Earlier this month, in the Q&A following my Managing Technology 2.0 presentation at the NTC, I was asked how OpenID would impact organizational data management issues. I was somewhat familiar with OpenID, in it that I knew that it was a proposed standard for single sign-on and identity management on the net, but I hadn’t paid a lot of attention and I think my answer, that it would make verifying user data easier for non-profits, might have been way off target. So, to clear it up, I did some research.
The “I’m feeling lucky” response from a Google search for “Open ID” is the very informative home of the project, OpenID.net. This site does a great job – it is largely an extremely geek-speak affair, but it starts off in very plain english. The proposed standard is that every person, just like every web site, can have a URL of their own that is their open ID. Along with the ID, they will have an identity provider that serves as the home for that ID, and provides the authentication service. With the standard in place, it would work like this:
- You connect to a service (“consumer“) that supports Open ID.
- You input your URL in the Open ID login field.
- The consumer redirects you to your identity provider (the target of your url),a nd they prompt you for your password.
- The identify provider then sends back a “yea” or “nay” based on whether you successfully authenticated (this works very much like a credit card authorization).
A few nice details about the specification:
- You can be your own identity provider if you have the resources.
- Open ID login fields will have a graphical identifier:
The two clear advantages of OpenID, from a net user perspective, are:
- Single sign-on. No more long lists of passwords for myriad web sites or, worse, as we know many of our loved ones do, single passwords being used at dozens of sites.
- Privacy – no need to provide passwords or email addresses to services in order to authenticate.
Microsoft’s Passport service was the biggest stab at identity management on the net to date, but it suffered from the initial premise that you should trust a convicted monopolist to manage your identity, and then from some serious security flaws.
So what does this mean for non-profits? Well, unless I’m missing something, it’s possibly a threat, and it will probably put orgs in a bit of a catch 22. Like most companies, you want to capture contact data from your web visitors. It’s key to your CRM strategies. Supporting Open ID removes the most compelling reason for them to give you that info – access to your interactive web services that require authentication. You’re going to have to beef up the begs and rewards for sharing more data if you support it. But, if you don’t support it, and it becomes a widely-spread standard, you’re going to look unethical.
I do think that additional trends and standards will grow around the personal URLs. I can’t see why they wouldn’t grow into Plaxo-like contact pages, to a small degree. But I doubt people are going to standardly publish addresses, phone numbers, etc, for the same reasons why you would hesitate do that on MySpace or Yahoo!. OpenID will not be a contact verification standard – it’s an authentication standard. Like a lot of things that threaten our marketing efforts, we’ll probably all really appreciate it, at least when we’re not in the office.