What are your opinions on universal authentication services within information science? Do you see them as a method to stop the madness when it comes to having too many passwords, too many IDs, and too many databases and systems that are unwilling to speak to one another about who should grant access to whom? Or, do you see universal authentication as a frightening step toward information and identity “insecurity”?
I was an early adherent to Open-ID. To a certain degree, I still believe in its principles, and i still use an OpenID authentication service when I move around from blog to blog (albeit, not always with my real name). However, Open-ID and other authentication services only grant us the semblance of authority and certainty about the identities we carry with us in cyberspace. We need to remember that like any other alias, a person presented with an Open-ID authenticator is not necessarily who that person is. For instance, nothing is stopping me from generating a new GMail account and Blogspot service in my neighbour’s name and then masquerading as that person all over the internet. Given the current press and acclaim that Open-ID has generated, there stands a good chance that this apparent “authentication service” can grant me the perceived authority to be some one else, and many others will be taken in by the ruse. in this regard, OpenID has only brought more uncertainty to the Internet-and-identification debate.
Open-ID is not fail-safe by any stretch of the imagination. Like any system (even a de-centralized system such as this), Open-ID identities can be hacked. The risks involved with a hacked Open-ID account far outweigh a traditional identification service, though. Since one of the aims of Open-ID is the conflation of many of our logins and accounts into one universal identifier, a hacked Open-ID account offers a would-be hacker a chance to steal our identity on one service and then surf to other sites with it. If some one were to hack this WordPress account, for instance, he or she could surf with this login to many other blogsites and journal systems such as Blogspot and Livejournal and pose as my person to make comments. Other sites that support OpenID include Magnolia, CoComment, and SourceForge. Although this is a varied list of sites, it shows that a lot of damage could be made to some one’s identity (virtual or physical) and reputation if their universal ID was ever hacked.
And finally, Open-ID and other universal identifiers will have the effect of destroying whatever semblance of anonymity the internet once had. Whereas websites used to track us through cookies, now websites will track our movements by the identifiable and recognizable names we use. We will become as public on the Internet as our movement will allow. Whereas searching for “John Hancock” would yield an indiscernible amount of data about more than one person, searching for “johnhancock.wordpress.com” would return that person’s trail of breadcrumbs from one site he posted on to another. Open-IDs act like e-mail addresses in this regard – they will declare our identity. But now, they will declare our identity on any site that we comment on. It will make data-mining far too easy, and for a lot of people who aren’t prepared for this reality, it could create some unpleasant surprises in the future.
I’m not suggesting that Open-ID and universal authentication is a bogey-monster we must fear and avoid. Rather, I’m suggesting that there are legitimate reasons why large organizations and small groups alike have not yet signed on to the system. So far, Open-ID can create a universal identifier for anyone who wants it, and it will likely be an identifier housed or associated with a large IS/IT corporation such as Google, Yahoo, or AOL. This identifier won’t bring any more legitimate certainty to the notion of identification on the internet, but only add another layer of confusion to the nature of Self on the net. Identification remains a trust issue, and when it comes to Open-ID, I think it offers us a semblance of trust and certainty which never really existed in the first place.