Interesting News from the World of Identity

OpenID Busting Out
The news this week that Google, IBM and Verisign are looking to join the OpenID foundation could prove to be the last piece of the puzzle in the push to make OpenID mainstream. Reaction to the news has been overwhelmingly positive. But I am starting to get bothered by one thing. I recently read Johannes post about Flickr (owned by Yahoo) becoming an OpenID provider. This means that all Flickr users now have OpenIDs.

Isn’t the idea behind OpenID to get to the point where I have one identity for the internet. By my reckoning, in a few years, the number of OpenIDs I have will be in the low 30s, since every service I am signed up for wants to be my OpenID provider. It doesn’t matter if I only choose to use a few of those, the others are still out there, potentially open to abuse. I can configure whether my email service supports POP3 access or not. Shouldn’t I be able to do the same with regards to whether my account is turned into an OpenID?

The Social Graph need Context
Last week, I read with great interest the saga of Scoble’s facebook account. That led to a lot of discussion in the blogosphere about who owns the social graph, and how the social graph should be made part of an open initiative, freed from the silos (Facebook, Plaxo, MySpace, …) in which it is currently “imprisoned”. But there was something about this whole dialogue that unnerved me.

And then Burton’s Bob Blakely brought his usual rational voice to the discussion. The idea of the open social graph bothered me most because by its very nature it ignores the context within which my graph was created. As Bob points out, the relationships were created within the world of a particular application that supplied context and associated controls for those relationships. I have a social graph in LinkedIn and a social graph in Facebook. Do they overlap? For the most part, no. And I don’t want them to overlap either.

The idea that you can take my contact information from Facebook and move it to another application just because we have a relationship in Facebook is a violation of my privacy. It is no different than if people who I gave my business card to in the context of a particular business meeting decided to put all that information into some online application like MySpace. It just feels wrong. Relationship-Centric IdM anyone?

Oracle Hits The Identity and Security Road
And now for some Oracle news. For those interested in finding out more about where we are headed, Oracle is setting out on a 10-city roadshow to discuss key trends in information security, identity management, emerging standards, and technology advancements. Starting at the end of this month, Oracle experts will be joined by leading security analysts Gartner and Burton Group, along with other industry solutions experts. You can find out more about the Information Security Symposium here.