Why OpenID Standards Will Make Your Life Easier

Like most people, you've probably created accounts on dozens of Web sites. And for every new identity you create, you also have a corresponding username and password to keep track of - not to mention answers to secret questions for retrieving those usernames and passwords

Yet what if there were a way to create one account and use it across all of the Web sites you visit? That's the idea behind OpenID, an identification system in which a user's online identity can be verified by any server running the OpenID protocol. With OpenID-enabled sites - called identity providers or i-brokers - you don't need to create and manage a new account for every site; you only need to be able to authenticate via a single identifier.

Curious about what all of this open-identity business meant for nonprofits, I sought out self-titled Identity Woman Kaliya Hamlin, a freelance advocate for open standards in user-centric identity.

One Login, Many Identities

"User-centric digital identity," Hamlin said, "is all about giving the user a choice in how they present themselves to participate in community." The average Internet user, she told me, has logins with 8.6 different accounts, and many early adopters of new technologies have far more. One of the clearest advantages to an OpenID standard is having a single login that works across all participating sites.

Yet a single login does not have to mean a single profile. "These tools are not about people merging into one identity for themselves," Hamlin explained. An i-broker, she said, can help manage different profiles for different contexts: If you are signed in to an environmental Web site, for example, you might want to use a different user profile than you would for a work or family Web site. You might want to share different contact information or personal history with different groups. Depending on the context, certain profiles or personas would highlight different information about you, but all would be managed through a single identifier and account.

These identifiers can be managed online, and a new registry called i-names has been created to issue them, similar to the way domain names are issued on the Internet. These i-names include identifiers like "=Marshall" for individuals and "@NetSquared" for organizations. "I-names offer a bunch of i-services," Hamlin said. "Early on, they are limited to forwarding [your i-name to other contact info], but the range of offerings will grow as the ecology matures."

A Growing Movement Toward Open Standards

Although there are currently very few sites participating in OpenID standards, Hamlin said, the landscape is forming quickly. Organizations large and small are embracing the open identity movement, Hamlin says; for this reason, nonprofits should look into this new technology now, rather than struggling to change policies and technologies later.

Moreover, the ever-expanding social Web, or Web 2.0, is all about Web services, interactivity, and data portability - all of which concern nonprofits. In this context, OpenID standards will be increasingly important.

Be that as it may, I've always found discussions about identity confusing, in part because it seems like there are so many different organizations working on it. I've also had the impression that only starry-eyed geek idealists embraced the issue - and thus it could only be taken so seriously.

Hamlin told me that I was mistaken. There are a number of parties participating in the discussion, she said, but that's typical of the formative stages of any technology standard. In fact, some of the heaviest hitters in the tech industry - Microsoft, Oracle, and Sun - are working on identity standards, Hamlin told me. Furthermore, NeuStar, the same company that runs the North American telephone-number registry, also runs the i-names registry. If this convinced me that identity standards is a legitimate technology, a look at the entities (from MIT to Best Buy) participating in The Identity Gang - a group whose mission is to foster a user-centric identity "metasystem" - put to rest any lingering doubts.

I had thought that big vendors would consider it in their best interests to lock customers in to their systems with non-open identities, but Hamlin says that's no longer the case.

"They are all getting that identity is a 'commons' that no one can own," she said. "[Big vendors] are seeing the end of usefulness in approaching the world through silos. The whole corporate tech world is a big exercise in sticking things together; standards really make this less expensive."

How Nonprofits Can Join the Discussion

From keeping in touch with contacts to updating contact information to improving software's interoperability, there are countless reasons to support the widespread use of OpenID.

Moreover, if joining conversations about software development is a sound strategy for nonprofits, it makes sense to me that getting in early on conversations about the standards underlying that software would be an even smarter move.

So how can nonprofits get involved and learn more about OpenID? Hamlin told me that there is a bounty program in the works for setting up OpenID implementations in Drupal and Plone - two content management systems popular among nonprofits. Other places where nonprofits can learn more about OpenID are Hamlin's Identity Woman blog and the Identity Gang Web site.

Open identity standards promise to affect everyone who uses the Internet. Learning about them now is a way for nonprofits to get in at the ground floor - one login and password at a time.