| By Kevin Fox | November 5th, 2007 | Comments [7]
I remember back when I went to school, we had to walk 18 miles through 5 feet of snow and once we finally arrived we had to remember multiple accounts/passwords/pins to access the myriad of online services the school expected us to use. Now that I am several years removed from the hallowed towers of academia I wonder, have things changed?
The answer, unfortunately, is no.
Why not OpenID?
There is no reason that I can see why OpenID couldn’t really help to solve problems in Government and educational institutions, specifically higher education. For those unfamiliar with OpenID, it is a simple protocol that allows you to safely and securely sign on to thousands of websites with a single username and password. Under the leadership and guidance of JanRain and other great companies, OpenID has evolved to be an easy to use single sign-on solution with over 140 million OpenID accounts created worldwide. To date, AOL, SUN, Verisign, Microsoft, France Telecom, Apple and many others have committed to OpenID making it a viable SSO solution for the future. Google trends shows an steady increase in interest in OpenID when compared to other comparable technologies. There is a good primer to OpenID which provides excellent information about the viability of OpenID here.
Is anyone currently using OpenID in the .edu space?
Yes, but only a couple of institutions…
- Massachusetts Institute of Technology runs it’s own OpenID server and hosts several OpenID projects:
- RunLog
- OpenLicense
- Decentralized Information Group - Breadcrumbs
- Modster
- FakeID
- SIMILE Project
- e.g. Appalachian - Firefox add-on that adds the ability to manage and use several OpenIDs to ease the login parts of your browsing experience.
- OpenCode
- Case Western Reserve University (Experimental)
- Blog post with some background on OpenID being integrated with CAS at Case
The students who pay tuition and who will graduate and become successful alumni who donate. Also, current alumni who want to see their alma mater supporting the latest and greatest technologies. As noted, with over 140 million OpenID accounts created (including all AOL users), and Apple supporting OpenID it is increasingly likely that students will be showing up to universities with their own online identities that they will wish to continue to use during their scholastic career and beyond. As an educational institution do you want to make it easy for potential and current students to access your current services? How about making it easy for alumni to affiliate themselves, engage with current students, or to login and donate?
What about the Future of OpenID?
The OpenID 2.0 specification has been written and is waiting on the approval of the OpenID community before being finalized. An official announcement is scheduled for the beginning of December. This new version of OpenID will deliver the ability to maintain your portable identity and reputation throughout the OpenID ecosystem. For example the OpenID 2.0 libraries JanRain has developed will support a feature called ‘Attribute Exchange’ which will allow site operators to query an OpenID account provider and (assuming permission is given) automatically fill in relevant personal information. No longer will students have to enter sensitive information on every different service they wish to access.
So while I exaggerate about the weather conditions endured during my education, there is no exaggeration when I say the lack of a good SSO for educational institutions is a very real issue.
November 6, 2007 at 5:15 am
Kevin, I completely agree. It would be great to see universities using OpenID for lightweight SSO needs. +1
November 6, 2007 at 9:52 pm
Good post with info on how OpenID could actually be put to use in higher education environments: http://willnorris.com/2007/11/try-reuse-catch-ex-reinvent
November 8, 2007 at 1:05 pm
@Kevin: actually that post had nothing to do with using OpenID in HigherEd… I was simply showing that there is an existing precedent for reusing existing attribute names rather than redefining them in a local namespace. Having now read this article and an old thread on the Educause IDM list, I’m definitely trying to collect my thoughts on the topic.
November 8, 2007 at 2:19 pm
Hi Will, thanks for the clarification. Any insights you have would be appreciated.
Cheers,
Kevin
December 10, 2007 at 7:44 am
Whilst I am an avid supporter of OpenID, I do not see what advantages it has over Shibboleth which has been in use for years already. I hope at my institute to be able to offer OpenID support for all of our users, but at present cost is the biggest obstacle, having looked at Atlassian Crowd.
December 10, 2007 at 7:48 am
Whilst I am an avid supporter of OpenID, I do not see what advantages this has over Shibboleth which has been in use for years.
I would like to be able to provide all accounts with OpenID capability in my institute, but at present the cost does not justify the benefits.
June 30, 2008 at 8:56 am
@Chaz6 The major advantage that OpenID has over Shibboleth is that the relying party is much easier to set up.
We are currently starting to use OpenID for lightweight identity management at the University of Bremen (Germany). Once you got an Identity Provider in place you can build other applications on top of the existing information without caring too much about reimplementing signup and account management stuff again and again. We set up a reference implementation for leveraging our IdP which is only a few lines of code… there aren’t that many hoops you have too jump through when you are using OpenID.
We are in the very early phase with just two relying parties that use the IdP, but as far as we can tell right now, this will simplify the creation of situated software at our university.
Thanks at Kevin for this nice post!
Bye,
Dennis