Back in January on NGC4LIB I proposed doing this, a universal ID system to
use when browsing, using the FOAF structure. I got back answers that told
me they were not getting the concept. This discussion on OpenID is very
interesting and I hope this can be made to work.
Steven C. Perkins
On 3/26/07, Jonathan Rochkind <[log in to unmask]> wrote:
>
> >Right, except OpenID isnıt going to do this; there needs to be an
> > infrastructure in place where OpenID (or some other standard persistent
> > identifying system) can sit on top of, and thatıs still the big problem.
>
> Right, that's exactly what Nathan's original post suggested. Are we
> reading the same original post?
>
> But yes, this infrastructure is the real issue, whether is uses OpenID
> or Shibboleth, or something else. But it ought to use _some_ "universal
> single sign-on" method.
>
> I suggested that the OCLC Registry would be the logical house for this
> infrastructure, as its' already 75% of the way there. I think OCLC
> Registry is the... um, I've lost my metaphor. The thing that will wag
> the dog's tail. But you still need a way for individuals to log in. I
> suppose it could just be an OCLC-provided account. If OCLC implements
> OpenID for their Registry, after adding a feature for _individual_
> registrations (individuals expressiong associations with the
> institutional registrations already there), then that's the way to wag
> the, um, dog.
>
> Jonathan
>
> Jeremy Frumkin wrote:
> > On 3/26/07 6:35 AM, "Jonathan Rochkind" <[log in to unmask]> wrote:
> >
> >
> >> Jeremy Frumkin wrote:
> >>
> >>>> Ok, so this is a good example for where Iım failing to see the
> advantage to
> >>>> OpenID over the current local authentication provided by a university
> /
> >>>> library.
> >>>>
> >> As Nathan explains, to identify your link resolver(s) to a particular
> >> database (or 'source') you are using. How can a foreign third party
> >> (vended or free) database use your local authentication login? Instead,
> >> what they use currently is IP address.
> >>
> >> Which is broken in several ways anyone who has worked with
> >> IP-address-as-identity, common for authentication in our current
> >> environments, has realized. IP address is not identity. Several people
> >> (with different institutional affiliation/licenses held/link resolvers
> >> used) may share an IP address, and one person may have several IP
> >> addresses. IP address to people is a many to many mapping, and thus is
> >> horribly broken for identification and authentication, and leads to all
> >> sorts of problems many of us must continually try to work around, not
> >> very succesfully.
> >>
> >
> > -------
> >
> > Right, except OpenID isnıt going to do this; there needs to be an
> > infrastructure in place where OpenID (or some other standard persistent
> > identifying system) can sit on top of, and thatıs still the big problem.
> > Now, maybe the tail will wag the dog, and OpenID will lead to efforts to
> > build underlying trust infrastructure, but at the moment, that
> > infrastructure does not exist. The easiest way to implement that
> > infrastructure probably would be for every institution that might adopt
> > OpenID to also become an OpenID provider, but then, unless there is a
> > standard mechanism for linking one OpenID to another in a secure manner,
> > weıre back at having multiple OpenIDs depending on our context. I
> completely
> > agree that IP-based authentication is not the long-term answer; maybe
> there
> > is a path, however, to applying OpenID over our current IP-based auth /
> > proxy servers in a manner that does add user-side value. As Nathan
> stated in
> > an earlier email, the one big advantage OpenID has right now is that it
> is
> > easy to start playing with, and maybe thatıs enough to start the
> wagging.
> >
> > -- jaf
> >
> > ===============================================
> > Jeremy Frumkin
> > The Gray Chair for Innovative Library Services
> > 121 The Valley Library, Oregon State University
> > Corvallis OR 97331-4501
> >
> > [log in to unmask]
> >
> > 541.737.9928
> > 541.737.3453 (Fax)
> > 541.230.4483 (Cell)
> > ===============================================
> > " Without ambition one starts nothing. Without work one finishes
> nothing. "
> > - Emerson
> >
> >
>
> --
> Jonathan Rochkind
> Sr. Programmer/Analyst
> The Sheridan Libraries
> Johns Hopkins University
> 410.516.8886
> rochkind (at) jhu.edu
>
|