OpenID Tiered Providers
Issue/Topic: OpenID Tiered Providers
Convener: Mark Cross
Session: 1E
Conference: IIW-Europe October 11, London Complete Notes Page
Notes-taker(s): Mark Cross
Tags for the session - technology discussed/ideas considered:
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
Background
I was interested to know other people's thoughts on the requirement for a private middle tier OpenID provider (Tier two), although there others, as I have fully narrated my thoughts below. On the session day I wrote them up on the board the wrong way around and only listed three, but they should have perhaps been structured thus:
Tier One
Government, Banks & Telcos
Good SLAs, trust relationship with customers for some tasks and high bar set against fraud.
Suitable for digital signatures in the future, as certification will be affordable for these institutions.
Tier Two
Private institutions
Good SLAs, trust relationship with customers for some tasks – which may require anonymity and also have a high bar set against fraud.
Suitable for digital signatures in the future, if the Identity Provider can obtain certification.
Could be used for signing content and embedding your OpenID URI into your published papers, this then allows people in the future to trace your current working location etc. Only a government issued OpenID could remain fixed, and relatively easily allow for someone to change their persona identity. IE Change their name.
Tier Three
Private individuals
SLA is as good as their setup, trust is not an issue
They will have a particular marketplace in relation to Darknets and future private digital money. For example, the Tonido platform running the Ripple Money Protocol over a Darknet would be particular interesting...
Tier Four
The traditional .com publishers, AOL, Google, Yahoo! Etc
Good SLAs, zero trust from customers regarding trading profile information to advertisers etc. Identity maybe anonymous to the institutions that could choose to accept them.
Audience feedback from the session
Denmark have nemID backed by their government and banks. See this person basic appraisal for more information http://tinyurl.com/2ctz9md
“Spain have an id card, but not an on-line one, and the Spanish pubic don't see why they should use it.” was stated by a person at the session.
When I raised the topic of demand for a tier two provider, because of usefulness of digital signing for activities like property conveyancing, car ownership transfers etc, a member of the panel directly involved in the commercial identity sector pointed out the issues brought about by low frequency of usage. Although he could foresee a reason of Tier two OpenID providers for certain closed communities. Frequency of usage also came up again in my second session gathering feelings on how OpenID could be marketed better to the general Internet public.
No mention of private user data (personal data stores) was raised or discussed.