Jeremy Frumkin wrote:
> Ok, so this is a good example for where Iım failing to see the advantage to
> OpenID over the current local authentication provided by a university /
> library.
As Nathan explains, to identify your link resolver(s) to a particular
database (or 'source') you are using.  How can a foreign third party
(vended or free) database use your local authentication login? Instead,
what they use currently is IP address.

Which is broken in several ways anyone who has worked with
IP-address-as-identity, common for authentication in our current
environments, has realized. IP address is not identity. Several people
(with different institutional affiliation/licenses held/link resolvers
used) may share an IP address, and one person may have several IP
addresses. IP address to people is a many to many mapping, and thus is
horribly broken for identification and authentication, and leads to all
sorts of problems many of us must continually try to work around, not
very succesfully.


> Why would I need to use OpenID as opposed to my current account
> that my library provides me? As I understand the current OpenURL workflow,
> OpenURL doesnıt do anything with authentication / authorization ­ that
> happens at the information source or at the institutionıs proxy server.
> Again, OpenID doesnıt say anything about trust; it only speaks to
> authenticating that I am the owner of my OpenID URI.
> Iım truly trying to play devilıs advocate here; I believe that OpenID is a
> step in the right direction, and we even have plans for adding OpenID
> support in LibraryFind. Iım really trying to tease out where the added-value
> is ­ and how it might best link up to trust systems.
> All that being said, Iım still good for that beer, Nate. :-)
> -- jaf
> On 3/23/07 9:20 AM, "Nathan Vack" <[log in to unmask]> wrote:
>> On Mar 22, 2007, at 10:51 PM, Jeremy Frumkin wrote:
>>>> It isnıt clear to me that there is enough added value to libraries
>>>> at this point to adopt OpenID ­ of course, Iıd be glad to buy
>>>> someone a beer if they provide a use case to convince me otherwise ;-)
>> OK, I'll bite:
>> * We build a registry mapping OpenID providers to OpenURL resolvers.
>> * A user comes to our tool for finding licensed material (eg, a
>> LibraryFind implementation)
>> * If (by IP, OCLC's link resolver) we know the OpenURL resolver,
>> rewrite URLs to point at that resolver.
>> * Otherwise, we punt to an OpenID login form, and look them up in the
>> OpenID -> Resolver registry, and use that resolver when rewriting links.
>> Now, anyone whose institution has both has an OpenURL resolver and
>> provides OpenIDs can use our tool, without making any interaction
>> with us.
>> The really nice thing is that (at least for us) the OpenID resolver
>> handles trust issues, proxying requests if necessary. The resolver
>> doesn't need to be OpenID-aware -- though it would make for a nicer
>> experience.
>> Cheers,
>> -Nate
> ===============================================
> Jeremy Frumkin
> The Gray Chair for Innovative Library Services
> 121 The Valley Library, Oregon State University
> Corvallis OR 97331-4501
> [log in to unmask]
> 541.737.9928
> 541.737.3453 (Fax)
> 541.230.4483 (Cell)
> ===============================================
> " Without ambition one starts nothing. Without work one finishes nothing. "
> - Emerson

Jonathan Rochkind
Sr. Programmer/Analyst
The Sheridan Libraries
Johns Hopkins University
rochkind (at)