OpenID has been garnering a lot of attention in recent months. Members of IS&T have been watching this technology trend. On February 6th, 2007 there was a joint announcement made by JanRain, Microsoft, Sxip, and Versign stating that they will collaborate between OpenID and Windows CardSpace. All of this begs and swer to the following questions:
- Will the IS&T Web Authentication project support the use of OpenID?
- Will the IS&T Web Authentication project enable users of OpenID to access some restricted MIT content?
- Will MIT users of the IS&T Web Authentication project be able to access content mediated by OpenID at other sites?
The answer to each of these questions is a qualified yes.
OpenID is an open, decentralized framework for user-centric digital identity. OpenID starts with the concept that anyone can identify themselves on the Internet the same way websites do-with a URI (also called a URL or web address). Since URIs are at the very core of Web architecture, they provide a foundation for user-centric identity. For more information, please visit the OpenID website.
Unfortunately, for our purposes, not all OpenIDs can be treated equally. The digital identity provider ProtectNetwork-ID does provide us with an intial bridging strategy. A ProtectNetwork-ID is an online digitial identity for end-users to use for securely accessing any site on the Internet that is protected using open standard technologies such as SAML, Shibboleth® or OpenID. It is likely that other commercial digital identity providers will offer similar services in the future.
Users that have an ID issued by ProtectNetwork-ID can use it with any Shibboleth® or OpenID enabled sites such as:
Any site within the InCommon Federation
Any site within the UK Access Management Federation
Any site within the University of Texas System Federation
The GridShib site
The Wiki site at Internet2
The TestShib site
Any OpenID enabled site
MIT can also establish a relationship with ProtectNetwork without joining any other Shibboleth federation. ProtectNetwork provides their ProtectNetwork Shibboleth IdP metadata online with instructions. As a site/federation manager, you may simply download our metadata and follow the install instructions. Alternately, you may coordinate this with our IdM support staff by contacting them at support AT protectnetwork DOT org.