my facts right, YADIS – the lightweight discovery protocol for specifying capabilities for URLs – was conceived at last years IIW and has made it all the way to a 1.0 specification this spring. The ecosystem has come a long way towards the issue of identity in the past year too.

At Esther Dyson’s PCForum in Carlsbad, CA last month, the theme for the conference was “Erosion of Power: Users in Charge”. As with all forward-looking conferences there’s always an element of wishful thinking and projection in the conference themes. From the myriad conversations I’ve had at PCForum, IIW2006, and everywhere else in the past few months however, the idea of universal identity – names, attributes and policies managed by the users themselves instead of as part of someone else’s application – has clearly emerged from ubergeek fascination to an industry opportunity to improve both user experiences and application quality for the Internet services.

What’s the Big Idea, Again?

The rationale behind universal identity is that traditional web applications – “walled gardens” that implement a robust user profile system – are:

• complex to build
• a headache for users to register for and use
• “one-off” implementations that are generally unable to interoperate with other applications

As a result, Internet applications either need to be sufficiently large and commercially robust to support the implementation of a user profile system, or the application needs to avoid user identity altogether.  So we end up with a relatively small number of big applications like Amazon.com that implement a full user management system on one end, and a lot of “anonymous” applications like del.icio.us on the other end of the spectrum.  There are applications in the “middle class” – applications which incorporate user identity in a lightweight way, but these applications end up investing an inordinate amount of resources into user profiles, at the expense of focusing on the value the application is supposed to provide.

Universal identity affords the application developer a “plugin API” for managing users in an Internet application. Given a set of open, free identity standards and protocols, and the available infrastructure to support them, applications can integrate user identity and profile information in a way that is:

• much simpler to build than building it yourself
• familiar and easy for users when registering with the application
• interoperable with other applications – for free

Applications can harness the open APIs for universal identity, and quickly add the features and functionality needed to support user preferences and policy. In addition to incorporating user management into the application in a “component” fashion that eliminates the need to write it from scratch, the open APIs enable all enabled users in the ecosystem to quickly and easily register for the application. Over time, these APIs will provide an easy “on-ramp” for millions of equipped users who have IDs ready for use with applications that support the APIs.

Making It Happen

While the value proposition for universal identity has been largely accepted in the ecosystem now, there are significant obstacles to overcome. It’s a classic “double threshold” problem. On one hand if there aren’t sufficient applications that support universal identity, users won’t be motivated to sign up and configure their identities. On the other hand, if there aren’t enough enabled users in the system, application developers will have a hard time seeing the benefit of integrating with universal identity APIs, no matter how convenient they may be,

At VeriSign, we concentrate on delivering services that represent “intelligent infrastructure”.  In this space, we believe that one of the ways to help the ecosystem break out of the double threshold problem is to offer services and enabling infrastructure that will help bootstrap both the application and user community.  In talking with partners, customers, and stakeholders in the identity community, we’ve identified three resources that are needed to jumpstart the ecosystem for universal identity:

1. An open, lightweight, comprehensive API for integrating with universal identity applications and service providers
2. Available libraries and tools that implement the API in popular web development languages and frameworks
3. An identity service that can serve as a solid, secure home base for users who want to create and manage their own online identities and profiles.

VeriSign has been working on all three of these items, and I’ll be announcing and discussing details of our efforts here in the coming days and weeks.

“The Bang?”

At conferences like IIW2006 and in forums, lists and discussions on this topic, the idea of the “Identity Big Bang” has emerged as a reference to the idea that once universal identity does reach critical mass, it will quickly begin to realize network efficiencies, according to Metcalf’s Law. Each new enabled user and application adds value to the ecosystem geometrically,  as opposed to linearly.   In a relatively short time, we might expect to see very broad adoption and integration with universal identity systems – a “big bang” that will unleash a whole new generation of applications, enabled and empowered by an common pool of users. For users, this “big bang” represents an important change in the balance of power between user and application. If universal identity becomes pervasive, users will be in control in a way they previously haven’t been; users will be empowered as “sellers” of their participation, which may include providing applications with basic personal information, demographic attributes, click stream and attention stream data, and tagging/reputation metadata.

Once a common practice and platform for universal identity is in place, applications that incorporate it won’t just benefit from easy registration. Applications that build on top of universal identity can be easily integrated as well: tagging, reputation, payment, professional qualification, social linking and a variety of other features can be overlaid on top of your application with minimal effort.

Will that produce a “big bang” – an explosion of innovation in internet applications? It’s easy to identify an element of hype in this phrasing – even on the Internet, the ecosystem doesn’t change overnight. However, although there’s a lot of hard work ahead for the providers in this space to get universal identity catalyzed, there’s good reason to see that it can and will introduce important new types of applications, transactions and online relationships.