Identity discovery is all about ‘me’. It is the process in which machines can learn about ‘me’ (the real person) and what my web preferences are. The objective of performing identity discovery is for machines to find and utilize the answers to the following questions (and many others):
- Who is this person?
- How to verify their identity?
- Where is their online content stored?
- What social networks do they use?
- What blogs do they read?
- Where is their profile photo stored?
- Where is their address book?
- What other identities do they have?
- How would they like to be contacted?
- Who are their friends?
Most individuals have some sort of web identity or presence – a blog page, social network profile, photo album, etc. This presence can be self hosted (GoDaddy, Dreamhost, a server running in the garage, etc.), or part of a larger service (such as Yahoo!, Facebook, TypePad, etc). The human-readable version of this online identity is what visitors see when they go to the web page where it is stored (using an HTTP URI and a web browser). This page, usually made of some flavor of HTML, might include a short bio, a photo, links to other sites, list of friends, recent updates, and other useful information.
The idea is that this page, just like an email address, provides a unique identifier in the form of a URI. But unlike email, it is much more powerful. Identity discovery automates the process of finding out more about a person by obtaining a machine-readable document that describes it. For example, by handing over the URI of my blog page to a social network, it should be able to find out where I keep my photos and videos, what other social networks I belong to, where to find my address book, and other information about me.
For most people the idea of a URI identifier sounds confusing but if you think about your favorite web provider (usually one of the big players: Yahoo!, MSN, AOL, and Google) where you get email, use an instant messenger, share photos, and participate in other activities, they all offer you some form of a profile page. That page already has some useful information about you and can be enhanced to become your online business card for both people and services.
LID introduced the concept of performing discovery on a URI to extract a machine-readable document which was later adopted by OpenID (via Yadis). The idea is, if you point a browser to your identity URI it will show a page with text and pictures for people to see, but if you use that same URI as your OpenID “username”, it can be used to find out who your identity provider is and how to get you there to sign-in. What this means is that the same resource – your online identity page – can be used by both people and machines to learn more about you. And since this resource has a URI, it provides an addressable identity.
While addressable identity is a powerful concept, we have only begun to fully appreciate the challenges it brings. Besides the obvious concerns about privacy and security, there are also issues of web architecture and usability (user experience). One of the principals of the W3C AWWW – Architecture of the World Wide Web – is that every resource must have its own unique identifier, and that an identifier for a person cannot be shared with an “information resource” describing that person or its interest (this is known as the httpRange-14 issue). In other words, my blog URI cannot be considered a URI for ‘me’. This of course, is still very much (just) an opinion.
As for usability, this is an area where the OpenID community is very active and is trying to find ways to enable people to use their existing web identity without having to manually type URIs and other very technical information. People like buttons, and a URI is very far from that.