Back in January on NGC4LIB I proposed doing this, a universal ID system to use when browsing, using the FOAF structure. I got back answers that told me they were not getting the concept. This discussion on OpenID is very interesting and I hope this can be made to work. Steven C. Perkins On 3/26/07, Jonathan Rochkind <[log in to unmask]> wrote: > > >Right, except OpenID isnıt going to do this; there needs to be an > > infrastructure in place where OpenID (or some other standard persistent > > identifying system) can sit on top of, and thatıs still the big problem. > > Right, that's exactly what Nathan's original post suggested. Are we > reading the same original post? > > But yes, this infrastructure is the real issue, whether is uses OpenID > or Shibboleth, or something else. But it ought to use _some_ "universal > single sign-on" method. > > I suggested that the OCLC Registry would be the logical house for this > infrastructure, as its' already 75% of the way there. I think OCLC > Registry is the... um, I've lost my metaphor. The thing that will wag > the dog's tail. But you still need a way for individuals to log in. I > suppose it could just be an OCLC-provided account. If OCLC implements > OpenID for their Registry, after adding a feature for _individual_ > registrations (individuals expressiong associations with the > institutional registrations already there), then that's the way to wag > the, um, dog. > > Jonathan > > Jeremy Frumkin wrote: > > On 3/26/07 6:35 AM, "Jonathan Rochkind" <[log in to unmask]> wrote: > > > > > >> Jeremy Frumkin wrote: > >> > >>>> Ok, so this is a good example for where Iım failing to see the > advantage to > >>>> OpenID over the current local authentication provided by a university > / > >>>> library. > >>>> > >> As Nathan explains, to identify your link resolver(s) to a particular > >> database (or 'source') you are using. How can a foreign third party > >> (vended or free) database use your local authentication login? Instead, > >> what they use currently is IP address. > >> > >> Which is broken in several ways anyone who has worked with > >> IP-address-as-identity, common for authentication in our current > >> environments, has realized. IP address is not identity. Several people > >> (with different institutional affiliation/licenses held/link resolvers > >> used) may share an IP address, and one person may have several IP > >> addresses. IP address to people is a many to many mapping, and thus is > >> horribly broken for identification and authentication, and leads to all > >> sorts of problems many of us must continually try to work around, not > >> very succesfully. > >> > > > > ------- > > > > Right, except OpenID isnıt going to do this; there needs to be an > > infrastructure in place where OpenID (or some other standard persistent > > identifying system) can sit on top of, and thatıs still the big problem. > > Now, maybe the tail will wag the dog, and OpenID will lead to efforts to > > build underlying trust infrastructure, but at the moment, that > > infrastructure does not exist. The easiest way to implement that > > infrastructure probably would be for every institution that might adopt > > OpenID to also become an OpenID provider, but then, unless there is a > > standard mechanism for linking one OpenID to another in a secure manner, > > weıre back at having multiple OpenIDs depending on our context. I > completely > > agree that IP-based authentication is not the long-term answer; maybe > there > > is a path, however, to applying OpenID over our current IP-based auth / > > proxy servers in a manner that does add user-side value. As Nathan > stated in > > an earlier email, the one big advantage OpenID has right now is that it > is > > easy to start playing with, and maybe thatıs enough to start the > wagging. > > > > -- jaf > > > > =============================================== > > Jeremy Frumkin > > The Gray Chair for Innovative Library Services > > 121 The Valley Library, Oregon State University > > Corvallis OR 97331-4501 > > > > [log in to unmask] > > > > 541.737.9928 > > 541.737.3453 (Fax) > > 541.230.4483 (Cell) > > =============================================== > > " Without ambition one starts nothing. Without work one finishes > nothing. " > > - Emerson > > > > > > -- > Jonathan Rochkind > Sr. Programmer/Analyst > The Sheridan Libraries > Johns Hopkins University > 410.516.8886 > rochkind (at) jhu.edu >