On Mar 23, 2007, at 2:41 PM, Jeremy Frumkin wrote:

Ok, so this is a good example for where I’m failing to see the
advantage to
OpenID over the current local authentication provided by a
university /
library. Why would I need to use OpenID as opposed to my current
account
that my library provides me? As I understand the current OpenURL
workflow,
OpenURL doesn’t do anything with authentication / authorization – that
happens at the information source or at the institution’s proxy
server.
Again, OpenID doesn’t say anything about trust; it only speaks to
authenticating that I am the owner of my OpenID URI.

In this case, it'd just be a standard (read: potentially browser-
supported, yay Sxipper) way for me to say "I'm with University X."
The experience is nice, and it's really easy to implement.

Honestly though, for this application, you could do the same with a
pulldown menu, or the Google Scholar "Find Library" trick.

Ultimately, I'd hope to see libraries agree on a set of attributes
for classifying patrons, building registries of trusted providers,
and using this as basis for offering services outside our own
institutions. (There's a "Mashing Up The Library" entrant floating
around in my mind, with this idea as the basis...)

Being the owner of an OpenID URI doesn't say anything about trust,
but it *does* give you enough information to build a trust system, as
you also know who issued the ID. You probably don't care that I'm
'njvack,' but you may well care that the University of Wisconsin
*says* I'm 'njvack' -- if you know, a priori, that we're trustworthy.

But for me, the really attractive part is that one really doesn't
need a lot of external support (*cough* Shibboleth *cough*) to start
playing around.

Cheers,
-Nate

Reply via email to