I happened to run across the video by Dick Hardt from Identity 2.0, where he describes what he feels it is. It’s an interesting thing to watch, and I highly recommend it. Even though it’s four years old, it gives you an idea of what they’re referring to, and where we need to get to.
The concept is pretty simple, although the implementation is proving to be very difficult. The concept is that you should be able to go to any site that requires personal information, and present a verified copy of it to them (much like presenting your drivers license or Photo ID when buying alcohol or other regulated goods). You should only have to create this “ID” one time, and it should be accepted by everyone else.
Right now, you’ve got OpenID, Facebook Connect, Myspace (which supports OpenID, LiveID, and usernames for nearly every website and business that you deal with online. And they’re not compatible with each other. Well, ok Facebook Connect and Live ID may become compatible, since Microsoft has a big stake in both of these (in other words owns them). And Myspace is an OpenID provider—even if they don’t recognize other OpenID’s right now. But you’re still stuck with at least two of them.
So, what needs to happen? I think it’s a three phase process.
Phase 1: The different providers (Facebook Connect, Open ID, Live ID, and whoever else is out there) need to come up with a standardized list of personal information that they expect. And they need to release API’s that will fill in this information and create the account for you. Along with this, they need to standardize what the ID will be (whether it’s an e-mail address, a link, a username, or anything else).
Phase 2: Someone needs to create a system where you sign up for an ID from them, and it automatically creates the ID’s at all of the current providers and stores them for you. This is basically what the whole concept was supposed to do for you.
Phase 3: You sign into the provider using the ID that you created, and when you visit a site where it requires your “ID”, your browser will automatically fill in the information based on whichever version the site requires.
On the non-Techie side of things, the Governments need to come up with a standard template for Identifications. No, I’m NOT talking about a National ID or a World ID. But, if you look at every ID from every State in the US (and possibly every country), certain things appear on all of them.. Your name, address, Date of Birth, and Expiration Date, and a picture.
What I’m saying is that there should be a template that shows where these particular items need to be placed on the ID. I don’t care whether the ID has other things or not, but it needs to have these things in specific places.
If this happens, then the “Single Sign-On” site could potentially verify your ID. You could scan a picture of your ID and send it in (much like some dating sites do for Photo verification). The site would retain the image ONLY long enough to scan it for the specific data that it needs for verification.
If someone else tries using your information to create another account, it should flag both accounts and require you to submit the Photo ID again. At this time, a live person will contact both issuing Agencies to verify the ID’s.
I know there are issues… People will say “But what’s stopping them from stealing my Identity?” Nothing. But nothings’ stopping Facebook from doing it either. The one thing that is important to know is, your scan of the ID will only be in their system for up to 24 hours.
“What happens if I move?” Well, since you’ll be signing in on a regular basis, you won’t need (or want) to create another account. So, you’ll simply update the information and it shouldn’t even bother with you. No muss, no fuss.
“Why create this?” Because the people who are supposed to be doing it right now aren’t. Since they can’t agree on one ID, someone needs to grab the bull by the horns and do it. If they (and their associated websites) don’t want to recognize and honor this ID for signing in, fine… You’ll have an ID that will be like a key to a vault. Inside the vault will be the ID’s that their sites WILL recognize and honor.
Let me know your comments and feelings on this subject. Why will it work, or why wouldn’t it work? Is there anyone out there that’s really working on something like this? I know a few claim to be, but are they really working on it?
Have a great day:)