Friday, August 05, 2005

Bringing Communities Together: Under One Login

One Login To Rule Them AllProblem: I frequent several different communities on a regular basis and I must maintain an individual profile on each of them.

Solution: One login to rule them all.

The monolithic dark lords of all that is digital tried to solve this problem; but they have failed... Users did not want to sell their private lives to the dark lords for the gift of easy identity management. The dark lords failed because their solution was not open.

But perhaps there's still a chance for mankind after all. Perhaps we can have a system that allows us to maintain a single user profile across all of the communities we frequent.

What it will look like.

When a user logs in, they're used to seeing a screen that looks something like this:

Old Login Screen

What if, instead, a user logged into a screen that looks like this:

New Login Screen

A user's "Home System" would simply be the domain for an "Identity Server" the user chose to use. This server would be running an open source software package freely available to anyone who wanted to setup his or her own server. Any number of users could potentially create an account on a given Identity Server.

How it would work.

Lets begin by looking at the Identity Server itself and what it actually does. Every online community has a system that stores a user's name and password and uses that information to authenticate them by having them log into the system. The Identity Server is, oversimplified, the place where the user's name and password are stored.

Now lets consider how community software would function with an Identity Server. When a user fills out a login form and hits submit, the community software takes the user's name and password and validates it with the Identity Server via SOAP over SSL. All of the user's community specific information - such as display preferences - would remain in the community software's database. However, all identity specific information would be obtained from the Identity Server.

This is some of what this system will let us do.

The Identity Server doesn't have to be restricted to a user's name and password. The system can also store a variety of profile, biographical, and reputation data. If a user were to visit a community for the first time, the user's new account could be auto-populated with information taken directly from the Identity Server.

Users who do not want to maintain accounts on an Identity Server don't have to be inconvenienced in any way. In fact, there's no reason why community software can't continue to function exactly the way it does now. Support for and Identity Server can simply be an additional feature to existing authentication methods.

An Identity Server system like the one describe here could easily support a variety of interesting permission systems. A community might run a black list of bad Identity Servers and prevent individuals on those systems from logging in. A more strict community might have a white list and only allow certain system in.

Identity Server hosting could be a new service. Service providers could charge a small regular fee for maintaining an account on a system. To stay off of black lists and on white lists, a service provider would make sure his/her system had a good reputation by governing the community of users on that system.

Communities could be connected in ways never before possible. Not unlike Amazon's product recommendations, a system might tell a user what other unexplored communities might interest a user based on his/her past activity. If you enjoy a user's posts on one system, you could easily find that same user's posts on other systems.

How we get there.

If we are ever to see a simple system like this happen, it will take a lot of work and a lot of collaboration. First, we must write reasonably secure server software. Then, we must start building plugins, modules, and patches so that existing software can take advantage of the servers. Next, we must make sure Identity Servers are available to and understood by the general public. The adoption of this system by major communities is crucial to the success of the system.

Once we have the basic stable system down, many new ideas never before thought of will suddenly become possible. I don't see this as if; I see this as when.


If you're inspired, make it known. If you're already working towards this goal, make it known. If you need my help, make it known. This will be a huge stride forward in establishing a cohesive online identity. I would like to see this happen.

No comments: