On Mar 23, 2007, at 2:41 PM, Jeremy Frumkin wrote:
Ok, so this is a good example for where I’m failing to see the advantage to OpenID over the current local authentication provided by a university / library. Why would I need to use OpenID as opposed to my current account that my library provides me? As I understand the current OpenURL workflow, OpenURL doesn’t do anything with authentication / authorization – that happens at the information source or at the institution’s proxy server. Again, OpenID doesn’t say anything about trust; it only speaks to authenticating that I am the owner of my OpenID URI.
In this case, it'd just be a standard (read: potentially browser- supported, yay Sxipper) way for me to say "I'm with University X." The experience is nice, and it's really easy to implement. Honestly though, for this application, you could do the same with a pulldown menu, or the Google Scholar "Find Library" trick. Ultimately, I'd hope to see libraries agree on a set of attributes for classifying patrons, building registries of trusted providers, and using this as basis for offering services outside our own institutions. (There's a "Mashing Up The Library" entrant floating around in my mind, with this idea as the basis...) Being the owner of an OpenID URI doesn't say anything about trust, but it *does* give you enough information to build a trust system, as you also know who issued the ID. You probably don't care that I'm 'njvack,' but you may well care that the University of Wisconsin *says* I'm 'njvack' -- if you know, a priori, that we're trustworthy. But for me, the really attractive part is that one really doesn't need a lot of external support (*cough* Shibboleth *cough*) to start playing around. Cheers, -Nate
